diff --git a/ChangeLog b/ChangeLog
index 3f210b25789bac56f8dad38b2f51e4d0500798f8..436ee5566135d1f7ef2d441bb3d6141c8be689d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2019-06-06 Niels Möller <nisse@lysator.liu.se>
+
+ Update for cmac changes, enabling const for the _message fucntions.
+ * siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument,
+ and use a local struct cmac128_ctx for message-specific state.
+ (siv_cmac_set_key): Take a struct cmac128_key as argument. Updated
+ callers.
+ (siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const
+ struct cmac128_key as argument. Updated callers.
+
+ * siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key
+ rather than struct cmac128_ctx.
+
+ * siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message)
+ (siv_cmac_aes256_decrypt_message): Likewise.
+ * siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message)
+ (siv_cmac_aes128_decrypt_message): The ctx argument made const.
+
2019-05-15 Niels Möller <nisse@lysator.liu.se>
* siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE):
@@ -38,6 +56,41 @@
* cmac-internal.h (_cmac128_block_mulx): New file, declare function.
* Makefile.in (DISTFILES): Added cmac-internal.h.
+2019-06-05 Niels Möller <nisse@lysator.liu.se>
+
+ Further separation of CMAC per-message state from the
+ message-independent subkeys, analogous to the gcm implementation.
+ * cmac.h (struct cmac128_ctx): Remove key, instead a struct
+ cmac128_key should be passed separately to functions that need it.
+ (CMAC128_CTX): Include both a struct cmac128_key and a struct
+ cmac128_ctx.
+ (CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly.
+
+ * cmac.c (cmac128_set_key): Change argument type from cmac128_ctx
+ to cmac128_key. Use a nettle_block16 for the constant zero block.
+ (cmac128_init): New function, to initialize a cmac128_ctx.
+ (cmac128_digest): Add cmac128_key argument. Move padding memset
+ into the block handling a partial block. Call cmac128_init to
+ reset state.
+
+2019-06-01 Niels Möller <nisse@lysator.liu.se>
+
+ * cmac.h (struct cmac128_key): New struct.
+ * cmac.h (struct cmac128_ctx): Use struct cmac128_key.
+ * cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
+
+2019-05-12 Niels Möller <nisse@lysator.liu.se>
+
+ Delete old libdes/openssl compatibility interface.
+ * des-compat.c: Delete file.
+ * des-compat.h: Delete file.
+ * testsuite/des-compat-test.c: Delete file.
+ * nettle.texinfo (Compatibility functions): Delete mention in documentation.
+
+2019-05-11 Niels Möller <nisse@lysator.liu.se>
+
+ * NEWS: More updates for Nettle-3.5.
+
2019-04-27 Niels Möller <nisse@lysator.liu.se>
From Simo Sorce:
diff --git a/Makefile.in b/Makefile.in
index e26ea3f4fe9ae1e9a40e9e32a453ea2f65c192ce..54e5f74178e2b6725ea870444af34a1c49c62094 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -94,7 +94,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
chacha-crypt.c chacha-core-internal.c \
chacha-poly1305.c chacha-poly1305-meta.c \
chacha-set-key.c chacha-set-nonce.c \
- ctr.c ctr16.c des.c des3.c des-compat.c \
+ ctr.c ctr16.c des.c des3.c \
eax.c eax-aes128.c eax-aes128-meta.c \
gcm.c gcm-aes.c \
gcm-aes128.c gcm-aes128-meta.c \
@@ -194,7 +194,7 @@ OPT_SOURCES = fat-x86_64.c fat-arm.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
base16.h base64.h bignum.h buffer.h camellia.h cast128.h \
cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \
- curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \
+ curve25519.h des.h dsa.h dsa-compat.h eax.h \
ecc-curve.h ecc.h ecdsa.h eddsa.h \
gcm.h gosthash94.h hmac.h \
knuth-lfib.h hkdf.h \
diff --git a/NEWS b/NEWS
index 492301be78483a8c24cc6d5018aa7884eb88212f..56d361eacd853d426debb4d699cb703aa4efc6bb 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,8 @@ NEWS for the Nettle 3.5 release
* Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos.
+ * Support for XTS mode, contributed by Simo Sorce.
+
Optimizations:
* Improved performance of the x86_64 AES implementation using
@@ -50,6 +52,22 @@ NEWS for the Nettle 3.5 release
operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve.
+ * In ARM fat builds, automatically select Neon implementation
+ of Chacha, where possible. Contributed by Yuriy M.
+ Kaminskiy.
+
+ Deleted features:
+
+ * The header file des-compat.h and everything declared therein
+ has been deleted, as announced earlier. This file provided a
+ subset of the old libdes/ssleay/openssl interface for DES
+ and triple-DES. DES is still supported, via the functions
+ declared in des.h.
+
+ * Functions using the old struct aes_ctx have been marked as
+ deprecated. Use the fixed key size interface instead, e.g.,
+ struct aes256_ctx, introduced in Nettle-3.0.
+
Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael
@@ -59,6 +77,17 @@ NEWS for the Nettle 3.5 release
gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad.
+ * The header file nettle-stdint.h, and corresponding autoconf
+ tests, have been deleted. Nettle now requires that the
+ compiler/libc provides <stdint.h>.
+
+ * The "example" program examples/eratosthenes.c has been
+ deleted.
+
+ * The contents of hash context structs, and the deprecated
+ aes_ctx struct, have been reorganized, to enable later
+ optimizations.
