Index: head/secure/lib/libdes/Makefile.ssl =================================================================== --- head/secure/lib/libdes/Makefile.ssl (revision 17330) +++ head/secure/lib/libdes/Makefile.ssl (revision 17331) @@ -1,92 +1,94 @@ # # SSLeay/crypto/des/Makefile # DIR= des TOP= ../.. CC= cc INCLUDES= CFLAG=-g INSTALLTOP=/usr/local/ssl MAKE= make -f Makefile.ssl MAKEDEPEND= makedepend -fMakefile.ssl MAKEFILE= Makefile.ssl CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile des.org des_locl.org TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a LIBSRC= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c \ fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c \ + xcbc_enc.c \ str2key.c cfb64ede.c ofb64ede.c supp.c LIBOBJ= set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o fcrypt.o ncbc_enc.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ + xcbc_enc.o \ read_pwd.o rpc_enc.o cbc_cksm.o supp.o SRC= $(LIBSRC) EXHEADER= des.h HEADER= des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) all: lib lib: $(LIBOBJ) ar r $(LIB) $(LIBOBJ) $(TOP)/util/ranlib.sh $(LIB) @touch lib files: perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: /bin/rm -f Makefile $(TOP)/util/point.sh Makefile.ssl Makefile ; /bin/rm -f des.doc $(TOP)/util/point.sh ../../doc/des.doc des.doc ; $(TOP)/util/mklink.sh ../../include $(EXHEADER) $(TOP)/util/mklink.sh ../../test $(TEST) $(TOP)/util/mklink.sh ../../apps $(APPS) install: installs installs: @for i in $(EXHEADER) ; \ do \ (cp $$i $(INSTALLTOP)/include/$$i; \ chmod 644 $(INSTALLTOP)/include/$$i ) \ done; tags: ctags $(SRC) tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) dclean: perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: /bin/rm -f *.o *.obj lib tags core .nfs* *.old *.bak fluff errors: # DO NOT DELETE THIS LINE -- make depend depends on it. Index: head/secure/lib/libdes/VERSION =================================================================== --- head/secure/lib/libdes/VERSION (revision 17330) +++ head/secure/lib/libdes/VERSION (revision 17331) @@ -1,330 +1,338 @@ -Version 3.24 20/04/95 +Version 3.25 17/07/96 + des_init_random_number_generator() shortened due to VMS linker + limits. + Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 + 8 byte quantites xored before and after encryption. + des_xcbc_encryption() - the name is funny to preserve the des_ + prefix on all functions. + +Version 3.24 20/04/96 The DES_PTR macro option checked and used by SSLeay configuration -Version 3.23 11/04/95 +Version 3.23 11/04/96 Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, it gives a %20 speedup :-) Fixed the problem with des.pl under perl5. The patches were sent by Ed Kubaitis (ejk@uiuc.edu). if fcrypt.c, changed values to handle illegal salt values the way normal crypt() implementations do. Some programs apparently use them :-(. The patch was sent by Bjorn Gronvall Version 3.22 29/11/95 Bug in des(1), an error with the uuencoding stuff when the 'data' is small, thanks to Geoff Keating for the patch. Version 3.21 22/11/95 After some emailing back and forth with Colin Plumb , I've tweaked a few things and in a future version I will probably put in some of the optimisation he suggested for use with the DES_USE_PTR option. Extra routines from Mark Murray for use in freeBSD. They mostly involve random number generation for use with kerberos. They involve evil machine specific system calls etc so I would normally suggest pushing this stuff into the application and/or using RAND_seed()/RAND_bytes() if you are using this DES library as part of SSLeay. Redone the read_pw() function so that it is cleaner and supports termios, thanks to Sameer Parekh for the initial patches for this. Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been done just to make things more consistent. I have also now added triple DES versions of cfb and ofb. Version 3.20 Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, my des_random_seed() function was only copying 4 bytes of the passed seed into the init structure. It is now fixed to copy 8. My own suggestion is to used something like MD5 :-) Version 3.19 While looking at my code one day, I though, why do I keep on calling des_encrypt(in,out,ks,enc) when every function that calls it has in and out the same. So I dropped the 'out' parameter, people should not be using this function. Version 3.18 30/08/95 Fixed a few bit with the distribution and the filenames. 3.17 had been munged via a move to DOS and back again. NO CODE CHANGES Version 3.17 14/07/95 Fixed ede3 cbc which I had broken in 3.16. I have also removed some unneeded variables in 7-8 of the routines. Version 3.16 26/06/95 Added des_encrypt2() which does not use IP/FP, used by triple des routines. Tweaked things a bit elsewhere. %13 speedup on sparc and %6 on a R4400 for ede3 cbc mode. Version 3.15 06/06/95 Added des_ncbc_encrypt(), it is des_cbc mode except that it is 'normal' and copies the new iv value back over the top of the passed parameter. CHANGED des_ede3_cbc_encrypt() so that it too now overwrites the iv. THIS WILL BREAK EXISTING CODE, but since this function only new, I feel I can change it, not so with des_cbc_encrypt :-(. I need to update the documentation. Version 3.14 31/05/95 New release upon the world, as part of my SSL implementation. New copyright and usage stuff. Basically free for all to use as long as you say it came from me :-) Version 3.13 31/05/95 A fix in speed.c, if HZ is not defined, I set it to 100.0 which is reasonable for most unixes except SunOS 4.x. I now have a #ifdef sun but timing for SunOS 4.x looked very good :-(. At my last job where I used SunOS 4.x, it was defined to be 60.0 (look at the old INSTALL documentation), at the last release had it changed to 100.0 since I now work with Solaris2 and SVR4 boxes. Thanks to Rory Chisholm for pointing this one out. Version 3.12 08/05/95 As pointed out by The Crypt Keeper , my D_ENCRYPT macro in crypt() had an un-necessary variable. It has been removed. Version 3.11 03/05/95 Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys and one iv. It is a standard and I needed it for my SSL code. It makes more sense to use this for triple DES than 3cbc_encrypt(). I have also added (or should I say tested :-) cfb64_encrypt() which is cfb64 but it will encrypt a partial number of bytes - 3 bytes in 3 bytes out. Again this is for my SSL library, as a form of encryption to use with SSL telnet. Version 3.10 22/03/95 Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls to cbc3_encrypt, the 2 iv values that were being returned to be used in the next call were reversed :-(. Many thanks to Bill Wade for pointing out this error. Version 3.09 01/02/95 Fixed des_random_key to far more random, it was rather feeble with regards to picking the initial seed. The problem was pointed out by Olaf Kirch . Version 3.08 14/12/94 Added Makefile.PL so libdes can be built into perl5. Changed des_locl.h so RAND is always defined. Version 3.07 05/12/94 Added GNUmake and stuff so the library can be build with glibc. Version 3.06 30/08/94 Added rpc_enc.c which contains _des_crypt. This is for use in secure_rpc v 4.0 Finally fixed the cfb_enc problems. Fixed a few parameter parsing bugs in des (-3 and -b), thanks to Rob McMillan Version 3.05 21/04/94 for unsigned long l; gcc does not produce ((l>>34) == 0) This causes bugs in cfb_enc. Thanks to Hadmut Danisch Version 3.04 20/04/94 Added a version number to des.c and libdes.a Version 3.03 12/01/94 Fixed a bug in non zero iv in 3cbc_enc. Version 3.02 29/10/93 I now work in a place where there are 6+ architectures and 14+ OS versions :-). Fixed TERMIO definition so the most sys V boxes will work :-) Release upon comp.sources.misc Version 3.01 08/10/93 Added des_3cbc_encrypt() Version 3.00 07/10/93 Fixed up documentation. quad_cksum definitely compatible with MIT's now. Version 2.30 24/08/93 Triple DES now defaults to triple cbc but can do triple ecb with the -b flag. Fixed some MSDOS uuen/uudecoding problems, thanks to Added prototypes. Version 2.22 29/06/93 Fixed a bug in des_is_weak_key() which stopped it working :-( thanks to engineering@MorningStar.Com. Version 2.21 03/06/93 des(1) with no arguments gives quite a bit of help. Added -c (generate ckecksum) flag to des(1). Added -3 (triple DES) flag to des(1). Added cfb and ofb routines to the library. Version 2.20 11/03/93 Added -u (uuencode) flag to des(1). I have been playing with byte order in quad_cksum to make it compatible with MIT's version. All I can say is avid this function if possible since MIT's output is endian dependent. Version 2.12 14/10/92 Added MSDOS specific macro in ecb_encrypt which gives a %70 speed up when the code is compiled with turbo C. Version 2.11 12/10/92 Speedup in set_key (recoding of PC-1) I now do it in 47 simple operations, down from 60. Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) for motivating me to look for a faster system :-) The speedup is probably less that 1% but it is still 13 instructions less :-). Version 2.10 06/10/92 The code now works on the 64bit ETA10 and CRAY without modifications or #defines. I believe the code should work on any machine that defines long, int or short to be 8 bytes long. Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) for helping me fix the code to run on 64bit machines (he had access to an ETA10). Thanks also to John Fletcher for testing the routines on a CRAY. read_password.c has been renamed to read_passwd.c string_to_key.c has been renamed to string2key.c Version 2.00 14/09/92 Made mods so that the library should work on 64bit CPU's. Removed all my uchar and ulong defs. To many different versions of unix define them in their header files in too many different combinations :-) IRIX - Sillicon Graphics mods (mostly in read_password.c). Thanks to Andrew Daviel (advax@erich.triumf.ca) Version 1.99 26/08/92 Fixed a bug or 2 in enc_read.c Fixed a bug in enc_write.c Fixed a pseudo bug in fcrypt.c (very obscure). Version 1.98 31/07/92 Support for the ETA10. This is a strange machine that defines longs and ints as 8 bytes and shorts as 4 bytes. Since I do evil things with long * that assume that they are 4 bytes. Look in the Makefile for the option to compile for this machine. quad_cksum appears to have problems but I will don't have the time to fix it right now, and this is not a function that uses DES and so will not effect the main uses of the library. Version 1.97 20/05/92 eay Fixed the Imakefile and made some changes to des.h to fix some problems when building this package with Kerberos v 4. Version 1.96 18/05/92 eay Fixed a small bug in string_to_key() where problems could occur if des_check_key was set to true and the string generated a weak key. Patch2 posted to comp.sources.misc Version 1.95 13/05/92 eay Added an alternative version of the D_ENCRYPT macro in ecb_encrypt and fcrypt. Depending on the compiler, one version or the other will be faster. This was inspired by Dana How , and her pointers about doing the *(ulong *)((uchar *)ptr+(value&0xfc)) vs ptr[value&0x3f] to stop the C compiler doing a <<2 to convert the long array index. Version 1.94 05/05/92 eay Fixed an incompatibility between my string_to_key and the MIT version. When the key is longer than 8 chars, I was wrapping with a different method. To use the old version, define OLD_STR_TO_KEY in the makefile. Thanks to viktor@newsu.shearson.com (Viktor Dukhovni). Version 1.93 28/04/92 eay Fixed the VMS mods so that echo is now turned off in read_password. Thanks again to brennan@coco.cchs.su.oz.AU. MSDOS support added. The routines can be compiled with Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. Patch1 posted to comp.sources.misc Version 1.92 13/04/92 eay Changed D_ENCRYPT so that the rotation of R occurs outside of the loop. This required rotating all the longs in sp.h (now called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> speed.c has been changed so it will work without SIGALRM. If times(3) is not present it will try to use ftime() instead. Version 1.91 08/04/92 eay Added -E/-D options to des(1) so it can use string_to_key. Added SVR4 mods suggested by witr@rwwa.COM Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If anyone knows how to turn of tty echo in VMS please tell me or implement it yourself :-). Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS does not like IN/OUT being used. Libdes posted to comp.sources.misc Version 1.9 24/03/92 eay Now contains a fast small crypt replacement. Added des(1) command. Added des_rw_mode so people can use cbc encryption with enc_read and enc_write. Version 1.8 15/10/91 eay Bug in cbc_cksum. Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this one out. Version 1.7 24/09/91 eay Fixed set_key :-) set_key is 4 times faster and takes less space. There are a few minor changes that could be made. Version 1.6 19/09/1991 eay Finally go IP and FP finished. Now I need to fix set_key. This version is quite a bit faster that 1.51 Version 1.52 15/06/1991 eay 20% speedup in ecb_encrypt by changing the E bit selection to use 2 32bit words. This also required modification of the sp table. There is still a way to speedup the IP and IP-1 (hints from outer@sq.com) still working on this one :-(. Version 1.51 07/06/1991 eay Faster des_encrypt by loop unrolling Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) Version 1.50 28/05/1991 eay Optimised the code a bit more for the sparc. I have improved the speed of the inner des_encrypt by speeding up the initial and final permutations. Version 1.40 23/10/1990 eay Fixed des_random_key, it did not produce a random key :-( Version 1.30 2/10/1990 eay Have made des_quad_cksum the same as MIT's, the full package should be compatible with MIT's Have tested on a DECstation 3100 Still need to fix des_set_key (make it faster). Does des_cbc_encrypts at 70.5k/sec on a 3100. Version 1.20 18/09/1990 eay Fixed byte order dependencies. Fixed (I hope) all the word alignment problems. Speedup in des_ecb_encrypt. Version 1.10 11/09/1990 eay Added des_enc_read and des_enc_write. Still need to fix des_quad_cksum. Still need to document des_enc_read and des_enc_write. Version 1.00 27/08/1990 eay Index: head/secure/lib/libdes/cfb64ede.c =================================================================== --- head/secure/lib/libdes/cfb64ede.c (revision 17330) +++ head/secure/lib/libdes/cfb64ede.c (revision 17331) @@ -1,153 +1,153 @@ /* crypto/des/cfb64ede.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit cfb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule ks1,ks2,ks3; des_cblock (*ivec); int *num; int encrypt; { register DES_LONG v0,v1; register long l=length; - register int n=*num; + register int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { c2l(iv,v0); c2l(iv,v1); IP(v0,v1); ti[0]=v0; ti[1]=v1; des_encrypt2((DES_LONG *)ti,ks1,DES_ENCRYPT); des_encrypt2((DES_LONG *)ti,ks2,DES_DECRYPT); des_encrypt2((DES_LONG *)ti,ks3,DES_ENCRYPT); v0=ti[0]; v1=ti[1]; FP(v1,v0); iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { c2l(iv,v0); c2l(iv,v1); IP(v0,v1); ti[0]=v0; ti[1]=v1; des_encrypt2((DES_LONG *)ti,ks1,DES_ENCRYPT); des_encrypt2((DES_LONG *)ti,ks2,DES_DECRYPT); des_encrypt2((DES_LONG *)ti,ks3,DES_ENCRYPT); v0=ti[0]; v1=ti[1]; FP(v1,v0); iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=c=cc=0; *num=n; } #ifdef undef /* MACRO */ void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule ks1,ks2; des_cblock (*ivec); int *num; int encrypt; { des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,encrypt); } #endif Index: head/secure/lib/libdes/cfb64enc.c =================================================================== --- head/secure/lib/libdes/cfb64enc.c (revision 17330) +++ head/secure/lib/libdes/cfb64enc.c (revision 17331) @@ -1,117 +1,117 @@ /* crypto/des/cfb64enc.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit cfb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule schedule; des_cblock (*ivec); int *num; int encrypt; { register DES_LONG v0,v1; register long l=length; - register int n=*num; + register int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; des_encrypt((DES_LONG *)ti, schedule,DES_ENCRYPT); iv=(unsigned char *)ivec; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; des_encrypt((DES_LONG *)ti, schedule,DES_ENCRYPT); iv=(unsigned char *)ivec; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=c=cc=0; *num=n; } Index: head/secure/lib/libdes/des.doc =================================================================== --- head/secure/lib/libdes/des.doc (revision 17330) +++ head/secure/lib/libdes/des.doc (revision 17331) @@ -1,480 +1,494 @@ The DES library. Please note that this library was originally written to operate with eBones, a version of Kerberos that had had encryption removed when it left the USA and then put back in. As such there are some routines that I will advise not using but they are still in the library for historical reasons. For all calls that have an 'input' and 'output' variables, they can be the same. This library requires the inclusion of 'des.h'. All of the encryption functions take what is called a des_key_schedule as an argument. A des_key_schedule is an expanded form of the des key. A des_key is 8 bytes of odd parity, the type used to hold the key is a des_cblock. A des_cblock is an array of 8 bytes, often in this library description I will refer to input bytes when the function specifies des_cblock's as input or output, this just means that the variable should be a multiple of 8 bytes. The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to specify decryption. The functions and global variable are as follows: int des_check_key; DES keys are supposed to be odd parity. If this variable is set to a non-zero value, des_set_key() will check that the key has odd parity and is not one of the known weak DES keys. By default this variable is turned off; void des_set_odd_parity( des_cblock *key ); This function takes a DES key (8 bytes) and sets the parity to odd. int des_is_weak_key( des_cblock *key ); This function returns a non-zero value if the DES key passed is a weak, DES key. If it is a weak key, don't use it, try a different one. If you are using 'random' keys, the chances of hitting a weak key