xref: /freebsd/crypto/openssl/test/destest.c (revision 3fb8f1272b50cb87cb624b321f7b81e76627c437)
1 /*
2  * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * DES low level APIs are deprecated for public use, but still ok for internal
12  * use.
13  */
14 #include "internal/deprecated.h"
15 
16 #include <openssl/e_os2.h>
17 #include <string.h>
18 
19 #include "testutil.h"
20 #include "internal/nelem.h"
21 
22 #ifndef OPENSSL_NO_DES
23 # include <openssl/des.h>
24 
25 /* In case any platform doesn't use unsigned int for its checksums */
26 # define TEST_cs_eq  TEST_uint_eq
27 
28 # define DATA_BUF_SIZE      20
29 
30 /* tisk tisk - the test keys don't all have odd parity :-( */
31 /* test data */
32 # define NUM_TESTS 34
33 static unsigned char key_data[NUM_TESTS][8] = {
34     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
35     {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
36     {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
37     {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
38     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
39     {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
40     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
41     {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
42     {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
43     {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
44     {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
45     {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
46     {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
47     {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
48     {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
49     {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
50     {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
51     {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
52     {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
53     {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
54     {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
55     {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
56     {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
57     {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
58     {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
59     {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
60     {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
61     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
62     {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
63     {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
64     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
65     {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
66     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
67     {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
68 };
69 
70 static unsigned char plain_data[NUM_TESTS][8] = {
71     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
72     {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
73     {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
74     {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
75     {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
76     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
77     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
78     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
79     {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
80     {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
81     {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
82     {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
83     {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
84     {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
85     {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
86     {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
87     {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
88     {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
89     {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
90     {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
91     {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
92     {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
93     {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
94     {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
95     {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
96     {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
97     {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
98     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
99     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
100     {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
101     {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
102     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
103     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
104     {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
105 };
106 
107 static unsigned char cipher_data[NUM_TESTS][8] = {
108     {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
109     {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
110     {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
111     {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
112     {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
113     {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
114     {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
115     {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
116     {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
117     {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
118     {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
119     {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
120     {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
121     {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
122     {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
123     {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
124     {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
125     {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
126     {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
127     {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
128     {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
129     {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
130     {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
131     {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
132     {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
133     {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
134     {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
135     {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
136     {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
137     {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
138     {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
139     {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
140     {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
141     {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
142 };
143 
144 static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
145     {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
146     {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
147     {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
148     {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
149     {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
150     {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
151     {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
152     {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
153     {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
154     {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
155     {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
156     {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
157     {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
158     {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
159     {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
160     {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
161     {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
162     {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
163     {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
164     {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
165     {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
166     {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
167     {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
168     {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
169     {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
170     {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
171     {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
172     {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
173     {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
174     {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
175     {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
176     {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
177     {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
178 };
179 
180 static unsigned char cbc_key[8] =
181     { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
182 static unsigned char cbc2_key[8] =
183     { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
184 static unsigned char cbc3_key[8] =
185     { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
186 static unsigned char cbc_iv[8] =
187     { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
188 /*
189  * Changed the following text constant to binary so it will work on ebcdic
190  * machines :-)
191  */
192 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
193 static unsigned char cbc_data[40] = {
194     0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
195     0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
196     0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
197     0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
198     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 };
200 
201 static unsigned char cbc_ok[32] = {
202     0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
203     0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
204     0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
205     0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
206 };
207 
208 # ifdef SCREW_THE_PARITY
209 #  error "SCREW_THE_PARITY is not meant to be defined."
210 #  error "Original vectors are preserved for reference only."