+
NEWS for the Nettle 3.4.1 release
This release fixes a few bugs, and makes the RSA private key
diff --git a/cmac.c b/cmac.c
index 2f15a74d81e6c0d3a402821a6596324dc1868c5b..70ce8132d9d15ffa2ecd8dda54fca22527f3346a 100644
--- a/cmac.c
+++ b/cmac.c
@@ -71,21 +71,24 @@ _cmac128_block_mulx(union nettle_block16 *dst,
#endif /* !WORDS_BIGENDIAN */
void
-cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher,
+cmac128_set_key(struct cmac128_key *key, const void *cipher,
nettle_cipher_func *encrypt)
{
- static const uint8_t const_zero[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- union nettle_block16 *L = &ctx->block;
- memset(ctx, 0, sizeof(*ctx));
+ static const union nettle_block16 zero_block;
+ union nettle_block16 L;
/* step 1 - generate subkeys k1 and k2 */
- encrypt(cipher, 16, L->b, const_zero);
+ encrypt(cipher, 16, L.b, zero_block.b);
- _cmac128_block_mulx(&ctx->K1, L);
- _cmac128_block_mulx(&ctx->K2, &ctx->K1);
+ _cmac128_block_mulx(&key->K1, &L);
+ _cmac128_block_mulx(&key->K2, &key->K1);
+}
+
+void
+cmac128_init(struct cmac128_ctx *ctx)
+{
+ memset(&ctx->X, 0, sizeof(ctx->X));
+ ctx->index = 0;
}
#define MIN(x,y) ((x)<(y)?(x):(y))
@@ -136,24 +139,23 @@ cmac128_update(struct cmac128_ctx *ctx, const void *cipher,
}
void
-cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
- nettle_cipher_func *encrypt,
- unsigned length,
- uint8_t *dst)
+cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
+ const void *cipher, nettle_cipher_func *encrypt,
+ unsigned length, uint8_t *dst)
{
union nettle_block16 Y;
- memset(ctx->block.b+ctx->index, 0, sizeof(ctx->block.b)-ctx->index);
-
/* re-use ctx->block for memxor output */
if (ctx->index < 16)
{
ctx->block.b[ctx->index] = 0x80;
- memxor(ctx->block.b, ctx->K2.b, 16);
+ memset(ctx->block.b + ctx->index + 1, 0, 16 - 1 - ctx->index);
+
+ memxor(ctx->block.b, key->K2.b, 16);
}
else
{
- memxor(ctx->block.b, ctx->K1.b, 16);
+ memxor(ctx->block.b, key->K1.b, 16);
}
memxor3(Y.b, ctx->block.b, ctx->X.b, 16);
@@ -170,6 +172,5 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
}
/* reset state for re-use */
- memset(&ctx->X, 0, sizeof(ctx->X));
- ctx->index = 0;
+ cmac128_init(ctx);
}
diff --git a/cmac.h b/cmac.h
index 6d107982273e65cff175a4f578c37d9a5c0134e3..3c5b7bea3e5537f2e2efedf8341bbb53394c255a 100644
--- a/cmac.h
+++ b/cmac.h
@@ -46,6 +46,7 @@ extern "C" {
#define CMAC128_DIGEST_SIZE 16
#define cmac128_set_key nettle_cmac128_set_key
+#define cmac128_init nettle_cmac128_init
#define cmac128_update nettle_cmac128_update
#define cmac128_digest nettle_cmac128_digest
#define cmac_aes128_set_key nettle_cmac_aes128_set_key
@@ -55,12 +56,14 @@ extern "C" {
#define cmac_aes256_update nettle_cmac_aes256_update
#define cmac_aes256_digest nettle_cmac_aes256_digest
-struct cmac128_ctx
+struct cmac128_key
{
- /* Key */
union nettle_block16 K1;
union nettle_block16 K2;
+};
+struct cmac128_ctx
+{
/* MAC state */
union nettle_block16 X;
@@ -70,21 +73,24 @@ struct cmac128_ctx
};
void
-cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher,
+cmac128_set_key(struct cmac128_key *key, const void *cipher,
nettle_cipher_func *encrypt);
+
+void
+cmac128_init(struct cmac128_ctx *ctx);
+
void
cmac128_update(struct cmac128_ctx *ctx, const void *cipher,
nettle_cipher_func *encrypt,
size_t msg_len, const uint8_t *msg);
void
-cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
- nettle_cipher_func *encrypt,
- unsigned length,
- uint8_t *digest);
+cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
+ const void *cipher, nettle_cipher_func *encrypt,
+ unsigned length, uint8_t *digest);
#define CMAC128_CTX(type) \
- { struct cmac128_ctx ctx; type cipher; }
+ { struct cmac128_key key; struct cmac128_ctx ctx; type cipher; }
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define CMAC128_SET_KEY(self, set_key, encrypt, cmac_key) \
@@ -92,20 +98,25 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
(set_key)(&(self)->cipher, (cmac_key)); \
if (0) (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0); \
- cmac128_set_key(&(self)->ctx, &(self)->cipher, \
- (nettle_cipher_func *) (encrypt)); \
+ cmac128_set_key(&(self)->key, &(self)->cipher, \
+ (nettle_cipher_func *) (encrypt)); \
+ cmac128_init(&(self)->ctx); \
} while (0)
#define CMAC128_UPDATE(self, encrypt, length, src) \
- cmac128_update(&(self)->ctx, &(self)->cipher, \
- (nettle_cipher_func *)encrypt, (length), (src))
+ (0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
+ (uint8_t *) 0, (const uint8_t *) 0) \
+ : cmac128_update(&(self)->ctx, &(self)->cipher, \
+ (nettle_cipher_func *)encrypt, \
+ (length), (src)))
#define CMAC128_DIGEST(self, encrypt, length, digest) \
(0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
- : cmac128_digest(&(self)->ctx, &(self)->cipher, \
- (nettle_cipher_func *) (encrypt), \
- (length), (digest)))
+ : cmac128_digest(&(self)->ctx, &(self)->key, \
+ &(self)->cipher, \
+ (nettle_cipher_func *) (encrypt), \
+ (length), (digest)))
struct cmac_aes128_ctx CMAC128_CTX(struct aes128_ctx);
diff --git a/des-compat.c b/des-compat.c
deleted file mode 100644
index 76dfb9c7370ddbd405cc471796e990036aec1ce9..0000000000000000000000000000000000000000
--- a/des-compat.c
+++ /dev/null
@@ -1,231 +0,0 @@
-/* des-compat.c
-
- The des block cipher, old libdes/openssl-style interface.