are 1/2^52 so it is probably not worth checking for them. int des_set_key( des_cblock *key, des_key_schedule schedule); Des_set_key converts an 8 byte DES key into a des_key_schedule. A des_key_schedule is an expanded form of the key which is used to perform actual encryption. It can be regenerated from the DES key so it only needs to be kept when encryption or decryption is about to occur. Don't save or pass around des_key_schedule's since they are CPU architecture dependent, DES keys are not. If des_check_key is non zero, zero is returned if the key has the wrong parity or the key is a weak key, else 1 is returned. int des_key_sched( des_cblock *key, des_key_schedule schedule); An alternative name for des_set_key(). int des_rw_mode; /* defaults to DES_PCBC_MODE */ This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). This specifies the function to use in the enc_read() and enc_write() functions. void des_encrypt( unsigned long *data, des_key_schedule ks, int enc); This is the DES encryption function that gets called by just about every other DES routine in the library. You should not use this function except to implement 'modes' of DES. I say this because the functions that call this routine do the conversion from 'char *' to long, and this needs to be done to make sure 'non-aligned' memory access do not occur. The characters are loaded 'little endian', have a look at my source code for more details on how I use this function. Data is a pointer to 2 unsigned long's and ks is the des_key_schedule to use. enc, is non zero specifies encryption, zero if decryption. void des_encrypt2( unsigned long *data, des_key_schedule ks, int enc); This functions is the same as des_encrypt() except that the DES initial permutation (IP) and final permutation (FP) have been left out. As for des_encrypt(), you should not use this function. It is used by the routines in my library that implement triple DES. IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same as des_encrypt() des_encrypt() des_encrypt() except faster :-). void des_ecb_encrypt( des_cblock *input, des_cblock *output, des_key_schedule ks, int enc); This is the basic Electronic Code Book form of DES, the most basic form. Input is encrypted into output using the key represented by ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise decryption occurs. Input is 8 bytes long and output is 8 bytes. (the des_cblock structure is 8 chars). void des_ecb3_encrypt( des_cblock *input, des_cblock *output, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, int enc); This is the 3 key EDE mode of ECB DES. What this means is that the 8 bytes of input is encrypted with ks1, decrypted with ks2 and then encrypted again with ks3, before being put into output; C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() that only takes 2 des_key_schedules that implements, C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. void des_cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec, int enc); This routine implements DES in Cipher Block Chaining mode. Input, which should be a multiple of 8 bytes is encrypted (or decrypted) to output which will also be a multiple of 8 bytes. The number of bytes is in length (and from what I've said above, should be a multiple of 8). If length is not a multiple of 8, I'm not being held responsible :-). ivec is the initialisation vector. This function does not modify this variable. To correctly implement cbc mode, you need to do one of 2 things; copy the last 8 bytes of cipher text for use as the next ivec in your application, or use des_ncbc_encrypt(). Only this routine has this problem with updating the ivec, all other routines that are implementing cbc mode update ivec. void des_ncbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule sk, des_cblock *ivec, int enc); For historical reasons, des_cbc_encrypt() did not update the ivec with the value requires so that subsequent calls to des_cbc_encrypt() would 'chain'. This was needed so that the same 'length' values would not need to be used when decrypting. des_ncbc_encrypt() does the right thing. It is the same as des_cbc_encrypt accept that ivec is updates with the correct value to pass in subsequent calls to des_ncbc_encrypt(). I advise using des_ncbc_encrypt() instead of des_cbc_encrypt(); + +void des_xcbc_encrypt( +des_cblock *input, +des_cblock *output, +long length, +des_key_schedule sk, +des_cblock *ivec, +des_cblock *inw, +des_cblock *outw, +int enc); + This is RSA's DESX mode of DES. It uses inw and outw to + 'whiten' the encryption. inw and outw are secret (unlike the iv) + and are as such, part of the key. So the key is sort of 24 bytes. + This is much better than cbc des. void des_3cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule sk1, des_key_schedule sk2, des_cblock *ivec1, des_cblock *ivec2, int enc); This function is flawed, do not use it. I have left it in the library because it is used in my des(1) program and will function correctly when used by des(1). If I removed the function, people could end up unable to decrypt files. This routine implements outer triple cbc encryption using 2 ks and 2 ivec's. Use des_ede2_cbc_encrypt() instead. void des_ede3_cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); This function implements inner triple CBC DES encryption with 3 keys. What this means is that each 'DES' operation inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). Again, this is cbc mode so an ivec is requires. This mode is used by SSL. There is also a des_ede2_cbc_encrypt() that only uses 2 des_key_schedule's, the first being reused for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES is used by the RSAref library. void des_pcbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec, int enc); This is Propagating Cipher Block Chaining mode of DES. It is used by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). void des_cfb_encrypt( unsigned char *in, unsigned char *out, int numbits, long length, des_key_schedule ks, des_cblock *ivec, int enc); Cipher Feedback Back mode of DES. This implementation 