211 static unsigned char cbc2_key[8] =
212     { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
213 static unsigned char xcbc_ok[32] = {
214     0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
215     0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
216     0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
217     0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
218 };
219 # else
220 static unsigned char xcbc_ok[32] = {
221     0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
222     0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
223     0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
224     0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
225 };
226 # endif
227 
228 static unsigned char cbc3_ok[32] = {
229     0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
230     0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
231     0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
232     0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
233 };
234 
235 static unsigned char pcbc_ok[32] = {
236     0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
237     0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
238     0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
239     0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
240 };
241 
242 static unsigned char cfb_key[8] =
243     { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
244 static unsigned char cfb_iv[8] =
245     { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
246 static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
247 static unsigned char plain[24] = {
248     0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
249     0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
250     0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
251     0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
252 };
253 
254 static unsigned char cfb_cipher8[24] = {
255     0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
256     0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
257 };
258 
259 static unsigned char cfb_cipher16[24] = {
260     0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
261     0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
262 };
263 
264 static unsigned char cfb_cipher32[24] = {
265     0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
266     0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
267 };
268 
269 static unsigned char cfb_cipher48[24] = {
270     0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
271     0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
272 };
273 
274 static unsigned char cfb_cipher64[24] = {
275     0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
276     0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
277 };
278 
279 static unsigned char ofb_key[8] =
280     { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
281 static unsigned char ofb_iv[8] =
282     { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
283 static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
284 static unsigned char ofb_cipher[24] = {
285     0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
286     0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
287     0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
288 };
289 static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
290 static unsigned char cbc_cksum_data[8] =
291     { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
292 
293 static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE])
294 {
295     char *ret;
296     int i;
297     static const char *f = "0123456789ABCDEF";
298 
299     ret = &(buf[0]);
300     for (i = 0; i < 8; i++) {
301         ret[i * 2] = f[(p[i] >> 4) & 0xf];
302         ret[i * 2 + 1] = f[p[i] & 0xf];
303     }
304     ret[16] = '\0';
305     return ret;
306 }
307 
308 static int test_des_ecb(int i)
309 {
310     DES_key_schedule ks;
311     DES_cblock in, out, outin;
312     char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
313 
314     DES_set_key_unchecked(&key_data[i], &ks);
315     memcpy(in, plain_data[i], 8);
316     memset(out, 0, 8);
317     memset(outin, 0, 8);
318     DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
319     DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);
320 
321     if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) {
322         TEST_info("Encryption error %2d k=%s p=%s", i + 1,
323                   pt(key_data[i], b1), pt(in, b2));
324         return 0;
325     }
326     if (!TEST_mem_eq(in, 8, outin, 8)) {
327         TEST_info("Decryption error %2d k=%s p=%s", i + 1,
328                   pt(key_data[i], b1), pt(out, b2));
329         return 0;
330     }
331     return 1;
332 }
333 
334 static int test_des_ede_ecb(int i)
335 {
336     DES_cblock in, out, outin;
337     DES_key_schedule ks, ks2, ks3;
338     char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE];
339 
340     DES_set_key_unchecked(&key_data[i], &ks);
341     DES_set_key_unchecked(&key_data[i + 1], &ks2);
342     DES_set_key_unchecked(&key_data[i + 2], &ks3);
343     memcpy(in, plain_data[i], 8);
344     memset(out, 0, 8);
345     memset(outin, 0, 8);
346     DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT);
347     DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT);
348 
349     if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) {
350         TEST_info("Encryption error %2d k=%s p=%s", i + 1,
351                   pt(key_data[i], b1), pt(in, b2));
352         return 0;
353     }
354     if (!TEST_mem_eq(in, 8, outin, 8)) {
355         TEST_info("Decryption error %2d k=%s p=%s ", i + 1,
356                   pt(key_data[i], b1), pt(out, b2));
357         return 0;
358     }
359     return 1;
360 }
361 
362 static int test_des_cbc(void)
363 {
364     unsigned char cbc_in[40];
365     unsigned char cbc_out[40];
366     DES_cblock iv3;
367     DES_key_schedule ks;
368     const size_t cbc_data_len = strlen((char *)cbc_data);
369 
370     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
371         return 0;
372     memset(cbc_out, 0, sizeof(cbc_out));
373     memset(cbc_in, 0, sizeof(cbc_in));
374     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
375     DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks,
376                      &iv3, DES_ENCRYPT);
377     if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32))
378         return 0;
379 
380     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
381     DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks,
382                      &iv3, DES_DECRYPT);
383     return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len);
384 }
385 
386 static int test_des_ede_cbc(void)
387 {
388     DES_cblock iv3;
389     DES_key_schedule ks;
390     unsigned char cbc_in[40];
391     unsigned char cbc_out[40];
392     const size_t n = strlen((char *)cbc_data) + 1;
393 
394     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
395         return 0;
396     memset(cbc_out, 0, sizeof(cbc_out));
397     memset(cbc_in, 0, sizeof(cbc_in));
398     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
399     DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key,
400                      DES_ENCRYPT);
401     if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok)))
402         return 0;
403     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
404     DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key,
405                      DES_DECRYPT);
406     return TEST_mem_eq(cbc_data, n, cbc_data, n);
407 }
408 
409 static int test_ede_cbc(void)
410 {
411     DES_cblock iv3;
412     DES_key_schedule ks, ks2, ks3;
413     unsigned char cbc_in[40];
414     unsigned char cbc_out[40];
415     const size_t i = strlen((char *)cbc_data) + 1;
416     const size_t n = (i + 7) / 8 * 8;
417 
418     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
419         return 0;