-
- Copyright (C) 2001 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-
-#include "des-compat.h"
-
-#include "cbc.h"
-#include "macros.h"
-#include "memxor.h"
-
-struct des_compat_des3 { const struct des_ctx *keys[3]; };
-
-static void
-des_compat_des3_encrypt(struct des_compat_des3 *ctx,
- size_t length, uint8_t *dst, const uint8_t *src)
-{
- nettle_des_encrypt(ctx->keys[0], length, dst, src);
- nettle_des_decrypt(ctx->keys[1], length, dst, dst);
- nettle_des_encrypt(ctx->keys[2], length, dst, dst);
-}
-
-static void
-des_compat_des3_decrypt(struct des_compat_des3 *ctx,
- size_t length, uint8_t *dst, const uint8_t *src)
-{
- nettle_des_decrypt(ctx->keys[2], length, dst, src);
- nettle_des_encrypt(ctx->keys[1], length, dst, dst);
- nettle_des_decrypt(ctx->keys[0], length, dst, dst);
-}
-
-void
-des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
- des_key_schedule k1,
- des_key_schedule k2,
- des_key_schedule k3, int enc)
-{
- struct des_compat_des3 keys;
- keys.keys[0] = k1;
- keys.keys[1] = k2;
- keys.keys[2] = k3;
-
- ((enc == DES_ENCRYPT) ? des_compat_des3_encrypt : des_compat_des3_decrypt)
- (&keys, DES_BLOCK_SIZE, *dst, *src);
-}
-
-/* If input is not a integral number of blocks, the final block is
- padded with zeros, no length field or anything like that. That's
- pretty broken, since it means that "$100" and "$100\0" always have
- the same checksum, but I think that's how it's supposed to work. */
-uint32_t
-des_cbc_cksum(const uint8_t *src, des_cblock *dst,
- long length, des_key_schedule ctx,
- const_des_cblock *iv)
-{
- /* FIXME: I'm not entirely sure how this function is supposed to
- * work, in particular what it should return, and if iv can be
- * modified. */
- uint8_t block[DES_BLOCK_SIZE];
-
- memcpy(block, *iv, DES_BLOCK_SIZE);
-
- while (length >= DES_BLOCK_SIZE)
- {
- memxor(block, src, DES_BLOCK_SIZE);
- nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
-
- src += DES_BLOCK_SIZE;
- length -= DES_BLOCK_SIZE;
- }
- if (length > 0)
- {
- memxor(block, src, length);
- nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
- }
- memcpy(*dst, block, DES_BLOCK_SIZE);
-
- return LE_READ_UINT32(block + 4);
-}
-
-void
-des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule ctx, des_cblock *iv,
- int enc)
-{
- switch (enc)
- {
- case DES_ENCRYPT:
- nettle_cbc_encrypt(ctx, (nettle_cipher_func *) des_encrypt,
- DES_BLOCK_SIZE, *iv,
- length, *dst, *src);
- break;
- case DES_DECRYPT:
- nettle_cbc_decrypt(ctx,
- (nettle_cipher_func *) des_decrypt,
- DES_BLOCK_SIZE, *iv,
- length, *dst, *src);
- break;
- default:
- abort();
- }
-}
-
-void
-des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule ctx, const_des_cblock *civ,
- int enc)
-{
- des_cblock iv;
-
- memcpy(iv, civ, DES_BLOCK_SIZE);
-
- des_ncbc_encrypt(src, dst, length, ctx, &iv, enc);
-}
-
-
-void
-des_ecb_encrypt(const_des_cblock *src, des_cblock *dst,
- des_key_schedule ctx,
- int enc)
-{
- ((enc == DES_ENCRYPT) ? nettle_des_encrypt : nettle_des_decrypt)
- (ctx, DES_BLOCK_SIZE, *dst, *src);
-}
-
-void
-des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule k1,
- des_key_schedule k2,
- des_key_schedule k3,
- des_cblock *iv,
- int enc)
-{
- struct des_compat_des3 keys;
- keys.keys[0] = k1;
- keys.keys[1] = k2;
- keys.keys[2] = k3;
-
- switch (enc)
- {
- case DES_ENCRYPT:
- nettle_cbc_encrypt(&keys, (nettle_cipher_func *) des_compat_des3_encrypt,
- DES_BLOCK_SIZE, *iv,
- length, *dst, *src);
- break;
- case DES_DECRYPT:
- nettle_cbc_decrypt(&keys, (nettle_cipher_func *) des_compat_des3_decrypt,
- DES_BLOCK_SIZE, *iv,
- length, *dst, *src);
- break;
- default:
- abort();
- }
-}
-
-int
-des_set_odd_parity(des_cblock *key)
-{
- nettle_des_fix_parity(DES_KEY_SIZE, *key, *key);
-
- /* FIXME: What to return? */
- return 0;
-}
-
-
-/* If des_check_key is non-zero, returns
- *
- * 0 for ok, -1 for bad parity, and -2 for weak keys.
- *
- * If des_check_key is zero (the default), always returns zero.
- */
-
-int des_check_key = 0;
-
-int
-des_key_sched(const_des_cblock *key, des_key_schedule ctx)
-{
- if (des_check_key && !des_check_parity (DES_KEY_SIZE, *key))
- /* Bad parity */
- return -1;
-
- if (!nettle_des_set_key(ctx, *key) && des_check_key)
- /* Weak key */
- return -2;
-
- return 0;
-}
-
-int
-des_is_weak_key(const_des_cblock *key)
-{
- struct des_ctx ctx;
-
- return !nettle_des_set_key(&ctx, *key);
-}
diff --git a/des-compat.h b/des-compat.h
deleted file mode 100644
index bda4e7595d47986f03c189cdf0c4a069551a99a1..0000000000000000000000000000000000000000
--- a/des-compat.h
+++ /dev/null
@@ -1,162 +0,0 @@
-/* des-compat.h
-
- The des block cipher, old libdes/openssl-style interface.
-
- Copyright (C) 2001 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef NETTLE_DES_COMPAT_H_INCLUDED
-#define NETTLE_DES_COMPAT_H_INCLUDED
-
-/* According to Assar, des_set_key, des_set_key_odd_parity,
- * des_is_weak_key, plus the encryption functions (des_*_encrypt and
- * des_cbc_cksum) would be a pretty useful subset. */
-
-/* NOTE: This is quite experimental, and not all functions are
- * implemented. Contributions, in particular test cases are welcome. */
-
-#include "des.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* We use some name mangling, to avoid collisions with either other
- * nettle functions or with libcrypto. */
-
-#define des_ecb3_encrypt nettle_openssl_des_ecb3_encrypt
-#define des_cbc_cksum nettle_openssl_des_cbc_cksum
-#define des_ncbc_encrypt nettle_openssl_des_ncbc_encrypt
-#define des_cbc_encrypt nettle_openssl_des_cbc_encrypt
-#define des_ecb_encrypt nettle_openssl_des_ecb_encrypt
-#define des_ede3_cbc_encrypt nettle_openssl_des_ede3_cbc_encrypt
-#define des_set_odd_parity nettle_openssl_des_set_odd_parity
-#define des_check_key nettle_openssl_des_check_key
-#define des_key_sched nettle_openssl_des_key_sched
-#define des_is_weak_key nettle_openssl_des_is_weak_key
-
-/* An extra alias */
-#undef des_set_key
-#define des_set_key nettle_openssl_des_key_sched
-
-enum { DES_DECRYPT = 0, DES_ENCRYPT = 1 };
-
-/* Types */
-typedef uint32_t DES_LONG;
-
-/* Note: Typedef:ed arrays should be avoided, but they're used here
- * for compatibility. */
-typedef struct des_ctx des_key_schedule[1];
-
-typedef uint8_t des_cblock[DES_BLOCK_SIZE];
-/* Note: The proper definition,
-
- typedef const uint8_t const_des_cblock[DES_BLOCK_SIZE];
-
- would have worked, *if* all the prototypes had used arguments like
- foo(const_des_cblock src, des_cblock dst), letting argument arrays
- "decay" into pointers of type uint8_t * and const uint8_t *.