'feeds back' in numbit blocks. The input (and output) is in multiples of numbits bits. numbits should to be a multiple of 8 bits. Length is the number of bytes input. If numbits is not a multiple of 8 bits, the extra bits in the bytes will be considered padding. So if numbits is 12, for each 2 input bytes, the 4 high bits of the second byte will be ignored. So to encode 72 bits when using a numbits of 12 take 12 bytes. To encode 72 bits when using numbits of 9 will take 16 bytes. To encode 80 bits when using numbits of 16 will take 10 bytes. etc, etc. This padding will apply to both input and output. void des_cfb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks, des_cblock *ivec, int *num, int enc); This is one of the more useful functions in this DES library, it implements CFB mode of DES with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of DES :-). void des_ede3_cfb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num, int enc); Same as des_cfb64_encrypt() accept that the DES operation is triple DES. As usual, there is a macro for des_ede2_cfb64_encrypt() which reuses ks1. void des_ofb_encrypt( unsigned char *in, unsigned char *out, int numbits, long length, des_key_schedule ks, des_cblock *ivec); This is a implementation of Output Feed Back mode of DES. It is the same as des_cfb_encrypt() in that numbits is the size of the units dealt with during input and output (in bits). void des_ofb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks, des_cblock *ivec, int *num); The same as des_cfb64_encrypt() except that it is Output Feed Back mode. void des_ede3_ofb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num); Same as des_ofb64_encrypt() accept that the DES operation is triple DES. As usual, there is a macro for des_ede2_ofb64_encrypt() which reuses ks1. int des_read_pw_string( char *buf, int length, char *prompt, int verify); This routine is used to get a password from the terminal with echo turned off. Buf is where the string will end up and length is the size of buf. Prompt is a string presented to the 'user' and if verify is set, the key is asked for twice and unless the 2 copies match, an error is returned. A return code of -1 indicates a system error, 1 failure due to use interaction, and 0 is success. unsigned long des_cbc_cksum( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec); This function produces an 8 byte checksum from input that it puts in output and returns the last 4 bytes as a long. The checksum is generated via cbc mode of DES in which only the last 8 byes are kept. I would recommend not using this function but instead using the EVP_Digest routines, or at least using MD5 or SHA. This function is used by Kerberos v4 so that is why it stays in the library. char *crypt( const char *buf, const char *salt); This is my fast version of the unix crypt(3) function. This version takes only a small amount of space relative to other fast crypt() implementations. void des_string_to_key( char *str, des_cblock *key); This function takes str and converts it into a DES key. I would recommend using MD5 instead and use the first 8 bytes of output. When I wrote the first version of these routines back in 1990, MD5 did not exist but I feel these routines are still sound. This routines is compatible with the one in MIT's libdes. void des_string_to_2keys( char *str, des_cblock *key1, des_cblock *key2); This function takes str and converts it into 2 DES keys. I would recommend using MD5 and using the 16 bytes as the 2 keys. I have nothing against these 2 'string_to_key' routines, it's just that if you say that your encryption key is generated by using the 16 bytes of an MD5 hash, every-one knows how you generated your keys. int des_read_password( des_cblock *key, char *prompt, int verify); This routine combines des_read_pw_string() with des_string_to_key(). int des_read_2passwords( des_cblock *key1, des_cblock *key2, char *prompt, int verify); This routine combines des_read_pw_string() with des_string_to_2key(). void des_random_seed( des_cblock key); This routine sets a starting point for des_random_key(). void des_random_key( des_cblock ret); This function return a random key. Make sure to 'seed' the random number generator (with des_random_seed()) before using this function. I personally now use a MD5 based random number system. int des_enc_read( int fd, char *buf, int len, des_key_schedule ks, des_cblock *iv); This function will write to a file descriptor the encrypted data from buf. This data will be preceded by a 4 byte 'byte count' and will be padded out to 8 bytes. The encryption is either CBC of PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use DES_PCBC_MODE. int des_enc_write( int fd, char *buf, int len, des_key_schedule ks, des_cblock *iv); This routines read stuff written by des_enc_read() and decrypts it. I have used these routines quite a lot but I don't believe they are suitable for non-blocking io. If you are after a full authentication/encryption over networks, have a look at SSL instead. unsigned long des_quad_cksum( des_cblock *input, des_cblock *output, long length, int out_count, des_cblock *seed); This is a function from Kerberos v4 that is not anything to do with DES but was needed. It is a cksum that is quicker to generate than des_cbc_cksum(); I personally would use MD5 routines now. ===== Modes of DES Quite a bit of the following information has been taken from AS 2805.5.2 Australian Standard Electronic funds transfer - Requirements for interfaces, Part 5.2: Modes of operation for an n-bit block cipher algorithm Appendix A There are several different modes in which DES can be used, they are as follows. Electronic Codebook Mode (ECB) (des_ecb_encrypt()) - 64 bits are enciphered at a time. - The order of the blocks can be rearranged without detection. - The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'. - An error will only affect one ciphertext block. Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) - a multiple of 64 bits are enciphered at a time. - The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - An error will affect the current and the following ciphertext blocks. Cipher Feedback Mode (CFB) (des_cfb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j-bit variables are chained together and can not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - An error will affect the current and the following ciphertext variables. Output Feedback Mode (OFB) (des_ofb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key. - The absence of chaining makes the OFB more vulnerable to specific attacks. - The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext. - OFB mode is not self-synchronising. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialised. - Each re-initialisation should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a ' known plaintext' attack. Triple ECB Mode (des_ecb3_encrypt()) - Encrypt with key1, decrypt with key2 and encrypt with key3 again. - As for ECB encryption but increases the key length to 168 bits. There are theoretic attacks that can be used that make the effective key length 112 bits, but this attack also requires 2^56 blocks of memory, not very likely, even for the NSA. - If both keys are the same it is equivalent to encrypting once with just one key. - If the first and last key are the same, the key length is 112 bits. There are attacks that could reduce the key space to 55 bit's but it requires 2^56 blocks of memory. - If all 3 keys are the same, this is effectively the same as normal ecb mode. Triple CBC Mode (des_ede3_cbc_encrypt()) - Encrypt with key1, decrypt with key2 and then encrypt with key3. - As for CBC encryption but increases the key length to 168 bits with the same restrictions as for triple ecb mode. Index: head/secure/lib/libdes/destest.c =================================================================== --- head/secure/lib/libdes/destest.c (revision 17330) +++ head/secure/lib/libdes/destest.c (revision 17331) @@ -1,799 +1,834 @@ /* crypto/des/destest.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #if defined(WIN32) || defined(WIN16) || defined(WINDOWS) #ifndef MSDOS #define MSDOS #endif #endif #include #include #ifndef MSDOS #include #else #include #endif #include #include "des.h" /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ #define NUM_TESTS 34 static unsigned char key_data[NUM_TESTS][8]={ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; static unsigned char plain_data[NUM_TESTS][8]={ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; static unsigned char cipher_data[NUM_TESTS][8]={ {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; static char cbc_data[40]="7654321 Now is the time for "; static unsigned char cbc_ok[32]={ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; +static unsigned char xcbc_ok[32]={ + 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, + 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, + 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, + 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, + }; + static unsigned char cbc3_ok[32]={ 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; static unsigned char pcbc_ok[32]={ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; static unsigned char plain[24]= { 0x4e,0x6f,0x77,0x20,0x69,0x73, 0x20,0x74,0x68,0x65,0x20,0x74, 0x69,0x6d,0x65,0x20,0x66,0x6f, 0x72,0x20,0x61,0x6c,0x6c,0x20 }; static unsigned char cfb_cipher8[24]= { 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; static unsigned char cfb_cipher16[24]={ 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; static unsigned char cfb_cipher32[24]={ 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; static unsigned char cfb_cipher48[24]={ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; static unsigned char cfb_cipher64[24]={ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; static unsigned char ofb_cipher[24]= { 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; DES_LONG cbc_cksum_ret=0xB462FEF7L; unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; #ifndef NOPROTO static char *pt(unsigned char *p); static int cfb_test(int bits, unsigned char *cfb_cipher); static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); #else static char *pt(); static int cfb_test(); static int cfb64_test(); static int ede_cfb64_test(); #endif int main(argc,argv) int argc; char *argv[]; { int i,j,err=0; des_cblock in,out,outin,iv3; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; unsigned char qret[4][4],cret[8]; DES_LONG lqret[4]; int num; char *str; printf("Doing ecb\n"); for (i=0; i>4)&0xf]; ret[i*2+1]=f[p[i]&0xf]; } ret[16]='\0'; return(ret); } static int cfb_test(bits, cfb_cipher) int bits; unsigned char *cfb_cipher; { des_key_schedule ks; int i,err=0; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks, (C_Block *)cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks, (C_Block *)cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } return(err); } static int cfb64_test(cfb_cipher) unsigned char *cfb_cipher; { des_key_schedule ks; int err=0,i,n; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), (long)sizeof(plain)-12,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), (long)sizeof(plain)-17,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf2[i]))); } return(err); } static int ede_cfb64_test(cfb_cipher) unsigned char *cfb_cipher; { des_key_schedule ks; int err=0,i,n; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), (long)sizeof(plain)-12,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("ede_cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), (long)sizeof(plain)-17,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("ede_cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf2[i]))); } return(err); } Index: head/secure/lib/libdes/ecb_enc.c =================================================================== --- head/secure/lib/libdes/ecb_enc.c (revision 17330) +++ head/secure/lib/libdes/ecb_enc.c (revision 17331) @@ -1,229 +1,229 @@ /* crypto/des/ecb_enc.