xref: /openbsd/regress/sys/crypto/enc/des3.c (revision 49a6e16f) 
1*49a6e16fSderaadt /*      $OpenBSD: des3.c,v 1.10 2021/12/13 16:56:49 deraadt Exp $  */
238fc82d7Smarkus 
338fc82d7Smarkus /*
4b1f2d429Smiod  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
538fc82d7Smarkus  *
638fc82d7Smarkus  * Redistribution and use in source and binary forms, with or without
738fc82d7Smarkus  * modification, are permitted provided that the following conditions
838fc82d7Smarkus  * are met:
938fc82d7Smarkus  * 1. Redistributions of source code must retain the above copyright
1038fc82d7Smarkus  *    notice, this list of conditions and the following disclaimer.
1138fc82d7Smarkus  * 2. Redistributions in binary form must reproduce the above copyright
1238fc82d7Smarkus  *    notice, this list of conditions and the following disclaimer in the
1338fc82d7Smarkus  *    documentation and/or other materials provided with the distribution.
1438fc82d7Smarkus  *
1538fc82d7Smarkus  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1638fc82d7Smarkus  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1738fc82d7Smarkus  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1838fc82d7Smarkus  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1938fc82d7Smarkus  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2038fc82d7Smarkus  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2138fc82d7Smarkus  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2238fc82d7Smarkus  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2338fc82d7Smarkus  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2438fc82d7Smarkus  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2538fc82d7Smarkus  */
2638fc82d7Smarkus 
27518a92deSjsg #include <openssl/des.h>
2877bbac65Sfgsch #include <err.h>
2977bbac65Sfgsch #include <fcntl.h>
3077bbac65Sfgsch #include <stdio.h>
3177bbac65Sfgsch #include <stdlib.h>
3277bbac65Sfgsch #include <string.h>
3377bbac65Sfgsch #include <unistd.h>
3438fc82d7Smarkus 
354e258b0bSmikeb /* Stubs */
364e258b0bSmikeb 
374e258b0bSmikeb u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
384e258b0bSmikeb 
394e258b0bSmikeb u_int32_t
deflate_global(u_int8_t * data,u_int32_t size,int comp,u_int8_t ** out)404e258b0bSmikeb deflate_global(u_int8_t *data, u_int32_t size, int comp, u_int8_t **out)
414e258b0bSmikeb {
424e258b0bSmikeb 	return 0;
434e258b0bSmikeb }
444e258b0bSmikeb 
454e258b0bSmikeb void	explicit_bzero(void *, size_t);
464e258b0bSmikeb 
474e258b0bSmikeb void
explicit_bzero(void * b,size_t len)484e258b0bSmikeb explicit_bzero(void *b, size_t len)
494e258b0bSmikeb {
504e258b0bSmikeb 	bzero(b, len);
514e258b0bSmikeb }
524e258b0bSmikeb 
534e258b0bSmikeb 
544e258b0bSmikeb /* Simulate CBC mode */
554e258b0bSmikeb 
56db3296cfSderaadt static int
docrypt(const unsigned char * key,size_t klen,const unsigned char * iv0,const unsigned char * in,unsigned char * out,size_t len,int encrypt)574e258b0bSmikeb docrypt(const unsigned char *key, size_t klen, const unsigned char *iv0,
5838fc82d7Smarkus     const unsigned char *in, unsigned char *out, size_t len, int encrypt)
5938fc82d7Smarkus {
604e258b0bSmikeb 	u_int8_t block[8], iv[8], iv2[8], *ivp = iv, *nivp;
614e258b0bSmikeb 	u_int8_t ctx[384];
624e258b0bSmikeb 	int i, j, error = 0;
6338fc82d7Smarkus 
644e258b0bSmikeb 	memcpy(iv, iv0, 8);
654e258b0bSmikeb 	memset(ctx, 0, sizeof(ctx));
664e258b0bSmikeb 	error = des3_setkey(ctx, key, klen);
674e258b0bSmikeb 	if (error)
684e258b0bSmikeb 		return -1;
694e258b0bSmikeb 	for (i = 0; i < len / 8; i ++) {
704e258b0bSmikeb 		bcopy(in, block, 8);
714e258b0bSmikeb 		in += 8;
724e258b0bSmikeb 		if (encrypt) {
734e258b0bSmikeb 			for (j = 0; j < 8; j++)
744e258b0bSmikeb 				block[j] ^= ivp[j];
754e258b0bSmikeb 			des3_encrypt(ctx, block);
764e258b0bSmikeb 			memcpy(ivp, block, 8);
774e258b0bSmikeb 		} else {
784e258b0bSmikeb 			nivp = ivp == iv ? iv2 : iv;
