]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/e_des3.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add ossl_is_partially_overlapping symbol
[thirdparty/openssl.git] / crypto / evp / e_des3.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES low level APIs are deprecated for public use, but still ok for internal
12 * use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include "internal/cryptlib.h"
18 #ifndef OPENSSL_NO_DES
19 # include <openssl/evp.h>
20 # include <openssl/objects.h>
21 # include "crypto/evp.h"
22 # include <openssl/des.h>
23 # include <openssl/rand.h>
24 # include "evp_local.h"
25
26 typedef struct {
27 union {
28 OSSL_UNION_ALIGN;
29 DES_key_schedule ks[3];
30 } ks;
31 union {
32 void (*cbc) (const void *, void *, size_t,
33 const DES_key_schedule *, unsigned char *);
34 } stream;
35 } DES_EDE_KEY;
36 # define ks1 ks.ks[0]
37 # define ks2 ks.ks[1]
38 # define ks3 ks.ks[2]
39
40 # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
41 /* ---------^^^ this is not a typo, just a way to detect that
42 * assembler support was in general requested... */
43 # include "sparc_arch.h"
44
45 extern unsigned int OPENSSL_sparcv9cap_P[];
46
47 # define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES)
48
49 void des_t4_key_expand(const void *key, DES_key_schedule *ks);
50 void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
51 const DES_key_schedule ks[3], unsigned char iv[8]);
52 void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
53 const DES_key_schedule ks[3], unsigned char iv[8]);
54 # endif
55
56 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
57 const unsigned char *iv, int enc);
58
59 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
60 const unsigned char *iv, int enc);
61
62 static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
63
64 # define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
65
66 /*
67 * Because of various casts and different args can't use
68 * IMPLEMENT_BLOCK_CIPHER
69 */
70
71 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
72 const unsigned char *in, size_t inl)
73 {
74 BLOCK_CIPHER_ecb_loop()
75 DES_ecb3_encrypt((const_DES_cblock *)(in + i),
76 (DES_cblock *)(out + i),
77 &data(ctx)->ks1, &data(ctx)->ks2,
78 &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
79 return 1;
80 }
81
82 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
83 const unsigned char *in, size_t inl)
84 {
85 while (inl >= EVP_MAXCHUNK) {
86 int num = EVP_CIPHER_CTX_num(ctx);
87 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
88 &data(ctx)->ks1, &data(ctx)->ks2,
89 &data(ctx)->ks3,
90 (DES_cblock *)ctx->iv,
91 &num);
92 EVP_CIPHER_CTX_set_num(ctx, num);
93 inl -= EVP_MAXCHUNK;
94 in += EVP_MAXCHUNK;
95 out += EVP_MAXCHUNK;
96 }
97 if (inl) {
98 int num = EVP_CIPHER_CTX_num(ctx);
99 DES_ede3_ofb64_encrypt(in, out, (long)inl,
100 &data(ctx)->ks1, &data(ctx)->ks2,
101 &data(ctx)->ks3,
102 (DES_cblock *)ctx->iv,
103 &num);
104 EVP_CIPHER_CTX_set_num(ctx, num);
105 }
106 return 1;
107 }
108
109 static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
110 const unsigned char *in, size_t inl)
111 {
112 DES_EDE_KEY *dat = data(ctx);
113
114 if (dat->stream.cbc != NULL) {
115 (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
116 ctx->iv);
117 return 1;
118 }
119
120 while (inl >= EVP_MAXCHUNK) {
121 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
122 &dat->ks1, &dat->ks2, &dat->ks3,
123 (DES_cblock *)ctx->iv,
124 EVP_CIPHER_CTX_encrypting(ctx));
125 inl -= EVP_MAXCHUNK;
126 in += EVP_MAXCHUNK;
127 out += EVP_MAXCHUNK;
128 }
129 if (inl)
130 DES_ede3_cbc_encrypt(in, out, (long)inl,
131 &dat->ks1, &dat->ks2, &dat->ks3,
132 (DES_cblock *)ctx->iv,
133 EVP_CIPHER_CTX_encrypting(ctx));
134 return 1;
135 }
136
137 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
138 const unsigned char *in, size_t inl)
139 {
140 while (inl >= EVP_MAXCHUNK) {
141 int num = EVP_CIPHER_CTX_num(ctx);
142 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
143 &data(ctx)->ks1, &data(ctx)->ks2,
144 &data(ctx)->ks3, (DES_cblock *)ctx->iv,
145 &num, EVP_CIPHER_CTX_encrypting(ctx));
146 EVP_CIPHER_CTX_set_num(ctx, num);
147 inl -= EVP_MAXCHUNK;
148 in += EVP_MAXCHUNK;
149 out += EVP_MAXCHUNK;
150 }
151 if (inl) {
152 int num = EVP_CIPHER_CTX_num(ctx);
153 DES_ede3_cfb64_encrypt(in, out, (long)inl,
154 &data(ctx)->ks1, &data(ctx)->ks2,
155 &data(ctx)->ks3, (DES_cblock *)ctx->iv,
156 &num, EVP_CIPHER_CTX_encrypting(ctx));
157 EVP_CIPHER_CTX_set_num(ctx, num);
158 }
159 return 1;
160 }
161
162 /*
163 * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
164 * right way, so wrap it here
165 */
166 static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
167 const unsigned char *in, size_t inl)
168 {
169 size_t n;
170 unsigned char c[1], d[1];
171
172 if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
173 inl *= 8;