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" #include "spr.h" char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; -char *DES_version="DES part of SSLeay 0.6.1 12-Jul-1996"; +char *DES_version="DES part of SSLeay 0.6.2 24-Jul-1996"; char *des_options() { #ifdef DES_PTR if (sizeof(DES_LONG) != sizeof(long)) return("des(ptr,int)"); else return("des(ptr,long)"); #else if (sizeof(DES_LONG) != sizeof(long)) return("des(idx,int)"); else return("des(idx,long)"); #endif } void des_ecb_encrypt(input, output, ks, encrypt) des_cblock (*input); des_cblock (*output); des_key_schedule ks; int encrypt; { register DES_LONG l; register unsigned char *in,*out; DES_LONG ll[2]; in=(unsigned char *)input; out=(unsigned char *)output; c2l(in,l); ll[0]=l; c2l(in,l); ll[1]=l; des_encrypt(ll,ks,encrypt); l=ll[0]; l2c(l,out); l=ll[1]; l2c(l,out); l=ll[0]=ll[1]=0; } void des_encrypt(data, ks, encrypt) DES_LONG *data; des_key_schedule ks; int encrypt; { register DES_LONG l,r,t,u; #ifdef DES_PTR register unsigned char *des_SP=(unsigned char *)des_SPtrans; #endif #ifdef undef union fudge { DES_LONG l; unsigned short s[2]; unsigned char c[4]; } U,T; #endif register int i; register DES_LONG *s; u=data[0]; r=data[1]; IP(u,r); /* Things have been modified so that the initial rotate is * done outside the loop. This required the * des_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ l=(r<<1)|(r>>31); r=(u<<1)|(u>>31); /* clear the top bits on machines with 8byte longs */ l&=0xffffffffL; r&=0xffffffffL; s=(DES_LONG *)ks; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (encrypt) { for (i=0; i<32; i+=8) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ D_ENCRYPT(l,r,i+4); /* 3 */ D_ENCRYPT(r,l,i+6); /* 4 */ } } else { for (i=30; i>0; i-=8) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ D_ENCRYPT(l,r,i-4); /* 14 */ D_ENCRYPT(r,l,i-6); /* 13 */ } } l=(l>>1)|(l<<31); r=(r>>1)|(r<<31); /* clear the top bits on machines with 8byte longs */ l&=0xffffffffL; r&=0xffffffffL; FP(r,l); data[0]=l; data[1]=r; l=r=t=u=0; } void des_encrypt2(data, ks, encrypt) DES_LONG *data; des_key_schedule ks; int encrypt; { register DES_LONG l,r,t,u; #ifdef DES_PTR register unsigned char *des_SP=(unsigned char *)des_SPtrans; #endif #ifdef undef union fudge { DES_LONG l; unsigned short s[2]; unsigned char c[4]; } U,T; #endif register int i; register DES_LONG *s; u=data[0]; r=data[1]; /* Things have been modified so that the initial rotate is * done outside the loop. This required the * des_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ l=(r<<1)|(r>>31); r=(u<<1)|(u>>31); /* clear the top bits on machines with 8byte longs */ l&=0xffffffffL; r&=0xffffffffL; s=(DES_LONG *)ks; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (encrypt) { for (i=0; i<32; i+=8) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ D_ENCRYPT(l,r,i+4); /* 3 */ D_ENCRYPT(r,l,i+6); /* 4 */ } } else { for (i=30; i>0; i-=8) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ D_ENCRYPT(l,r,i-4); /* 14 */ D_ENCRYPT(r,l,i-6); /* 13 */ } } l=(l>>1)|(l<<31); r=(r>>1)|(r<<31); /* clear the top bits on machines with 8byte longs */ l&=0xffffffffL; r&=0xffffffffL; data[0]=l; data[1]=r; l=r=t=u=0; } Index: head/secure/lib/libdes/ofb64ede.c =================================================================== --- head/secure/lib/libdes/ofb64ede.c (revision 17330) +++ head/secure/lib/libdes/ofb64ede.c (revision 17331) @@ -1,126 +1,126 @@ /* crypto/des/ofb64ede.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule k1,k2,k3; des_cblock (*ivec); int *num; { register DES_LONG v0,v1; - register int n=*num; + register int n= *num; register long l=length; des_cblock d; register char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(char *)d; l2c(v0,dp); l2c(v1,dp); while (l--) { if (n == 0) { IP(v0,v1); ti[0]=v0; ti[1]=v1; des_encrypt2((DES_LONG *)ti,k1,DES_ENCRYPT); des_encrypt2((DES_LONG *)ti,k2,DES_DECRYPT); des_encrypt2((DES_LONG *)ti,k3,DES_ENCRYPT); v0=ti[0]; v1=ti[1]; FP(v1,v0); dp=(char *)d; l2c(v0,dp); l2c(v1,dp); save++; } - *(out++)=*(in++)^d[n]; + *(out++)= *(in++)^d[n]; n=(n+1)&0x07; } if (save) { /* v0=ti[0]; v1=ti[1];*/ iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); } v0=v1=ti[0]=ti[1]=0; *num=n; } #ifdef undef /* MACRO */ void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule k1,k2; des_cblock (*ivec); int *num; { des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); } #endif Index: head/secure/lib/libdes/ofb64enc.c =================================================================== --- head/secure/lib/libdes/ofb64enc.c (revision 17330) +++ head/secure/lib/libdes/ofb64enc.c (revision 17331) @@ -1,103 +1,103 @@ /* crypto/des/ofb64enc.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ofb64_encrypt(in, out, length, schedule, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule schedule; des_cblock (*ivec); int *num; { register DES_LONG v0,v1,t; - register int n=*num; + register int n= *num; register long l=length; des_cblock d; register char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(char *)d; l2c(v0,dp); l2c(v1,dp); while (l--) { if (n == 0) { des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); dp=(char *)d; t=ti[0]; l2c(t,dp); t=ti[1]; l2c(t,dp); save++; } - *(out++)=*(in++)^d[n]; + *(out++)= *(in++)^d[n]; n=(n+1)&0x07; } if (save) { v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); } t=v0=v1=ti[0]=ti[1]=0; *num=n; } Index: head/secure/lib/libdes/read_pwd.c =================================================================== --- head/secure/lib/libdes/read_pwd.c (revision 17330) +++ head/secure/lib/libdes/read_pwd.c (revision 17331) @@ -1,423 +1,423 @@ /* crypto/des/read_pwd.