-
- But since openssl's prototypes use *pointers* const_des_cblock *src,
- des_cblock *dst, this ends up in type conflicts, and the workaround
- is to not use const at all.
-*/
-#define const_des_cblock des_cblock
-
-/* Aliases */
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-/* Global flag */
-extern int des_check_key;
-
-/* Prototypes */
-
-/* Typing is a little confusing. Since both des_cblock and
- des_key_schedule are typedef:ed arrays, it automatically decay to
- a pointers.
-
- But the functions are declared taking pointers to des_cblock, i.e.
- pointers to arrays. And on the other hand, they take plain
- des_key_schedule arguments, which is equivalent to pointers to
- struct des_ctx. */
-void
-des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
- des_key_schedule k1,
- des_key_schedule k2,
- des_key_schedule k3, int enc);
-
-/* des_cbc_cksum in libdes returns a 32 bit integer, representing the
- * latter half of the output block, using little endian byte order. */
-uint32_t
-des_cbc_cksum(const uint8_t *src, des_cblock *dst,
- long length, des_key_schedule ctx,
- const_des_cblock *iv);
-
-/* NOTE: Doesn't update iv. */
-void
-des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule ctx, const_des_cblock *iv,
- int enc);
-
-/* Similar, but updates iv. */
-void
-des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule ctx, des_cblock *iv,
- int enc);
-
-void
-des_ecb_encrypt(const_des_cblock *src, des_cblock *dst,
- des_key_schedule ctx, int enc);
-
-void
-des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
- des_key_schedule k1,
- des_key_schedule k2,
- des_key_schedule k3,
- des_cblock *iv,
- int enc);
-
-int
-des_set_odd_parity(des_cblock *key);
-
-int
-des_key_sched(const_des_cblock *key, des_key_schedule ctx);
-
-int
-des_is_weak_key(const_des_cblock *key);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* NETTLE_DES_COMPAT_H_INCLUDED */
diff --git a/nettle.texinfo b/nettle.texinfo
index 6d31f2319320615c6a99655751d5ec8316bd964d..42385672935e526054501ecc84c97aea5accc042 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -3826,7 +3826,8 @@ the @acronym{AES} block cipher.
Nettle defines @acronym{CMAC} in @file{<nettle/cmac.h>}.
-@deftp {Context struct} {struct cmac128_ctx}
+@deftp {Context struct} {struct cmac_aes128_ctx}
+@deftpx {Context struct} {struct cmac_aes256_ctx}
@end deftp
@defvr Constant CMAC128_DIGEST_SIZE
@@ -5609,18 +5610,6 @@ Nettle defines a compatible interface to MD5 in
@code{MD5_CTX}, and declares the functions @code{MD5Init}, @code{MD5Update} and
@code{MD5Final}.
-Eric Young's ``libdes'' (also part of OpenSSL) is a quite popular DES
-implementation. Nettle includes a subset if its interface in
-@file{<nettle/des-compat.h>}. This file defines the typedefs
-@code{des_key_schedule} and @code{des_cblock}, two constants
-@code{DES_ENCRYPT} and @code{DES_DECRYPT}, and declares one global
-variable @code{des_check_key}, and the functions @code{des_cbc_cksum}
-@code{des_cbc_encrypt}, @code{des_ecb2_encrypt},
-@code{des_ecb3_encrypt}, @code{des_ecb_encrypt},
-@code{des_ede2_cbc_encrypt}, @code{des_ede3_cbc_encrypt},
-@code{des_is_weak_key}, @code{des_key_sched}, @code{des_ncbc_encrypt}
-@code{des_set_key}, and @code{des_set_odd_parity}.
