1 /* $OpenBSD: e_des3.c,v 1.25 2022/09/15 07:04:19 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <string.h> 62 63 #include <openssl/opensslconf.h> 64 65 #ifndef OPENSSL_NO_DES 66 67 #include <openssl/des.h> 68 #include <openssl/evp.h> 69 #include <openssl/objects.h> 70 71 #include "evp_locl.h" 72 73 typedef struct { 74 DES_key_schedule ks1;/* key schedule */ 75 DES_key_schedule ks2;/* key schedule (for ede) */ 76 DES_key_schedule ks3;/* key schedule (for ede3) */ 77 } DES_EDE_KEY; 78 79 #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) 80 81 static int 82 des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 83 const unsigned char *iv, int enc) 84 { 85 DES_cblock *deskey = (DES_cblock *)key; 86 87 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); 88 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); 89 memcpy(&data(ctx)->ks3, &data(ctx)->ks1, 90 sizeof(data(ctx)->ks1)); 91 return 1; 92 } 93 94 static int 95 des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 96 const unsigned char *iv, int enc) 97 { 98 DES_cblock *deskey = (DES_cblock *)key; 99 100 101 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); 102 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); 103 DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); 104 return 1; 105 } 106 107 static int 108 des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 109 { 110 DES_cblock *deskey = ptr; 111 112 switch (type) { 113 case EVP_CTRL_RAND_KEY: 114 if (DES_random_key(deskey) == 0) 115 return 0; 116 if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) 117 return 0; 118 if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) 119 return 0; 120 return 1; 121 122 default: 123 return -1; 124 } 125 } 126 127 static int 128 des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 129 const unsigned char *in, size_t inl) 130 { 131 size_t i, bl; 132 133 bl = ctx->cipher->block_size; 134 135 if (inl < bl) 136 return 1; 137 138 inl -= bl; 139 140 for (i = 0; i <= inl; i += bl) 141 DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), 142 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); 143 144 return 1; 145 } 146 147 static int 148 des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 149 const unsigned char *in, size_t inl) 150 { 151 size_t chunk = LONG_MAX & ~0xff; 152 153 while (inl >= chunk) { 154 DES_ede3_ofb64_encrypt(in, out, (long)chunk, 155 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 156 (DES_cblock *)ctx->iv, &ctx->num); 157 inl -= chunk; 158 in += chunk; 159 out += chunk; 160 } 161 if (inl) 162 DES_ede3_ofb64_encrypt(in, out, (long)inl, 163 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 164 (DES_cblock *)ctx->iv, &ctx->num); 165 166 return 1; 167 } 168 169 static int 170 des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 171 const unsigned char *in, size_t inl) 172 { 173 size_t chunk = LONG_MAX & ~0xff; 174 175 while (inl >= chunk) { 176 DES_ede3_cbc_encrypt(in, out, (long)chunk, 177 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 178 (DES_cblock *)ctx->iv, ctx->encrypt); 179 inl -= chunk; 180 in += chunk; 181 out += chunk; 182 } 183 if (inl) 184 DES_ede3_cbc_encrypt(in, out, (long)inl, 185 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 186 (DES_cblock *)ctx->iv, ctx->encrypt); 187 return 1; 188 } 189 190 static int 191 des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 192 const unsigned char *in, size_t inl) 193 { 194 size_t chunk = LONG_MAX & ~0xff; 195 196 while (inl >= chunk) { 197 DES_ede3_cfb64_encrypt(in, out, (long)chunk, 198 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 199 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 200 inl -= chunk; 201 in += chunk; 202 out += chunk; 203 } 204 if (inl) 205 DES_ede3_cfb64_encrypt(in, out, (long)inl, 206 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 