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifdef WIN16TTY #undef WIN16 #undef _WINDOWS #include #endif /* 06-Apr-92 Luke Brennan Support for VMS */ #include "des_locl.h" #include #include #include /* There are 5 types of terminal interface supported, * TERMIO, TERMIOS, VMS, MSDOS and SGTTY */ #if defined(__sgi) && !defined(TERMIOS) #define TERMIOS #undef TERMIO #undef SGTTY #endif #if defined(linux) && !defined(TERMIO) #undef TERMIOS #define TERMIO #undef SGTTY #endif #ifdef _LIBC #define TERMIO #endif #if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS) #define SGTTY #endif #ifdef TERMIOS #include #define TTY_STRUCT struct termios #define TTY_FLAGS c_lflag #define TTY_get(tty,data) tcgetattr(tty,data) #define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) #endif #ifdef TERMIO #include #define TTY_STRUCT struct termio #define TTY_FLAGS c_lflag #define TTY_get(tty,data) ioctl(tty,TCGETA,data) #define TTY_set(tty,data) ioctl(tty,TCSETA,data) #endif #ifdef SGTTY #include #define TTY_STRUCT struct sgttyb #define TTY_FLAGS sg_flags #define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) #define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) #endif -#if !defined(_LIBC) && !defined(MSDOS) +#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS) #include #endif #ifdef MSDOS #include #define fgets(a,b,c) noecho_fgets(a,b,c) #endif #ifdef VMS #include #include #include #include struct IOSB { short iosb$w_value; short iosb$w_count; long iosb$l_info; }; #endif #ifndef NX509_SIG #define NX509_SIG 32 #endif #ifndef NOPROTO static void read_till_nl(FILE *); static int read_pw(char *buf, char *buff, int size, char *prompt, int verify); static void recsig(int); static void pushsig(void); static void popsig(void); #if defined(MSDOS) && !defined(WIN16) static int noecho_fgets(char *buf, int size, FILE *tty); #endif #else static void read_till_nl(); static int read_pw(); static void recsig(); static void pushsig(); static void popsig(); #if defined(MSDOS) && !defined(WIN16) static int noecho_fgets(); #endif #endif #ifndef NOPROTO static void (*savsig[NX509_SIG])(int ); #else static void (*savsig[NX509_SIG])(); #endif static jmp_buf save; int des_read_password(key, prompt, verify) des_cblock (*key); char *prompt; int verify; { int ok; char buf[BUFSIZ],buff[BUFSIZ]; if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_key(buf,key); memset(buf,0,BUFSIZ); memset(buff,0,BUFSIZ); return(ok); } int des_read_2passwords(key1, key2, prompt, verify) des_cblock (*key1); des_cblock (*key2); char *prompt; int verify; { int ok; char buf[BUFSIZ],buff[BUFSIZ]; if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_2keys(buf,key1,key2); memset(buf,0,BUFSIZ); memset(buff,0,BUFSIZ); return(ok); } int des_read_pw_string(buf, length, prompt, verify) char *buf; int length; char *prompt; int verify; { char buff[BUFSIZ]; int ret; ret=read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); memset(buff,0,BUFSIZ); return(ret); } #ifndef WIN16 static void read_till_nl(in) FILE *in; { #define SIZE 4 char buf[SIZE+1]; do { fgets(buf,SIZE,in); } while (strchr(buf,'\n') == NULL); } /* return 0 if ok, 1 (or -1) otherwise */ static int read_pw(buf, buff, size, prompt, verify) char *buf; char *buff; int size; char *prompt; int verify; { #ifdef VMS struct IOSB iosb; $DESCRIPTOR(terminal,"TT"); long tty_orig[3], tty_new[3]; long status; unsigned short channel = 0; #else #ifndef MSDOS TTY_STRUCT tty_orig,tty_new; #endif #endif int number=5; int ok=0; int ps=0; FILE *tty=NULL; char *p; #ifndef MSDOS if ((tty=fopen("/dev/tty","r")) == NULL) tty=stdin; #else /* MSDOS */ if ((tty=fopen("con","r")) == NULL) tty=stdin; #endif /* MSDOS */ #if defined(TTY_get) && !defined(VMS) if (TTY_get(fileno(tty),&tty_orig) == -1) return(-1); memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); #endif #ifdef VMS status = SYS$ASSIGN(&terminal,&channel,0,0); if (status != SS$_NORMAL) return(-1); status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) return(-1); #endif if (setjmp(save)) { ok=0; goto error; } pushsig(); ps=1; #ifdef TTY_FLAGS tty_new.TTY_FLAGS &= ~ECHO; #endif #if defined(TTY_set) && !defined(VMS) if (TTY_set(fileno(tty),&tty_new) == -1) return(-1); #endif #ifdef VMS tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; tty_new[2] = tty_orig[2]; status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) return(-1); #endif ps=2; while ((!ok) && (number--)) { fputs(prompt,stderr); fflush(stderr); buf[0]='\0'; fgets(buf,size,tty); if (feof(tty)) goto error; if (ferror(tty)) goto error; if ((p=(char *)strchr(buf,'\n')) != NULL) *p='\0'; else read_till_nl(tty); if (verify) { fprintf(stderr,"\nVerifying password - %s",prompt); fflush(stderr); buff[0]='\0'; fgets(buff,size,tty); if (feof(tty)) goto error; if ((p=(char *)strchr(buff,'\n')) != NULL) *p='\0'; else read_till_nl(tty); if (strcmp(buf,buff) != 0) { fprintf(stderr,"\nVerify failure"); fflush(stderr); break; /* continue; */ } } ok=1; } error: fprintf(stderr,"\n"); #ifdef DEBUG perror("fgets(tty)"); #endif /* What can we do if there is an error? */ #if defined(TTY_set) && !defined(VMS) if (ps >= 2) TTY_set(fileno(tty),&tty_orig); #endif #ifdef VMS if (ps >= 2) status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0 ,tty_orig,12,0,0,0,0); #endif if (ps >= 1) popsig(); if (stdin != tty) fclose(tty); #ifdef VMS status = SYS$DASSGN(channel); #endif return(!ok); } #else /* WIN16 */ static int read_pw(buf, buff, size, prompt, verify) char *buf; char *buff; int size; char *prompt; int verify; { memset(buf,0,size); memset(buff,0,size); return(0); } #endif static void pushsig() { int i; for (i=1; i0; l-=8) + { + if (l >= 8) + { + c2l(in,tin0); + c2l(in,tin1); + } + else + c2ln(in,tin0,tin1,l); + tin0^=tout0^inW0; tin[0]=tin0; + tin1^=tout1^inW1; tin[1]=tin1; + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); + tout0=tin[0]^outW0; l2c(tout0,out); + tout1=tin[1]^outW1; l2c(tout1,out); + } + iv=(unsigned char *)ivec; + l2c(tout0,iv); + l2c(tout1,iv); + } + else + { + c2l(iv,xor0); + c2l(iv,xor1); + for (; l>0; l-=8) + { + c2l(in,tin0); tin[0]=tin0^outW0; + c2l(in,tin1); tin[1]=tin1^outW1; + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); + tout0=tin[0]^xor0^inW0; + tout1=tin[1]^xor1^inW1; + if (l >= 8) + { + l2c(tout0,out); + l2c(tout1,out); + } + else + l2cn(tout0,tout1,out,l); + xor0=tin0; + xor1=tin1; + } + iv=(unsigned char *)ivec; + l2c(xor0,iv); + l2c(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + inW0=inW1=outW0=outW1=0; + tin[0]=tin[1]=0; + } + Property changes on: head/secure/lib/libdes/xcbc_enc.c ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property