-
@node Nettle soup, Installation, Reference, Top
@comment node-name, next, previous, up
@chapter Traditional Nettle Soup
diff --git a/siv-cmac-aes128.c b/siv-cmac-aes128.c
index 91dbd03613d120dbf8bd89fcc562a074e88f4e75..82ac16e91992f2f867ef1c854e894d083a68dba0 100644
--- a/siv-cmac-aes128.c
+++ b/siv-cmac-aes128.c
@@ -49,29 +49,29 @@
void
siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key)
{
- siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes128, key);
+ siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes128, key);
}
void
-siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx,
+siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src)
{
- siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes128, &ctx->siv_cipher,
+ siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
+ &nettle_aes128, &ctx->ctr_cipher,
nlength, nonce, alength, adata,
clength, dst, src);
}
int
-siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx,
+siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t mlength, uint8_t *dst, const uint8_t *src)
{
- return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes128, &ctx->siv_cipher,
+ return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
+ &nettle_aes128, &ctx->ctr_cipher,
nlength, nonce, alength, adata,
mlength, dst, src);
}
diff --git a/siv-cmac-aes256.c b/siv-cmac-aes256.c
index 1fb11ab22bd8c3c3a925b7db097c27b987c06660..9401bbf119c50592169068eeb06afd8040cea4c6 100644
--- a/siv-cmac-aes256.c
+++ b/siv-cmac-aes256.c
@@ -49,29 +49,29 @@
void
siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key)
{
- siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes256, key);
+ siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes256, key);
}
void
-siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx,
+siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src)
{
- siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes256, &ctx->siv_cipher,
+ siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
+ &nettle_aes256, &ctx->ctr_cipher,
nlength, nonce, alength, adata,
clength, dst, src);
}
int
-siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx,
- size_t nlength, const uint8_t *nonce,
- size_t alength, const uint8_t *adata,
- size_t mlength, uint8_t *dst, const uint8_t *src)
+siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t mlength, uint8_t *dst, const uint8_t *src)
{
- return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes256, &ctx->siv_cipher,
+ return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
+ &nettle_aes256, &ctx->ctr_cipher,
nlength, nonce, alength, adata,
mlength, dst, src);
}
diff --git a/siv-cmac.c b/siv-cmac.c
index 1debdc4b2797e857004e7f32499560b24a2816dc..f498cb863f5aa9de0522aa8384b8355ccf6fa6c4 100644
--- a/siv-cmac.c
+++ b/siv-cmac.c
@@ -51,34 +51,35 @@
* vectors if zero, are considered as S empty components */
static void
_siv_s2v (const struct nettle_cipher *nc,
- struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
+ const struct cmac128_key *cmac_key,
+ const void *cmac_cipher,
size_t alength, const uint8_t * adata,
size_t nlength, const uint8_t * nonce,
size_t plength, const uint8_t * pdata, uint8_t * v)
{
union nettle_block16 D, S, T;
static const union nettle_block16 const_zero = {.b = 0 };
-
+ struct cmac128_ctx cmac_ctx;
assert (nlength >= SIV_MIN_NONCE_SIZE);
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, const_zero.b);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, D.b);
+ cmac128_init(&cmac_ctx);
+ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, const_zero.b);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, D.b);
_cmac128_block_mulx (&D, &D);
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, alength, adata);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b);
+ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, alength, adata);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
memxor (D.b, S.b, 16);
_cmac128_block_mulx (&D, &D);
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, nlength, nonce);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b);
+ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, nlength, nonce);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
memxor (D.b, S.b, 16);
/* Sn */
if (plength >= 16)
{
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, plength - 16, pdata);
+ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, plength - 16, pdata);
pdata += plength - 16;
@@ -97,24 +98,24 @@ _siv_s2v (const struct nettle_cipher *nc,
memxor (T.b, pad.b, 16);
}
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, T.b);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, v);
+ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, T.b);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, v);
}
void
-siv_cmac_set_key (struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx,
+siv_cmac_set_key (struct cmac128_key *cmac_key, void *cmac_cipher, void *siv_cipher,
const struct nettle_cipher *nc, const uint8_t * key)
{
- nc->set_encrypt_key (cmac_cipher_ctx, key);
- cmac128_set_key (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt);
- nc->set_encrypt_key (cipher_ctx, key + nc->key_size);
+ nc->set_encrypt_key (cmac_cipher, key);
+ cmac128_set_key (cmac_key, cmac_cipher, nc->encrypt);
+ nc->set_encrypt_key (siv_cipher, key + nc->key_size);
}
void
-siv_cmac_encrypt_message (struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
+siv_cmac_encrypt_message (const struct cmac128_key *cmac_key,
+ const void *cmac_cipher,
const struct nettle_cipher *nc,
- const void *cipher_ctx,
+ const void *ctr_cipher,
size_t nlength, const uint8_t * nonce,
size_t alength, const uint8_t * adata,
size_t clength, uint8_t * dst, const uint8_t * src)
@@ -126,21 +127,21 @@ siv_cmac_encrypt_message (struct cmac128_ctx *siv_cmac_ctx,
slength = clength - SIV_DIGEST_SIZE;
/* create CTR nonce */
- _siv_s2v (nc, siv_cmac_ctx, cmac_cipher_ctx, alength, adata, nlength, nonce, slength, src, siv.b);
+ _siv_s2v (nc, cmac_key, cmac_cipher, alength, adata, nlength, nonce, slength, src, siv.b);
memcpy (dst, siv.b, SIV_DIGEST_SIZE);
siv.b[8] &= ~0x80;
siv.b[12] &= ~0x80;
- ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength,
+ ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength,
dst + SIV_DIGEST_SIZE, src);
}
int
-siv_cmac_decrypt_message (struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
+siv_cmac_decrypt_message (const struct cmac128_key *cmac_key,
+ const void *cmac_cipher,
const struct nettle_cipher *nc,
- const void *cipher_ctx,
+ const void *ctr_cipher,
size_t nlength, const uint8_t * nonce,
size_t alength, const uint8_t * adata,
size_t mlength, uint8_t * dst, const uint8_t * src)
@@ -152,12 +153,12 @@ siv_cmac_decrypt_message (struct cmac128_ctx *siv_cmac_ctx,
ctr.b[8] &= ~0x80;
ctr.b[12] &= ~0x80;
- ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, ctr.b,
+ ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, ctr.b,
mlength, dst, src + SIV_DIGEST_SIZE);
/* create CTR nonce */
_siv_s2v (nc,
- siv_cmac_ctx, cmac_cipher_ctx, alength, adata,
+ cmac_key, cmac_cipher, alength, adata,
nlength, nonce, mlength, dst, siv.b);
return memeql_sec (siv.b, src, SIV_DIGEST_SIZE);
diff --git a/siv-cmac.h b/siv-cmac.h
index 881a59bae0a9cfeec5f0bab4737a13d6fcddd9e4..c631a41e89dbb14002a0b6544ca48f46e57988d1 100644
--- a/siv-cmac.h
+++ b/siv-cmac.h
@@ -60,22 +60,22 @@ extern "C" {
#define SIV_MIN_NONCE_SIZE 1
void
-siv_cmac_set_key(struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx,
+siv_cmac_set_key(struct cmac128_key *cmac_key, void *cmac_cipher, void *ctr_cipher,
const struct nettle_cipher *nc,
const uint8_t *key);
void
-siv_cmac_encrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx,
+siv_cmac_encrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher_ctx,
const struct nettle_cipher *nc,
- const void *cipher_ctx,
+ const void *ctr_ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx,
+siv_cmac_decrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher,
const struct nettle_cipher *nc,
- const void *cipher_ctx,
+ const void *ctr_cipher,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t mlength, uint8_t *dst, const uint8_t *src);
@@ -85,7 +85,7 @@ siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_ciph
* prevents streaming processing and it incompatible with the AEAD API.