174 for (n = 0; n < inl; ++n) {
175 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
176 DES_ede3_cfb_encrypt(c, d, 1, 1,
177 &data(ctx)->ks1, &data(ctx)->ks2,
178 &data(ctx)->ks3, (DES_cblock *)ctx->iv,
179 EVP_CIPHER_CTX_encrypting(ctx));
180 out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
181 | ((d[0] & 0x80) >> (unsigned int)(n % 8));
182 }
183
184 return 1;
185 }
186
187 static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
188 const unsigned char *in, size_t inl)
189 {
190 while (inl >= EVP_MAXCHUNK) {
191 DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
192 &data(ctx)->ks1, &data(ctx)->ks2,
193 &data(ctx)->ks3, (DES_cblock *)ctx->iv,
194 EVP_CIPHER_CTX_encrypting(ctx));
195 inl -= EVP_MAXCHUNK;
196 in += EVP_MAXCHUNK;
197 out += EVP_MAXCHUNK;
198 }
199 if (inl)
200 DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
201 &data(ctx)->ks1, &data(ctx)->ks2,
202 &data(ctx)->ks3, (DES_cblock *)ctx->iv,
203 EVP_CIPHER_CTX_encrypting(ctx));
204 return 1;
205 }
206
207 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
208 EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
209 des_ede_init_key, NULL, NULL, NULL, des3_ctrl)
210 # define des_ede3_cfb64_cipher des_ede_cfb64_cipher
211 # define des_ede3_ofb_cipher des_ede_ofb_cipher
212 # define des_ede3_cbc_cipher des_ede_cbc_cipher
213 # define des_ede3_ecb_cipher des_ede_ecb_cipher
214 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
215 EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
216 des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
217
218 BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
219 EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
220 des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
221
222 BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
223 EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
224 des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
225
226 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
227 const unsigned char *iv, int enc)
228 {
229 DES_cblock *deskey = (DES_cblock *)key;
230 DES_EDE_KEY *dat = data(ctx);
231
232 dat->stream.cbc = NULL;
233 # if defined(SPARC_DES_CAPABLE)
234 if (SPARC_DES_CAPABLE) {
235 int mode = EVP_CIPHER_CTX_mode(ctx);
236
237 if (mode == EVP_CIPH_CBC_MODE) {
238 des_t4_key_expand(&deskey[0], &dat->ks1);
239 des_t4_key_expand(&deskey[1], &dat->ks2);
240 memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
241 dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
242 des_t4_ede3_cbc_decrypt;
243 return 1;
244 }
245 }
246 # endif
247 DES_set_key_unchecked(&deskey[0], &dat->ks1);
248 DES_set_key_unchecked(&deskey[1], &dat->ks2);
249 memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
250 return 1;
251 }
252
253 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
254 const unsigned char *iv, int enc)
255 {
256 DES_cblock *deskey = (DES_cblock *)key;
257 DES_EDE_KEY *dat = data(ctx);
258
259 dat->stream.cbc = NULL;
260 # if defined(SPARC_DES_CAPABLE)
261 if (SPARC_DES_CAPABLE) {
262 int mode = EVP_CIPHER_CTX_mode(ctx);
263
264 if (mode == EVP_CIPH_CBC_MODE) {
265 des_t4_key_expand(&deskey[0], &dat->ks1);
266 des_t4_key_expand(&deskey[1], &dat->ks2);
267 des_t4_key_expand(&deskey[2], &dat->ks3);
268 dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
269 des_t4_ede3_cbc_decrypt;
270 return 1;
271 }
272 }
273 # endif
274 DES_set_key_unchecked(&deskey[0], &dat->ks1);
275 DES_set_key_unchecked(&deskey[1], &dat->ks2);
276 DES_set_key_unchecked(&deskey[2], &dat->ks3);
277 return 1;
278 }
279
280 static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
281 {
282
283 DES_cblock *deskey = ptr;
284 int kl;
285
286 switch (type) {
287 case EVP_CTRL_RAND_KEY:
288 kl = EVP_CIPHER_CTX_key_length(ctx);
289 if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0)
290 return 0;
291 DES_set_odd_parity(deskey);
292 if (kl >= 16)
293 DES_set_odd_parity(deskey + 1);
294 if (kl >= 24)
295 DES_set_odd_parity(deskey + 2);
296 return 1;
297
298 default:
299 return -1;
300 }
301 }
302
303 const EVP_CIPHER *EVP_des_ede(void)
304 {
305 return &des_ede_ecb;
306 }
307
308 const EVP_CIPHER *EVP_des_ede3(void)
309 {
310 return &des_ede3_ecb;
311 }
312
313
314 # include <openssl/sha.h>
315
316 static const unsigned char wrap_iv[8] =
317 { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
318
319 static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
320 const unsigned char *in, size_t inl)
321 {
322 unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
323 int rv = -1;
324 if (inl < 24)
325 return -1;
326 if (out == NULL)
327 return inl - 16;
328 memcpy(ctx->iv, wrap_iv, 8);
329 /* Decrypt first block which will end up as icv */
330 des_ede_cbc_cipher(ctx, icv, in, 8);
331 /* Decrypt central blocks */
332 /*
333 * If decrypting in place move whole output along a block so the next
334 * des_ede_cbc_cipher is in place.
