From 98789fc8c5500ede8d0c77a02583aa7ab2d863bc Mon Sep 17 00:00:00 2001 From: Keith Vetter Date: Fri, 29 Sep 1995 03:53:36 +0000 Subject: Rename verify.c to t_verify.c to remove conflict with gssapi/krb5/verify.c on the Mac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6884 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/des/ChangeLog | 5 + src/lib/crypto/des/Makefile.in | 6 +- src/lib/crypto/des/t_verify.c | 421 +++++++++++++++++++++++++++++++++++++++++ src/lib/crypto/des/verify.c | 421 ----------------------------------------- 4 files changed, 429 insertions(+), 424 deletions(-) create mode 100644 src/lib/crypto/des/t_verify.c delete mode 100644 src/lib/crypto/des/verify.c (limited to 'src') diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index 80254d692..5e1961759 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,3 +1,8 @@ +Thu Sep 28 16:00:00 1995 John Rivlin + + * Makefile.in: Renamed verify.c to t_verify.c to avoid conflict with + lib/gssapi/krb5/verify.c on the Mac. + Mon Sep 25 16:48:36 1995 Theodore Y. Ts'o * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in index 5cd1c04ee..4cd74bdcb 100644 --- a/src/lib/crypto/des/Makefile.in +++ b/src/lib/crypto/des/Makefile.in @@ -62,8 +62,8 @@ depend:: $(SRCS) clean:: $(RM) fp.c ip.c key_perm.h odd.h p.c p_table.h s_table.h -verify$(EXEEXT): verify.$(OBJEXT) $(DEPKLIB) - $(CC) -o $@ verify.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) +verify$(EXEEXT): t_verify.$(OBJEXT) $(DEPKLIB) + $(CC) -o $@ t_verify.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) destest$(EXEEXT): destest.$(OBJEXT) $(DEPKLIB) $(CC) -o $@ destest.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) @@ -79,7 +79,7 @@ check-unix:: destest verify check-windows:: clean:: - $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) verify.$(OBJEXT) + $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) t_verify.$(OBJEXT) clean-unix:: $(RM) shared/* diff --git a/src/lib/crypto/des/t_verify.c b/src/lib/crypto/des/t_verify.c new file mode 100644 index 000000000..7ae08c763 --- /dev/null +++ b/src/lib/crypto/des/t_verify.c @@ -0,0 +1,421 @@ +/* + * lib/crypto/des/verify.c + * + * Copyright 1988, 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Program to test the correctness of the DES library + * implementation. + * + * exit returns 0 ==> success + * -1 ==> error + */ + +#include "k5-int.h" +#include "des_int.h" +#include +#include "com_err.h" + +extern krb5_cryptosystem_entry mit_des_cryptosystem_entry; + +char *progname; +int nflag = 2; +int vflag; +int mflag; +int zflag; +int pid; +int mit_des_debug; + +krb5_encrypt_block eblock; +krb5_keyblock keyblock; + +unsigned char cipher_text[64]; +unsigned char clear_text[64] = "Now is the time for all " ; +unsigned char clear_text2[64] = "7654321 Now is the time for "; +unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; +unsigned char output[64]; +unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; +unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ +unsigned char *input; + +/* 0x0123456789abcdef */ +unsigned char default_key[8] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef +}; +unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; +unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; +mit_des_cblock s_key; +unsigned char default_ivec[8] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef +}; +unsigned char *ivec; +unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ +int i,j; +krb5_error_code retval; + +unsigned char cipher1[8] = { + 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 +}; +unsigned char cipher2[8] = { + 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 +}; +unsigned char cipher3[64] = { + 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, + 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, + 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 +}; +unsigned char checksum[8] = { + 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 +}; + +unsigned char zresult[8] = { + 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 +}; + +unsigned char mresult[8] = { + 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 +}; + + +/* + * Can also add : + * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) + */ + +void +main(argc,argv) + int argc; + char *argv[]; +{ + /* Local Declarations */ + krb5_context context; + int in_length; + void do_encrypt(); + void do_decrypt(); + +#ifdef WINDOWS + /* Set screen window buffer to infinite size -- MS default is tiny. */ + _wsetscreenbuf (fileno (stdout), _WINBUFINF); +#endif + progname=argv[0]; /* salt away invoking program */ + + while (--argc > 0 && (*++argv)[0] == '-') + for (i=1; argv[0][i] != '\0'; i++) { + switch (argv[0][i]) { + + /* debug flag */ + case 'd': + mit_des_debug=3; + continue; + + case 'z': + zflag = 1; + continue; + + case 'm': + mflag = 1; + continue; + + default: + printf("%s: illegal flag \"%c\" ", + progname,argv[0][i]); + exit(1); + } + }; + + if (argc) { + fprintf(stderr, "Usage: %s [-dmz]\n", progname); + exit(1); + } + + /* do some initialisation */ + initialize_krb5_error_table(); + + krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); + keyblock.enctype = ENCTYPE_DES_CBC_CRC; + keyblock.length = sizeof(mit_des_cblock); + + /* use known input and key */ + + /* ECB zero text zero key */ + if (zflag) { + input = zero_text; + keyblock.contents = (krb5_octet *)zero_key; + if (retval = krb5_process_key(context, &eblock,&keyblock)) { + com_err("des verify", retval, "can't process zero key"); + exit(-1); + } + printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n"); + do_decrypt(output,cipher_text); + if (retval = krb5_finish_key(context, &eblock)) { + com_err("des verify", retval, "can't finish zero key"); + exit(-1); + } + if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { + printf("verify: error in zero key test\n"); + exit(-1); + } + exit(0); + } + + if (mflag) { + input = msb_text; + keyblock.contents = (krb5_octet *)key3; + if (retval = krb5_process_key(context, &eblock,&keyblock)) { + com_err("des verify", retval, "can't process key3"); + exit(-1); + } + printf("plaintext = 0x00 00 00 00 00 00 00 40, "); + printf("key = 0x80 01 01 01 01 01 01 01\n"); + printf(" cipher = 0xa380e02a6be54696\n"); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) { + printf("%02x ",cipher_text[j]); + } + printf("\n"); + do_decrypt(output,cipher_text); + if (retval = krb5_finish_key(context, &eblock)) { + com_err("des verify", retval, "can't finish key3"); + exit(-1); + } + if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { + printf("verify: error in msb test\n"); + exit(-1); + } + exit(0); + } + + /* ECB mode Davies and Price */ + { + input = zero_text; + keyblock.contents = (krb5_octet *)key2; + if (retval = krb5_process_key(context, &eblock,&keyblock)) { + com_err("des verify", retval, "can't process key2"); + exit(-1); + } + printf("Examples per FIPS publication 81, keys ivs and cipher\n"); + printf("in hex. These are the correct answers, see below for\n"); + printf("the actual answers.\n\n"); + printf("Examples per Davies and Price.\n\n"); + printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); + printf("\tclear = 0\n"); + printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); + printf("ACTUAL ECB\n"); + printf("\tclear \"%s\"\n", input); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n\n"); + do_decrypt(output,cipher_text); + if (retval = krb5_finish_key(context, &eblock)) { + com_err("des verify", retval, "can't finish key2"); + exit(-1); + } + if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { + printf("verify: error in ECB encryption\n"); + exit(-1); + } + else + printf("verify: ECB encryption is correct\n\n"); + } + + /* ECB mode */ + { + keyblock.contents = (krb5_octet *)default_key; + if (retval = krb5_process_key(context, &eblock,&keyblock)) { + com_err("des verify", retval, "can't process key2"); + exit(-1); + } + input = clear_text; + ivec = default_ivec; + printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); + printf("\tclear = \"Now is the time for all \"\n"); + printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); + printf("ACTUAL ECB\n\tclear \"%s\"",input); + do_encrypt(input,cipher_text); + printf("\n\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) { + printf("%02x ",cipher_text[j]); + } + printf("\n\n"); + do_decrypt(output,cipher_text); + if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { + printf("verify: error in ECB encryption\n"); + exit(-1); + } + else + printf("verify: ECB encryption is correct\n\n"); + } + + /* CBC mode */ + printf("EXAMPLE CBC\tkey = 0123456789abcdef"); + printf("\tiv = 1234567890abcdef\n"); + printf("\tclear = \"Now is the time for all \"\n"); + printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); + printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); + printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); + + printf("ACTUAL CBC\n\tclear \"%s\"\n",input); + in_length = strlen((char *)input); + if (retval = mit_des_cbc_encrypt((mit_des_cblock *) input, + (mit_des_cblock *) cipher_text, + (size_t) in_length, + (struct mit_des_ks_struct *)eblock.priv, + ivec, + MIT_DES_ENCRYPT)) { + com_err("des verify", retval, "can't encrypt"); + exit(-1); + } + printf("\tciphertext = (low to high bytes)\n"); + for (i = 0; i <= 7; i++) { + printf("\t\t"); + for (j = 0; j <= 7; j++) { + printf("%02x ",cipher_text[i*8+j]); + } + printf("\n"); + } + if (retval = mit_des_cbc_encrypt((mit_des_cblock *) cipher_text, + (mit_des_cblock *) clear_text, + (size_t) in_length, + eblock.priv, + ivec, + MIT_DES_DECRYPT)) { + com_err("des verify", retval, "can't decrypt"); + exit(-1); + } + printf("\tdecrypted clear_text = \"%s\"\n",clear_text); + + if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { + printf("verify: error in CBC encryption\n"); + exit(-1); + } + else + printf("verify: CBC encryption is correct\n\n"); + + printf("EXAMPLE CBC checksum"); + printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); + printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); + printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); + printf("or some part thereof\n"); + input = clear_text2; + mit_des_cbc_cksum(input,cipher_text,(long) strlen((char *)input), + eblock.priv,ivec); + printf("ACTUAL CBC checksum\n"); + printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n\n"); + if (retval = krb5_finish_key(context, &eblock)) { + com_err("des verify", retval, "can't finish key2"); + exit(-1); + } + if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { + printf("verify: error in CBC cheksum\n"); + exit(-1); + } + else + printf("verify: CBC checksum is correct\n\n"); + exit(0); +} + +void +flip(array) + char *array; +{ + register int old,new,i,j; + /* flips the bit order within each byte from 0 lsb to 0 msb */ + for (i = 0; i<=7; i++) { + old = *array; + new = 0; + for (j = 0; j<=7; j++) { + if (old & 01) + new = new | 01; + if (j < 7) { + old = old >> 1; + new = new << 1; + } + } + *array = new; + array++; + } +} + +void +do_encrypt(in,out) + char *in; + char *out; +{ + for (i =1; i<=nflag; i++) { + mit_des_ecb_encrypt((mit_des_cblock *)in, + (mit_des_cblock *)out, + (struct mit_des_ks_struct *)eblock.priv, + MIT_DES_ENCRYPT); + if (mit_des_debug) { + printf("\nclear %s\n",in); + for (j = 0; j<=7; j++) + printf("%02X ",in[j] & 0xff); + printf("\tcipher "); + for (j = 0; j<=7; j++) + printf("%02X ",out[j] & 0xff); + } + } +} + +void +do_decrypt(in,out) + char *out; + char *in; + /* try to invert it */ +{ + for (i =1; i<=nflag; i++) { + mit_des_ecb_encrypt((mit_des_cblock *)out, + (mit_des_cblock *)in, + (struct mit_des_ks_struct *)eblock.priv, + MIT_DES_DECRYPT); + if (mit_des_debug) { + printf("clear %s\n",in); + for (j = 0; j<=7; j++) + printf("%02X ",in[j] & 0xff); + printf("\tcipher "); + for (j = 0; j<=7; j++) + printf("%02X ",out[j] & 0xff); + } + } +} + +/* + * Fake out the DES library, for the purposes of testing. + */ + +#include "des.h" + +int +mit_des_is_weak_key(key) + mit_des_cblock key; +{ + return 0; /* fake it out for testing */ +} diff --git a/src/lib/crypto/des/verify.c b/src/lib/crypto/des/verify.c deleted file mode 100644 index 7ae08c763..000000000 --- a/src/lib/crypto/des/verify.