CFB DES sync-up with FIPS branch.
authorAndy Polyakov <appro@openssl.org>
Tue, 27 Jan 2004 21:47:35 +0000 (21:47 +0000)
committerAndy Polyakov <appro@openssl.org>
Tue, 27 Jan 2004 21:47:35 +0000 (21:47 +0000)
crypto/des/cfb64ede.c
crypto/des/cfb_enc.c
crypto/evp/e_des.c
crypto/evp/e_des3.c

index 60c1aa0..5a54c11 100644 (file)
@@ -140,3 +140,114 @@ void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
        DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
        }
 #endif
+
+/* This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
+                         int numbits,long length,DES_key_schedule *ks1,
+                         DES_key_schedule *ks2,DES_key_schedule *ks3,
+                         DES_cblock *ivec,int enc)
+       {
+       register DES_LONG d0,d1,v0,v1;
+       register unsigned long l=length;
+       register int num=numbits,n=(numbits+7)/8,i;
+       DES_LONG ti[2];
+       unsigned char *iv;
+       unsigned char ovec[16];
+
+       if (num > 64) return;
+       iv = &(*ivec)[0];
+       c2l(iv,v0);
+       c2l(iv,v1);
+       if (enc)
+               {
+               while (l >= n)
+                       {
+                       l-=n;
+                       ti[0]=v0;
+                       ti[1]=v1;
+                       DES_encrypt3(ti,ks1,ks2,ks3);
+                       c2ln(in,d0,d1,n);
+                       in+=n;
+                       d0^=ti[0];
+                       d1^=ti[1];
+                       l2cn(d0,d1,out,n);
+                       out+=n;
+                       /* 30-08-94 - eay - changed because l>>32 and
+                        * l<<32 are bad under gcc :-( */
+                       if (num == 32)
+                               { v0=v1; v1=d0; }
+                       else if (num == 64)
+                               { v0=d0; v1=d1; }
+                       else
+                               {
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(i=0 ; i < 8 ; ++i)
+                                               {
+                                               ovec[i]<<=num%8;
+                                               ovec[i]|=ovec[i+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
+                               }
+                       }
+               }
+       else
+               {
+               while (l >= n)
+                       {
+                       l-=n;
+                       ti[0]=v0;
+                       ti[1]=v1;
+                       DES_encrypt3(ti,ks1,ks2,ks3);
+                       c2ln(in,d0,d1,n);
+                       in+=n;
+                       /* 30-08-94 - eay - changed because l>>32 and
+                        * l<<32 are bad under gcc :-( */
+                       if (num == 32)
+                               { v0=v1; v1=d0; }
+                       else if (num == 64)
+                               { v0=d0; v1=d1; }
+                       else
+                               {
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(i=0 ; i < 8 ; ++i)
+                                               {
+                                               ovec[i]<<=num%8;
+                                               ovec[i]|=ovec[i+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
+                               }
+                       d0^=ti[0];
+                       d1^=ti[1];
+                       l2cn(d0,d1,out,n);
+                       out+=n;
+                       }
+               }
+       iv = &(*ivec)[0];
+       l2c(v0,iv);
+       l2c(v1,iv);
+       v0=v1=d0=d1=ti[0]=ti[1]=0;
+       }
+
index 136efba..225410e 100644 (file)
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
+/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben. */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-                    long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
+                    long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                    int enc)
        {
-       register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
-       register DES_LONG mask0,mask1;
+       register DES_LONG d0,d1,v0,v1;
        register unsigned long l=length;
-       register int num=numbits;
+       register int num=numbits,n=(numbits+7)/8,i;
        DES_LONG ti[2];
        unsigned char *iv;
+       unsigned char ovec[16];
 