*/
-#define SIV_CMAC_CTX(type) { struct CMAC128_CTX(type) siv_cmac; type siv_cipher; }
+#define SIV_CMAC_CTX(type) { struct cmac128_key cmac_key; type cmac_cipher; type ctr_cipher; }
/* SIV_CMAC_AES128 */
#define SIV_CMAC_AES128_KEY_SIZE 32
@@ -96,13 +96,13 @@ void
siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key);
void
-siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx,
+siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx,
+siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t mlength, uint8_t *dst, const uint8_t *src);
@@ -116,13 +116,13 @@ void
siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key);
void
-siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx,
+siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src);
int
-siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx,
+siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t mlength, uint8_t *dst, const uint8_t *src);
diff --git a/testsuite/.gitignore b/testsuite/.gitignore
index 2a0d87ac82c63809a26f343a55505c83b4105ae9..066bcee2fb23fecd9ec11447162603427d437f20 100644
--- a/testsuite/.gitignore
+++ b/testsuite/.gitignore
@@ -19,7 +19,6 @@
/ctr-test
/curve25519-dh-test
/cxx-test
-/des-compat-test
/des-test
/des3-test
/dlopen-test
diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make
index f827175eaebd04eccd38a5d06e27e5a3fd8a5699..efb7df3cbf7a3f0f3efb531746bb9087b3efe19d 100644
--- a/testsuite/.test-rules.make
+++ b/testsuite/.test-rules.make
@@ -34,9 +34,6 @@ des-test$(EXEEXT): des-test.$(OBJEXT)
des3-test$(EXEEXT): des3-test.$(OBJEXT)
$(LINK) des3-test.$(OBJEXT) $(TEST_OBJS) -o des3-test$(EXEEXT)
-des-compat-test$(EXEEXT): des-compat-test.$(OBJEXT)
- $(LINK) des-compat-test.$(OBJEXT) $(TEST_OBJS) -o des-compat-test$(EXEEXT)
-
md2-test$(EXEEXT): md2-test.$(OBJEXT)
$(LINK) md2-test.$(OBJEXT) $(TEST_OBJS) -o md2-test$(EXEEXT)
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index 1bd42ffaf421cd3c39c1c1a0ebb31f0ab5f169cb..f8f85701ef3542c4a166ccce223a42544059363e 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -15,7 +15,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
base16-test.c base64-test.c \
camellia-test.c chacha-test.c \
cnd-memcpy-test.c \
- des-test.c des3-test.c des-compat-test.c \
+ des-test.c des3-test.c \
md2-test.c md4-test.c md5-test.c md5-compat-test.c \
memeql-test.c memxor-test.c gosthash94-test.c \
ripemd160-test.c hkdf-test.c \
diff --git a/testsuite/des-compat-test.c b/testsuite/des-compat-test.c
deleted file mode 100644
index 9e31f1c8ef9b24b1b85f3979b24f6b12aff98ebe..0000000000000000000000000000000000000000
--- a/testsuite/des-compat-test.c
+++ /dev/null
@@ -1,876 +0,0 @@
-/* crypto/des/destest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "des-compat.h"
-#include "testutils.h"
-
-/* tisk tisk - the test keys don't all have odd parity :-( */
-/* test data */
-#define NUM_TESTS 34
-static const_des_cblock key_data[NUM_TESTS] = {
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
- {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
- {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
- {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
- {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
- {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
- {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
- {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
- {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
- {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
- {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
- {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
- {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
- {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
- {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
- {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
- {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
- {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
- {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
- {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
- {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
- {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
-
-static unsigned char plain_data[NUM_TESTS][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
- {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
- {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
- {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
- {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
- {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
- {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
- {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
- {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
- {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
- {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
- {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
- {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
- {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
- {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
- {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
- {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
- {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
- {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
-
-static unsigned char cipher_data[NUM_TESTS][8]={
- {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
- {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
- {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
- {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
- {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
- {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
- {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
- {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
- {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
- {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
- {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
- {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
- {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
- {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
- {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
- {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
- {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
- {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
- {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
- {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
- {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
- {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
- {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
- {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
- {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
- {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
- {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
- {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
- {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
- {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
- {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
- {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
- {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
- {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
-
-static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
- {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
- {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
- {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
- {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
- {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
- {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
- {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
- {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
- {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
- {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
- {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
- {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
- {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
- {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
- {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