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * lib/crypto/des/verify.c - * - * Copyright 1988, 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Program to test the correctness of the DES library - * implementation. - * - * exit returns 0 ==> success - * -1 ==> error - */ - -#include "k5-int.h" -#include "des_int.h" -#include -#include "com_err.h" - -extern krb5_cryptosystem_entry mit_des_cryptosystem_entry; - -char *progname; -int nflag = 2; -int vflag; -int mflag; -int zflag; -int pid; -int mit_des_debug; - -krb5_encrypt_block eblock; -krb5_keyblock keyblock; - -unsigned char cipher_text[64]; -unsigned char clear_text[64] = "Now is the time for all " ; -unsigned char clear_text2[64] = "7654321 Now is the time for "; -unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; -unsigned char output[64]; -unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; -unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ -unsigned char *input; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; -unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; -mit_des_cblock s_key; -unsigned char default_ivec[8] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef -}; -unsigned char *ivec; -unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ -int i,j; -krb5_error_code retval; - -unsigned char cipher1[8] = { - 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 -}; -unsigned char cipher2[8] = { - 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 -}; -unsigned char cipher3[64] = { - 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, - 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, - 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 -}; -unsigned char checksum[8] = { - 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 -}; - -unsigned char zresult[8] = { - 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 -}; - -unsigned char mresult[8] = { - 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 -}; - - -/* - * Can also add : - * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) - */ - -void -main(argc,argv) - int argc; - char *argv[]; -{ - /* Local Declarations */ - krb5_context context; - int in_length; - void do_encrypt(); - void do_decrypt(); - -#ifdef WINDOWS - /* Set screen window buffer to infinite size -- MS default is tiny. */ - _wsetscreenbuf (fileno (stdout), _WINBUFINF); -#endif - progname=argv[0]; /* salt away invoking program */ - - while (--argc > 0 && (*++argv)[0] == '-') - for (i=1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - mit_des_debug=3; - continue; - - case 'z': - zflag = 1; - continue; - - case 'm': - mflag = 1; - continue; - - default: - printf("%s: illegal flag \"%c\" ", - progname,argv[0][i]); - exit(1); - } - }; - - if (argc) { - fprintf(stderr, "Usage: %s [-dmz]\n", progname); - exit(1); - } - - /* do some initialisation */ - initialize_krb5_error_table(); - - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(mit_des_cblock); - - /* use known input and key */ - - /* ECB zero text zero key */ - if (zflag) { - input = zero_text; - keyblock.contents = (krb5_octet *)zero_key; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process zero key"); - exit(-1); - } - printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n"); - do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish zero key"); - exit(-1); - } - if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { - printf("verify: error in zero key test\n"); - exit(-1); - } - exit(0); - } - - if (mflag) { - input = msb_text; - keyblock.contents = (krb5_octet *)key3; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key3"); - exit(-1); - } - printf("plaintext = 0x00 00 00 00 00 00 00 40, "); - printf("key = 0x80 01 01 01 01 01 01 01\n"); - printf(" cipher = 0xa380e02a6be54696\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n"); - do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key3"); - exit(-1); - } - if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { - printf("verify: error in msb test\n"); - exit(-1); - } - exit(0); - } - - /* ECB mode Davies and Price */ - { - input = zero_text; - keyblock.contents = (krb5_octet *)key2; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key2"); - exit(-1); - } - printf("Examples per FIPS publication 81, keys ivs and cipher\n"); - printf("in hex. These are the correct answers, see below for\n"); - printf("the actual answers.