207 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 208 return 1; 209 } 210 211 /* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right 212 way, so wrap it here */ 213 static int 214 des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 215 const unsigned char *in, size_t inl) 216 { 217 unsigned char c[1], d[1]; 218 size_t n; 219 220 if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) 221 inl *= 8; 222 223 for (n = 0; n < inl; ++n) { 224 c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0; 225 DES_ede3_cfb_encrypt(c, d, 1, 1, 226 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 227 (DES_cblock *)ctx->iv, ctx->encrypt); 228 out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | 229 ((d[0] & 0x80) >> (unsigned int)(n % 8)); 230 } 231 232 return 1; 233 } 234 235 static int 236 des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 237 const unsigned char *in, size_t inl) 238 { 239 size_t chunk = LONG_MAX & ~0xff; 240 241 while (inl >= chunk) { 242 DES_ede3_cfb_encrypt(in, out, 8, (long)chunk, 243 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 244 (DES_cblock *)ctx->iv, ctx->encrypt); 245 inl -= chunk; 246 in += chunk; 247 out += chunk; 248 } 249 if (inl) 250 DES_ede3_cfb_encrypt(in, out, 8, (long)inl, 251 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 252 (DES_cblock *)ctx->iv, ctx->encrypt); 253 return 1; 254 } 255 256 static const EVP_CIPHER des_ede_cbc = { 257 .nid = NID_des_ede_cbc, 258 .block_size = 8, 259 .key_len = 16, 260 .iv_len = 8, 261 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, 262 .init = des_ede_init_key, 263 .do_cipher = des_ede_cbc_cipher, 264 .cleanup = NULL, 265 .ctx_size = sizeof(DES_EDE_KEY), 266 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 267 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 268 .ctrl = des3_ctrl, 269 .app_data = NULL, 270 }; 271 272 const EVP_CIPHER * 273 EVP_des_ede_cbc(void) 274 { 275 return &des_ede_cbc; 276 } 277 278 static const EVP_CIPHER des_ede_cfb64 = { 279 .nid = NID_des_ede_cfb64, 280 .block_size = 1, 281 .key_len = 16, 282 .iv_len = 8, 283 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 284 .init = des_ede_init_key, 285 .do_cipher = des_ede_cfb64_cipher, 286 .cleanup = NULL, 287 .ctx_size = sizeof(DES_EDE_KEY), 288 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 289 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 290 .ctrl = des3_ctrl, 291 .app_data = NULL, 292 }; 293 294 const EVP_CIPHER * 295 EVP_des_ede_cfb64(void) 296 { 297 return &des_ede_cfb64; 298 } 299 300 static const EVP_CIPHER des_ede_ofb = { 301 .nid = NID_des_ede_ofb64, 302 .block_size = 1, 303 .key_len = 16, 304 .iv_len = 8, 305 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, 306 .init = des_ede_init_key, 307 .do_cipher = des_ede_ofb_cipher, 308 .cleanup = NULL, 309 .ctx_size = sizeof(DES_EDE_KEY), 310 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 311 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 312 .ctrl = des3_ctrl, 313 .app_data = NULL, 314 }; 315 316 const EVP_CIPHER * 317 EVP_des_ede_ofb(void) 318 { 319 return &des_ede_ofb; 320 } 321 322 static const EVP_CIPHER des_ede_ecb = { 323 .nid = NID_des_ede_ecb, 324 .block_size = 8, 325 .key_len = 16, 326 .iv_len = 0, 327 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, 328 .init = des_ede_init_key, 329 .do_cipher = des_ede_ecb_cipher, 330 .cleanup = NULL, 331 .ctx_size = sizeof(DES_EDE_KEY), 332 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 333 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 334 .ctrl = des3_ctrl, 335 .app_data = NULL, 336 }; 337 338 const EVP_CIPHER * 339 EVP_des_ede_ecb(void) 340 { 341 return &des_ede_ecb; 342 } 343 344 345 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher 346 #define des_ede3_ofb_cipher