- {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
- {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
- {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
- {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
- {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
- {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
- {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
- {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
- {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
- {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
- {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
- {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
- {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
- {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
- {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
- {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
- {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
- {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
-
-static const_des_cblock cbc_key = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static const_des_cblock cbc2_key = {0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
-static const_des_cblock cbc3_key = {0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static const_des_cblock cbc_iv = {0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static const_des_cblock cbc_data[4] ={ "7654321 ", "Now is t", "he time ", "for " };
-
-static unsigned char cbc_ok[32]={
- 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
- 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
- 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
- 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-#if 0
-static unsigned char xcbc_ok[32]={
- 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
- 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
- 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
- 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
- };
-#endif
-
-static unsigned char cbc3_ok[32]={
- 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
- 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
- 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
- 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
-
-#if 0
-static unsigned char pcbc_ok[32]={
- 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
- 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
- 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
- 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
-#endif
-
-#if 0
-static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-static unsigned char plain[24]=
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,
- 0x20,0x74,0x68,0x65,0x20,0x74,
- 0x69,0x6d,0x65,0x20,0x66,0x6f,
- 0x72,0x20,0x61,0x6c,0x6c,0x20
- };
-static unsigned char cfb_cipher8[24]= {
- 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
- 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
-static unsigned char cfb_cipher16[24]={
- 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
- 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
-static unsigned char cfb_cipher32[24]={
- 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
- 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
-static unsigned char cfb_cipher48[24]={
- 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
- 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
-static unsigned char cfb_cipher64[24]={
- 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
- 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
-
-static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
-static unsigned char ofb_cipher[24]=
- {
- 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
- 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
- 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
- };
-#endif
-
-DES_LONG cbc_cksum_ret=0xB462FEF7L;
-unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-#ifndef NOPROTO
-static char *pt(const unsigned char *p);
-#if 0
-static int cfb_test(int bits, unsigned char *cfb_cipher);
-static int cfb64_test(unsigned char *cfb_cipher);
-static int ede_cfb64_test(unsigned char *cfb_cipher);
-#endif
-#else
-static char *pt();
-static int cfb_test();
-static int cfb64_test();
-static int ede_cfb64_test();
-#endif
-
-void
-test_main(void)
- {
- int i,j,err=0;
- des_cblock in, out, outin, iv3;
- des_key_schedule ks,ks2,ks3;
- des_cblock cbc_in[5];
- des_cblock cbc_out[5];
- DES_LONG cs;
- unsigned char cret[8];
-#if 0
- unsigned char qret[4][4];
- DES_LONG lqret[4];
- int num;
- char *str;
-#endif
- if (verbose) printf("Doing ecb\n");
- for (i=0; i<NUM_TESTS; i++)
- {
- if ((j=des_key_sched(&key_data[i], ks)) != 0)
- {
- printf("Key error %2d:%d\n",i+1,j);
- err=1;
- }
- memcpy(in,plain_data[i],8);
- memset(out,0,8);
- memset(outin,0,8);
- des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT);
- des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT);
-
- if (memcmp(out,cipher_data[i],8) != 0)
- {
- printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
- pt(out));
- err=1;
- }
- if (memcmp(in,outin,8) != 0)
- {
- printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
- err=1;
- }
- }
-
-#ifndef LIBDES_LIT
- if (verbose) printf("Doing ede ecb\n");
- for (i=0; i<(NUM_TESTS-1); i++)
- {
- if ((j=des_key_sched(&key_data[i], ks)) != 0)
- {
- err=1;
- printf("Key error %2d:%d\n",i+1,j);
- }
- if ((j=des_key_sched(&key_data[i+1],ks2)) != 0)
- {
- printf("Key error %2d:%d\n",i+2,j);
- err=1;
- }
- if (i+2 < NUM_TESTS && (j=des_key_sched(&key_data[i+2],ks3)) != 0)
- {
- printf("Key error %2d:%d\n",i+3,j);
- err=1;
- }
- memcpy(in,plain_data[i],8);
- memset(out,0,8);
- memset(outin,0,8);
- des_ecb2_encrypt(&in, &out, ks, ks2,
- DES_ENCRYPT);
- des_ecb2_encrypt(&out, &outin, ks, ks2,
- DES_DECRYPT);
-
- if (memcmp(out,cipher_ecb2[i],8) != 0)
- {
- printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
- pt(out));
- err=1;
- }
- if (memcmp(in,outin,8) != 0)
- {
- printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
- err=1;
- }
- }
-#endif
-
- if (verbose) printf("Doing cbc\n");
- if ((j=des_key_sched(&cbc_key, ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,sizeof(cbc_data));
- memset(cbc_in,0,sizeof(cbc_data));
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_data, cbc_out,
- sizeof(cbc_data), ks,
- &iv3, DES_ENCRYPT);
- if (memcmp(cbc_out,cbc_ok,32) != 0)
- printf("cbc_encrypt encrypt error\n");
-
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_out, cbc_in,
- sizeof(cbc_data),ks,
- &iv3,DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
- {
- printf("cbc_encrypt decrypt error\n");
- err=1;
- }
-
-#ifndef LIBDES_LIT
-#if 0
- if (verbose) printf("Doing desx cbc\n");
- if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,sizeof(cbc_data));
- memset(cbc_in,0,sizeof(cbc_data));
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
- sizeof(cbc_data), ks,
- (C_Block *)iv3,
- (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
- if (memcmp(cbc_out,xcbc_ok,32) != 0)
- {
- printf("des_xcbc_encrypt encrypt error\n");
- }
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
- sizeof(cbc_data), ks,
- (C_Block *)iv3,
- (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
- {
- printf("des_xcbc_encrypt decrypt error\n");
- err=1;
- }
-#endif
-#endif /* LIBDES_LIT */
-
- if (verbose) printf("Doing ede cbc\n");
- if ((j=des_key_sched(&cbc_key,ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,sizeof(cbc_data));
- memset(cbc_in,0,sizeof(cbc_data));
- i=sizeof(cbc_data);
- /* i=((i+7)/8)*8; */
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-
- des_ede3_cbc_encrypt( cbc_data, cbc_out,
- 16L, ks, ks2, ks3, &iv3, DES_ENCRYPT);
- des_ede3_cbc_encrypt( &cbc_data[2],
- &cbc_out[2],
- (long)i-16, ks, ks2, ks3, &iv3, DES_ENCRYPT);
- if (memcmp(cbc_out,cbc3_ok, sizeof(cbc_data)) != 0)
- {
- printf("des_ede3_cbc_encrypt encrypt error\n");
- err=1;
- }
-
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ede3_cbc_encrypt(cbc_out, cbc_in,
- (long)i, ks, ks2, ks3, &iv3, DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
- {
- printf("des_ede3_cbc_encrypt decrypt error\n");
- err=1;
- }
-
-#ifndef LIBDES_LIT
-#if 0
- printf("Doing pcbc\n");