        if (num > 64) return;
-       if (num > 32)
-               {
-               mask0=0xffffffffL;
-               if (num == 64)
-                       mask1=mask0;
-               else    mask1=(1L<<(num-32))-1;
-               }
-       else
-               {
-               if (num == 32)
-                       mask0=0xffffffffL;
-               else    mask0=(1L<<num)-1;
-               mask1=0x00000000L;
-               }
-
        iv = &(*ivec)[0];
        c2l(iv,v0);
        c2l(iv,v1);
@@ -104,8 +92,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
                        c2ln(in,d0,d1,n);
                        in+=n;
-                       d0=(d0^ti[0])&mask0;
-                       d1=(d1^ti[1])&mask1;
+                       d0^=ti[0];
+                       d1^=ti[1];
                        l2cn(d0,d1,out,n);
                        out+=n;
                        /* 30-08-94 - eay - changed because l>>32 and
@@ -114,15 +102,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                { v0=v1; v1=d0; }
                        else if (num == 64)
                                { v0=d0; v1=d1; }
-                       else if (num > 32) /* && num != 64 */
-                               {
-                               v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-                               v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-                               }
-                       else /* num < 32 */
+                       else
                                {
-                               v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-                               v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(i=0 ; i < 8 ; ++i)
+                                               {
+                                               ovec[i]<<=num%8;
+                                               ovec[i]|=ovec[i+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
                                }
                        }
                }
@@ -142,18 +140,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                { v0=v1; v1=d0; }
                        else if (num == 64)
                                { v0=d0; v1=d1; }
-                       else if (num > 32) /* && num != 64 */
-                               {
-                               v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-                               v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-                               }
-                       else /* num < 32 */
+                       else
                                {
-                               v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-                               v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(i=0 ; i < 8 ; ++i)
+                                               {
+                                               ovec[i]<<=num%8;
+                                               ovec[i]|=ovec[i+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
                                }
-                       d0=(d0^ti[0])&mask0;
-                       d1=(d1^ti[1])&mask1;
+                       d0^=ti[0];
+                       d1^=ti[1];
                        l2cn(d0,d1,out,n);
                        out+=n;
                        }
index 92f6ebc..f2554ec 100644 (file)
@@ -92,20 +92,53 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
-static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                         const unsigned char *in, unsigned int inl)
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
 {
        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
        return 1;
 }
 
+/* Although we have a CFB-r implementation for DES, it doesn't pack the right
+   way, so wrap it here */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    for(n=0 ; n < inl ; ++n)
+       {
+       c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+       DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
+                       ctx->encrypt);
+       out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+       }
+    return 1;
+    }
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+    {
+    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
+                   ctx->encrypt);
+    return 1;
+    }
+
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
                        0, des_init_key, NULL,
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        NULL)
 
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL,
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,NULL)
+
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL,
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,NULL)
 
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
index e036d07..b462d7c 100644 (file)
@@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, unsigned int inl)
 {
        BLOCK_CIPHER_ecb_loop()
-               DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i)
+               DES_ecb3_encrypt(in + i,out + i
                                 &data(ctx)->ks1, &data(ctx)->ks2,
                                 &data(ctx)->ks3,
                                 ctx->encrypt);
@@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
-static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, unsigned int inl)
 {
        DES_ede3_cfb64_encrypt(in, out, (long)inl, 
@@ -130,13 +130,42 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
+/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
+   way, so wrap it here */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, unsigned int inl)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    for(n=0 ; n < inl ; ++n)
+       {
+       c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+       DES_ede3_cfb_encrypt(c,d,1,1,
+                            &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                            (DES_cblock *)ctx->iv,ctx->encrypt);
+       out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+       }
+
+    return 1;
+    }
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, unsigned int inl)
+    {
+    DES_ede3_cfb_encrypt(in,out,8,inl,
+                        &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
+    return 1;
+    }
+
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
                        0, des_ede_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        NULL)
 
-#define des_ede3_cfb_cipher des_ede_cfb_cipher
+#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -147,6 +176,16 @@ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
                        EVP_CIPHER_get_asn1_iv,
                        NULL)
 
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0,
+                    des_ede3_init_key,NULL,
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,NULL)
+
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0,
+                    des_ede3_init_key,NULL,
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,NULL)
+
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
        {