794e258b0bSmikeb 			memcpy(nivp, block, 8);
804e258b0bSmikeb 			des3_decrypt(ctx, block);
814e258b0bSmikeb 			for (j = 0; j < 8; j++)
824e258b0bSmikeb 				block[j] ^= ivp[j];
834e258b0bSmikeb 			ivp = nivp;
8438fc82d7Smarkus 		}
854e258b0bSmikeb 		bcopy(block, out, 8);
864e258b0bSmikeb 		out += 8;
8738fc82d7Smarkus 	}
884e258b0bSmikeb 	return 0;
8938fc82d7Smarkus }
9038fc82d7Smarkus 
91db3296cfSderaadt static int
match(unsigned char * a,unsigned char * b,size_t len)9238fc82d7Smarkus match(unsigned char *a, unsigned char *b, size_t len)
9338fc82d7Smarkus {
9438fc82d7Smarkus 	int i;
9538fc82d7Smarkus 
9638fc82d7Smarkus 	if (memcmp(a, b, len) == 0)
9738fc82d7Smarkus 		return (1);
9838fc82d7Smarkus 
9938fc82d7Smarkus 	warnx("decrypt/plaintext mismatch");
10038fc82d7Smarkus 
10138fc82d7Smarkus 	for (i = 0; i < len; i++)
10238fc82d7Smarkus 		printf("%2.2x", a[i]);
10338fc82d7Smarkus 	printf("\n");
10438fc82d7Smarkus 	for (i = 0; i < len; i++)
10538fc82d7Smarkus 		printf("%2.2x", b[i]);
10638fc82d7Smarkus 	printf("\n");
10738fc82d7Smarkus 
10838fc82d7Smarkus 	return (0);
10938fc82d7Smarkus }
11038fc82d7Smarkus 
11138fc82d7Smarkus #define SZ 16
11238fc82d7Smarkus 
11338fc82d7Smarkus int
main(int argc,char ** argv)11438fc82d7Smarkus main(int argc, char **argv)
11538fc82d7Smarkus {
116518a92deSjsg 	DES_key_schedule ks1, ks2, ks3;
11738fc82d7Smarkus 	unsigned char iv0[8], iv[8], key[24] = "012345670123456701234567";
11838fc82d7Smarkus 	unsigned char b1[SZ], b2[SZ];
1194e258b0bSmikeb 	int i, fail = 0;
1200b0d1afdSwcobb 	u_int32_t rand = 0;
12138fc82d7Smarkus 
12238fc82d7Smarkus 	/* setup data and iv */
123066b86bbSmarkus 	for (i = 0; i < sizeof(b1); i++ ) {
124066b86bbSmarkus 		if (i % 4 == 0)
125066b86bbSmarkus                         rand = arc4random();
126066b86bbSmarkus 		b1[i] = rand;
127066b86bbSmarkus 		rand >>= 8;
128066b86bbSmarkus 	}
129066b86bbSmarkus 	for (i = 0; i < sizeof(iv0); i++ ) {
130066b86bbSmarkus 		if (i % 4 == 0)
131066b86bbSmarkus                         rand = arc4random();
132066b86bbSmarkus 		iv0[i] = rand;
133066b86bbSmarkus 		rand >>= 8;
134066b86bbSmarkus 	}
13538fc82d7Smarkus 	memset(b2, 0, sizeof(b2));
13638fc82d7Smarkus 
13738fc82d7Smarkus 	/* keysetup for software */
138518a92deSjsg         DES_set_key((void *) key, &ks1);
139518a92deSjsg         DES_set_key((void *) (key+8), &ks2);
140518a92deSjsg         DES_set_key((void *) (key+16), &ks3);
14138fc82d7Smarkus 
14238fc82d7Smarkus 	/* encrypt with software, decrypt with /dev/crypto */
14338fc82d7Smarkus 	memcpy(iv, iv0, sizeof(iv0));
144518a92deSjsg         DES_ede3_cbc_encrypt((void *)b1, (void*)b2, sizeof(b1), &ks1, &ks2,
145518a92deSjsg 	    &ks3, (void*)iv, DES_ENCRYPT);
14638fc82d7Smarkus 	memcpy(iv, iv0, sizeof(iv0));
1474e258b0bSmikeb 	if (docrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) {
1484e258b0bSmikeb 		warnx("decryption failed");
14938fc82d7Smarkus 		fail++;
15038fc82d7Smarkus 	}
15138fc82d7Smarkus 	if (!match(b1, b2, sizeof(b1)))
15238fc82d7Smarkus 		fail++;
15338fc82d7Smarkus 	else
1544e258b0bSmikeb 		printf("ok, decrypted\n");
15538fc82d7Smarkus 
1564e258b0bSmikeb 	/* encrypt with kernel functions, decrypt with openssl */
157d2aeb638Smarkus 	memset(b2, 0, sizeof(b2));
15838fc82d7Smarkus 	memcpy(iv, iv0, sizeof(iv0));
1594e258b0bSmikeb 	if (docrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) {
1604e258b0bSmikeb 		warnx("encryption failed");
16138fc82d7Smarkus 		fail++;
16238fc82d7Smarkus 	}
16338fc82d7Smarkus 	memcpy(iv, iv0, sizeof(iv0));
164518a92deSjsg         DES_ede3_cbc_encrypt((void *)b2, (void*)b2, sizeof(b1), &ks1, &ks2,
165518a92deSjsg 	    &ks3, (void*)iv, DES_DECRYPT);
16638fc82d7Smarkus 	if (!match(b1, b2, sizeof(b1)))
16738fc82d7Smarkus 		fail++;
16838fc82d7Smarkus 	else
1694e258b0bSmikeb 		printf("ok, encrypted\n");
17038fc82d7Smarkus 
17138fc82d7Smarkus 	exit((fail > 0) ? 1 : 0);
17238fc82d7Smarkus }
173