- if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,sizeof(cbc_data));
- memset(cbc_in,0,sizeof(cbc_data));
- des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
- sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_ENCRYPT);
- if (memcmp(cbc_out,pcbc_ok,32) != 0)
- {
- printf("pcbc_encrypt encrypt error\n");
- err=1;
- }
- des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
- sizeof(cbc_data),ks,(C_Block *)cbc_iv,DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,sizeof(cbc_data)) != 0)
- {
- printf("pcbc_encrypt decrypt error\n");
- err=1;
- }
-
- printf("Doing ");
- printf("cfb8 ");
- err+=cfb_test(8,cfb_cipher8);
- printf("cfb16 ");
- err+=cfb_test(16,cfb_cipher16);
- printf("cfb32 ");
- err+=cfb_test(32,cfb_cipher32);
- printf("cfb48 ");
- err+=cfb_test(48,cfb_cipher48);
- printf("cfb64 ");
- err+=cfb_test(64,cfb_cipher64);
-
- printf("cfb64() ");
- err+=cfb64_test(cfb_cipher64);
-
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- for (i=0; i<sizeof(plain); i++)
- des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
- 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
- if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
- {
- printf("cfb_encrypt small encrypt error\n");
- err=1;
- }
-
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- for (i=0; i<sizeof(plain); i++)
- des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
- 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- printf("cfb_encrypt small decrypt error\n");
- err=1;
- }
-
- printf("ede_cfb64() ");
- err+=ede_cfb64_test(cfb_cipher64);
-
- printf("done\n");
-
- printf("Doing ofb\n");
- des_key_sched((C_Block *)ofb_key,ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
- (C_Block *)ofb_tmp);
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ofb_encrypt encrypt error\n");
-porintf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
-ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
-ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
- (C_Block *)ofb_tmp);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ofb_encrypt decrypt error\n");
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
-ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-plain[8+0], plain[8+1], plain[8+2], plain[8+3],
-plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
- err=1;
- }
-
- printf("Doing ofb64\n");
- des_key_sched((C_Block *)ofb_key,ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- memset(ofb_buf1,0,sizeof(ofb_buf1));
- memset(ofb_buf2,0,sizeof(ofb_buf1));
- num=0;
- for (i=0; i<sizeof(plain); i++)
- {
- des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
- (C_Block *)ofb_tmp,&num);
- }
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ofb64_encrypt encrypt error\n");
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- num=0;
- des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
- (C_Block *)ofb_tmp,&num);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ofb64_encrypt decrypt error\n");
- err=1;
- }
-
- printf("Doing ede_ofb64\n");
- des_key_sched((C_Block *)ofb_key,ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- memset(ofb_buf1,0,sizeof(ofb_buf1));
- memset(ofb_buf2,0,sizeof(ofb_buf1));
- num=0;
- for (i=0; i<sizeof(plain); i++)
- {
- des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
- (C_Block *)ofb_tmp,&num);
- }
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ede_ofb64_encrypt encrypt error\n");
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- num=0;
- des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
- ks,ks,(C_Block *)ofb_tmp,&num);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ede_ofb64_encrypt decrypt error\n");
- err=1;
- }
-#endif
-
- if (verbose) printf("Doing cbc_cksum\n");
- des_key_sched(&cbc_key,ks);
- cs=des_cbc_cksum(cbc_data[0], &cret,
- sizeof(cbc_data), ks, &cbc_iv);
- if (cs != cbc_cksum_ret)
- {
- printf("bad return value (%08lX), should be %08lX\n",
- (unsigned long)cs,(unsigned long)cbc_cksum_ret);
- err=1;
- }
- if (memcmp(cret,cbc_cksum_data,8) != 0)
- {
- printf("bad cbc_cksum block returned\n");
- err=1;
- }
-
-#if 0
- printf("Doing quad_cksum\n");
- cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
- sizeof(cbc_data),2,(C_Block *)cbc_iv);
- for (i=0; i<4; i++)
- {
- lqret[i]=0;
- memcpy(&(lqret[i]),&(qret[i][0]),4);
- }
- { /* Big-endian fix */
- static DES_LONG l=1;
- static unsigned char *c=(unsigned char *)&l;
- DES_LONG ll;
-
- if (!c[0])
- {
- ll=lqret[0]^lqret[3];
- lqret[0]^=ll;
- lqret[3]^=ll;
- ll=lqret[1]^lqret[2];
- lqret[1]^=ll;
- lqret[2]^=ll;
- }
- }
- if (cs != 0x70d7a63aL)
- {
- printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
- (unsigned long)cs);
- err=1;
- }
- if (lqret[0] != 0x327eba8dL)
- {
- printf("quad_cksum error, out[0] %08lx is not %08lx\n",
- (unsigned long)lqret[0],0x327eba8dL);
- err=1;
- }
- if (lqret[1] != 0x201a49ccL)
- {
- printf("quad_cksum error, out[1] %08lx is not %08lx\n",
- (unsigned long)lqret[1],0x201a49ccL);
- err=1;
- }
- if (lqret[2] != 0x70d7a63aL)
- {
- printf("quad_cksum error, out[2] %08lx is not %08lx\n",
- (unsigned long)lqret[2],0x70d7a63aL);
- err=1;
- }
- if (lqret[3] != 0x501c2c26L)
- {
- printf("quad_cksum error, out[3] %08lx is not %08lx\n",
- (unsigned long)lqret[3],0x501c2c26L);
- err=1;
- }
-#endif
-#endif /* LIBDES_LIT */
-#if 0
- printf("input word alignment test");
- for (i=0; i<4; i++)
- {
- printf(" %d",i);
- des_ncbc_encrypt( (des_cblock *) &(cbc_out[i]), (des_cblock *) cbc_in,
- sizeof(cbc_data), ks, &cbc_iv,
- DES_ENCRYPT);
- }
- printf("\noutput word alignment test");
- for (i=0; i<4; i++)
- {
- printf(" %d",i);
- des_ncbc_encrypt( (des_cblock *) cbc_out, (des_cblock *) &(cbc_in[i]),
- sizeof(cbc_data), ks, &cbc_iv,
- DES_ENCRYPT);
- }
- printf("\n");
-
- printf("fast crypt test ");
- str=crypt("testing","ef");
- if (strcmp("efGnQx2725bI2",str) != 0)
- {
- printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
- err=1;
- }
- str=crypt("bca76;23","yA");
- if (strcmp("yA1Rp/1hZXIJk",str) != 0)
- {
- printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
- err=1;
- }
- printf("\n");
-#endif
- ASSERT (err == 0);
- }
-
-static char *pt(const unsigned char *p)
- {
- static char bufs[10][20];
- static int bnum=0;
- char *ret;
- int i;
- static const char *f="0123456789ABCDEF";
-
- ret= &(bufs[bnum++][0]);
- bnum%=10;
- for (i=0; i<8; i++)
- {
- ret[i*2]=f[(p[i]>>4)&0xf];
- ret[i*2+1]=f[p[i]&0xf];
- }
- ret[16]='\0';
- return(ret);
- }
-
-#ifndef LIBDES_LIT
-#if 0
-static int cfb_test(bits, cfb_cipher)
-int bits;
-unsigned char *cfb_cipher;
- {
- des_key_schedule ks;
- int i,err=0;
-
- des_key_sched((C_Block *)cfb_key,ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
- (C_Block *)cfb_tmp,DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
- (C_Block *)cfb_tmp,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- return(err);
- }
-
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
- {
- des_key_schedule ks;
- int err=0,i,n;
-
- des_key_sched((C_Block *)cfb_key,ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
- (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
- des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- (long)sizeof(plain)-12,ks,
- (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
- (C_Block *)cfb_tmp,&n,DES_DECRYPT);
- des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)sizeof(plain)-17,ks,
- (C_Block *)cfb_tmp,&n,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-static int ede_cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
- {
- des_key_schedule ks;
- int err=0,i,n;
-
- des_key_sched((C_Block *)cfb_key,ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
- (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
- des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- (long)sizeof(plain)-12,ks,ks,ks,
- (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("ede_cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
- (C_Block *)cfb_tmp,&n,DES_DECRYPT);
- des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)sizeof(plain)-17,ks,ks,ks,
- (C_Block *)cfb_tmp,&n,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("ede_cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-#endif
-#endif /* LIBDES_LIT */
-