des_ede_ofb_cipher 347 #define des_ede3_cbc_cipher des_ede_cbc_cipher 348 #define des_ede3_ecb_cipher des_ede_ecb_cipher 349 350 static const EVP_CIPHER des_ede3_cbc = { 351 .nid = NID_des_ede3_cbc, 352 .block_size = 8, 353 .key_len = 24, 354 .iv_len = 8, 355 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, 356 .init = des_ede3_init_key, 357 .do_cipher = des_ede3_cbc_cipher, 358 .cleanup = NULL, 359 .ctx_size = sizeof(DES_EDE_KEY), 360 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 361 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 362 .ctrl = des3_ctrl, 363 .app_data = NULL, 364 }; 365 366 const EVP_CIPHER * 367 EVP_des_ede3_cbc(void) 368 { 369 return &des_ede3_cbc; 370 } 371 372 static const EVP_CIPHER des_ede3_cfb64 = { 373 .nid = NID_des_ede3_cfb64, 374 .block_size = 1, 375 .key_len = 24, 376 .iv_len = 8, 377 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 378 .init = des_ede3_init_key, 379 .do_cipher = des_ede3_cfb64_cipher, 380 .cleanup = NULL, 381 .ctx_size = sizeof(DES_EDE_KEY), 382 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 383 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 384 .ctrl = des3_ctrl, 385 .app_data = NULL, 386 }; 387 388 const EVP_CIPHER * 389 EVP_des_ede3_cfb64(void) 390 { 391 return &des_ede3_cfb64; 392 } 393 394 static const EVP_CIPHER des_ede3_ofb = { 395 .nid = NID_des_ede3_ofb64, 396 .block_size = 1, 397 .key_len = 24, 398 .iv_len = 8, 399 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, 400 .init = des_ede3_init_key, 401 .do_cipher = des_ede3_ofb_cipher, 402 .cleanup = NULL, 403 .ctx_size = sizeof(DES_EDE_KEY), 404 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 405 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 406 .ctrl = des3_ctrl, 407 .app_data = NULL, 408 }; 409 410 const EVP_CIPHER * 411 EVP_des_ede3_ofb(void) 412 { 413 return &des_ede3_ofb; 414 } 415 416 static const EVP_CIPHER des_ede3_ecb = { 417 .nid = NID_des_ede3_ecb, 418 .block_size = 8, 419 .key_len = 24, 420 .iv_len = 0, 421 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, 422 .init = des_ede3_init_key, 423 .do_cipher = des_ede3_ecb_cipher, 424 .cleanup = NULL, 425 .ctx_size = sizeof(DES_EDE_KEY), 426 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 427 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 428 .ctrl = des3_ctrl, 429 .app_data = NULL, 430 }; 431 432 const EVP_CIPHER * 433 EVP_des_ede3_ecb(void) 434 { 435 return &des_ede3_ecb; 436 } 437 438 439 static const EVP_CIPHER des_ede3_cfb1 = { 440 .nid = NID_des_ede3_cfb1, 441 .block_size = 1, 442 .key_len = 24, 443 .iv_len = 8, 444 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 445 .init = des_ede3_init_key, 446 .do_cipher = des_ede3_cfb1_cipher, 447 .cleanup = NULL, 448 .ctx_size = sizeof(DES_EDE_KEY), 449 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 450 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 451 .ctrl = des3_ctrl, 452 .app_data = NULL, 453 }; 454 455 const EVP_CIPHER * 456 EVP_des_ede3_cfb1(void) 457 { 458 return &des_ede3_cfb1; 459 } 460 461 462 static const EVP_CIPHER des_ede3_cfb8 = { 463 .nid = NID_des_ede3_cfb8, 464 .block_size = 1, 465 .key_len = 24, 466 .iv_len = 8, 467 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 468 .init = des_ede3_init_key, 469 .do_cipher = des_ede3_cfb8_cipher, 470 .cleanup = NULL, 471 .ctx_size = sizeof(DES_EDE_KEY), 472 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 473 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 474 .ctrl = des3_ctrl, 475 .app_data = NULL, 476 }; 477 478 const EVP_CIPHER * 479 EVP_des_ede3_cfb8(void) 480 { 481 return &des_ede3_cfb8; 482 } 483 484 const EVP_CIPHER * 485 EVP_des_ede(void) 486 { 487 return &des_ede_ecb; 488 } 489 490 const EVP_CIPHER * 491 EVP_des_ede3(void) 492 { 493 return &des_ede3_ecb; 494 } 495 #endif 496