\n\n"); - printf("Examples per Davies and Price.\n\n"); - printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); - printf("\tclear = 0\n"); - printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); - printf("ACTUAL ECB\n"); - printf("\tclear \"%s\"\n", input); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key2"); - exit(-1); - } - if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encryption is correct\n\n"); - } - - /* ECB mode */ - { - keyblock.contents = (krb5_octet *)default_key; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key2"); - exit(-1); - } - input = clear_text; - ivec = default_ivec; - printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); - printf("ACTUAL ECB\n\tclear \"%s\"",input); - do_encrypt(input,cipher_text); - printf("\n\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encryption is correct\n\n"); - } - - /* CBC mode */ - printf("EXAMPLE CBC\tkey = 0123456789abcdef"); - printf("\tiv = 1234567890abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); - printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); - printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); - - printf("ACTUAL CBC\n\tclear \"%s\"\n",input); - in_length = strlen((char *)input); - if (retval = mit_des_cbc_encrypt((mit_des_cblock *) input, - (mit_des_cblock *) cipher_text, - (size_t) in_length, - (struct mit_des_ks_struct *)eblock.priv, - ivec, - MIT_DES_ENCRYPT)) { - com_err("des verify", retval, "can't encrypt"); - exit(-1); - } - printf("\tciphertext = (low to high bytes)\n"); - for (i = 0; i <= 7; i++) { - printf("\t\t"); - for (j = 0; j <= 7; j++) { - printf("%02x ",cipher_text[i*8+j]); - } - printf("\n"); - } - if (retval = mit_des_cbc_encrypt((mit_des_cblock *) cipher_text, - (mit_des_cblock *) clear_text, - (size_t) in_length, - eblock.priv, - ivec, - MIT_DES_DECRYPT)) { - com_err("des verify", retval, "can't decrypt"); - exit(-1); - } - printf("\tdecrypted clear_text = \"%s\"\n",clear_text); - - if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { - printf("verify: error in CBC encryption\n"); - exit(-1); - } - else - printf("verify: CBC encryption is correct\n\n"); - - printf("EXAMPLE CBC checksum"); - printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); - printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); - printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); - printf("or some part thereof\n"); - input = clear_text2; - mit_des_cbc_cksum(input,cipher_text,(long) strlen((char *)input), - eblock.priv,ivec); - printf("ACTUAL CBC checksum\n"); - printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key2"); - exit(-1); - } - if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { - printf("verify: error in CBC cheksum\n"); - exit(-1); - } - else - printf("verify: CBC checksum is correct\n\n"); - exit(0); -} - -void -flip(array) - char *array; -{ - register int old,new,i,j; - /* flips the bit order within each byte from 0 lsb to 0 msb */ - for (i = 0; i<=7; i++) { - old = *array; - new = 0; - for (j = 0; j<=7; j++) { - if (old & 01) - new = new | 01; - if (j < 7) { - old = old >> 1; - new = new << 1; - } - } - *array = new; - array++; - } -} - -void -do_encrypt(in,out) - char *in; - char *out; -{ - for (i =1; i<=nflag; i++) { - mit_des_ecb_encrypt((mit_des_cblock *)in, - (mit_des_cblock *)out, - (struct mit_des_ks_struct *)eblock.priv, - MIT_DES_ENCRYPT); - if (mit_des_debug) { - printf("\nclear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -void -do_decrypt(in,out) - char *out; - char *in; - /* try to invert it */ -{ - for (i =1; i<=nflag; i++) { - mit_des_ecb_encrypt((mit_des_cblock *)out, - (mit_des_cblock *)in, - (struct mit_des_ks_struct *)eblock.priv, - MIT_DES_DECRYPT); - if (mit_des_debug) { - printf("clear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -/* - * Fake out the DES library, for the purposes of testing. - */ - -#include "des.h" - -int -mit_des_is_weak_key(key) - mit_des_cblock key; -{ - return 0; /* fake it out for testing */ -} -- cgit