335 */
336 if (out == in) {
337 memmove(out, out + 8, inl - 8);
338 in -= 8;
339 }
340 des_ede_cbc_cipher(ctx, out, in + 8, inl - 16);
341 /* Decrypt final block which will be IV */
342 des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8);
343 /* Reverse order of everything */
344 BUF_reverse(icv, NULL, 8);
345 BUF_reverse(out, NULL, inl - 16);
346 BUF_reverse(ctx->iv, iv, 8);
347 /* Decrypt again using new IV */
348 des_ede_cbc_cipher(ctx, out, out, inl - 16);
349 des_ede_cbc_cipher(ctx, icv, icv, 8);
350 /* Work out SHA1 hash of first portion */
351 SHA1(out, inl - 16, sha1tmp);
352
353 if (!CRYPTO_memcmp(sha1tmp, icv, 8))
354 rv = inl - 16;
355 OPENSSL_cleanse(icv, 8);
356 OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
357 OPENSSL_cleanse(iv, 8);
358 OPENSSL_cleanse(ctx->iv, 8);
359 if (rv == -1)
360 OPENSSL_cleanse(out, inl - 16);
361
362 return rv;
363 }
364
365 static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
366 const unsigned char *in, size_t inl)
367 {
368 unsigned char sha1tmp[SHA_DIGEST_LENGTH];
369 if (out == NULL)
370 return inl + 16;
371 /* Copy input to output buffer + 8 so we have space for IV */
372 memmove(out + 8, in, inl);
373 /* Work out ICV */
374 SHA1(in, inl, sha1tmp);
375 memcpy(out + inl + 8, sha1tmp, 8);
376 OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
377 /* Generate random IV */
378 if (RAND_bytes(ctx->iv, 8) <= 0)
379 return -1;
380 memcpy(out, ctx->iv, 8);
381 /* Encrypt everything after IV in place */
382 des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
383 BUF_reverse(out, NULL, inl + 16);
384 memcpy(ctx->iv, wrap_iv, 8);
385 des_ede_cbc_cipher(ctx, out, out, inl + 16);
386 return inl + 16;
387 }
388
389 static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
390 const unsigned char *in, size_t inl)
391 {
392 /*
393 * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
394 * is more than will ever be needed. Also input length must be a multiple
395 * of 8 bits.
396 */
397 if (inl >= EVP_MAXCHUNK || inl % 8)
398 return -1;
399
400 if (ossl_is_partially_overlapping(out, in, inl)) {
401 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
402 return 0;
403 }
404
405 if (EVP_CIPHER_CTX_encrypting(ctx))
406 return des_ede3_wrap(ctx, out, in, inl);
407 else
408 return des_ede3_unwrap(ctx, out, in, inl);
409 }
410
411 static const EVP_CIPHER des3_wrap = {
412 NID_id_smime_alg_CMS3DESwrap,
413 8, 24, 0,
414 EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
415 | EVP_CIPH_FLAG_DEFAULT_ASN1,
416 des_ede3_init_key, des_ede3_wrap_cipher,
417 NULL,
418 sizeof(DES_EDE_KEY),
419 NULL, NULL, NULL, NULL
420 };
421
422 const EVP_CIPHER *EVP_des_ede3_wrap(void)
423 {
424 return &des3_wrap;
425 }
426
427 #endif
A mirror of the official openssl repository