420     if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0))
421         return 0;
422     if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0))
423         return 0;
424     memset(cbc_out, 0, sizeof(cbc_out));
425     memset(cbc_in, 0, sizeof(cbc_in));
426     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
427 
428     DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
429                          DES_ENCRYPT);
430     DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
431                          &ks3, &iv3, DES_ENCRYPT);
432     if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n))
433         return 0;
434 
435     memcpy(iv3, cbc_iv, sizeof(cbc_iv));
436     DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3,
437                          DES_DECRYPT);
438     return TEST_mem_eq(cbc_in, i, cbc_data, i);
439 }
440 
441 static int test_input_align(int i)
442 {
443     unsigned char cbc_out[40];
444     DES_cblock iv;
445     DES_key_schedule ks;
446     const size_t n = strlen(i + (char *)cbc_data) + 1;
447 
448     memset(cbc_out, 0, sizeof(cbc_out));
449     memcpy(iv, cbc_iv, sizeof(cbc_iv));
450     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
451         return 0;
452     DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT);
453     return 1;
454 }
455 
456 static int test_output_align(int i)
457 {
458     unsigned char cbc_out[40];
459     DES_cblock iv;
460     DES_key_schedule ks;
461     const size_t n = strlen((char *)cbc_data) + 1;
462 
463     memset(cbc_out, 0, sizeof(cbc_out));
464     memcpy(iv, cbc_iv, sizeof(cbc_iv));
465     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
466         return 0;
467     DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT);
468     return 1;
469 }
470 
471 static int test_des_crypt(void)
472 {
473     if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef")))
474         return 0;
475     if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA")))
476         return 0;
477 
478     if (!TEST_ptr_null(DES_crypt("testing", "y\202")))
479         return 0;
480     if (!TEST_ptr_null(DES_crypt("testing", "\0A")))
481         return 0;
482     if (!TEST_ptr_null(DES_crypt("testing", "A")))
483         return 0;
484     return 1;
485 }
486 
487 static int test_des_pcbc(void)
488 {
489     unsigned char cbc_in[40];
490     unsigned char cbc_out[40];
491     DES_key_schedule ks;
492     const int n = strlen((char *)cbc_data) + 1;
493 
494     if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0))
495         return 0;
496     memset(cbc_out, 0, sizeof(cbc_out));
497     memset(cbc_in, 0, sizeof(cbc_in));
498     DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks,
499                      &cbc_iv, DES_ENCRYPT);
500     if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok)))
501         return 0;
502     DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks,
503                      &cbc_iv, DES_DECRYPT);
504     return TEST_mem_eq(cbc_in, n, cbc_data, n);
505 }
506 
507 static int cfb_test(int bits, unsigned char *cfb_cipher)
508 {
509     DES_key_schedule ks;
510 
511     DES_set_key_checked(&cfb_key, &ks);
512     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
513     DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
514                     DES_ENCRYPT);
515     if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain)))
516         return 0;
517     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
518     DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
519                     DES_DECRYPT);
520     return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
521 }
522 
523 static int test_des_cfb8(void)
524 {
525     return cfb_test(8, cfb_cipher8);
526 }
527 
528 static int test_des_cfb16(void)
529 {
530     return cfb_test(16, cfb_cipher16);
531 }
532 
533 static int test_des_cfb32(void)
534 {
535     return cfb_test(32, cfb_cipher32);
536 }
537 
538 static int test_des_cfb48(void)
539 {
540     return cfb_test(48, cfb_cipher48);
541 }
542 
543 static int test_des_cfb64(void)
544 {
545     DES_key_schedule ks;
546     int n;
547     size_t i;
548 
549     if (!cfb_test(64, cfb_cipher64))
550         return 0;
551 
552     DES_set_key_checked(&cfb_key, &ks);
553     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
554     n = 0;
555     DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
556     DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
557                       &cfb_tmp, &n, DES_ENCRYPT);
558     if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
559         return 0;
560     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
561     n = 0;
562     DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
563     DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17],
564                       sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
565     if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)))
566         return 0;
567 
568     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
569     for (i = 0; i < sizeof(plain); i++)
570         DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp,
571                         DES_ENCRYPT);
572     if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain)))
573         return 0;
574 
575     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
576     for (i = 0; i < sizeof(plain); i++)
577         DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp,
578                         DES_DECRYPT);
579     return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
580 }
581 
582 static int test_des_ede_cfb64(void)
583 {
584     DES_key_schedule ks;
585     int n;
586 
587     DES_set_key_checked(&cfb_key, &ks);
588     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
589     n = 0;
590     DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
591                            DES_ENCRYPT);
592     DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks,
593                            &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT);
594     if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain)))
595         return 0;
596     memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
597     n = 0;
598     DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
599                            &cfb_tmp, &n, DES_DECRYPT);
600     DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17,
601                            &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT);
602     return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain));
603 }
604 
605 static int test_des_ofb(void)
606 {
607     DES_key_schedule ks;
608 
609     DES_set_key_checked(&ofb_key, &ks);
610     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
611     DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
612     if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
613         return 0;
614 
615     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
616     DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
617                     &ofb_tmp);
618     return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
619 }
620 
621 static int test_des_ofb64(void)
622 {
623     DES_key_schedule ks;
624     int num;
625     size_t i;
626 
627     DES_set_key_checked(&ofb_key, &ks);
628     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
629     memset(ofb_buf1, 0, sizeof(ofb_buf1));
630     memset(ofb_buf2, 0, sizeof(ofb_buf1));
631     num = 0;
632     for (i = 0; i < sizeof(plain); i++) {
633         DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num);
634     }
635     if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
636         return 0;
637     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
638     num = 0;
639     DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
640                       &num);
641     return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
642 }
643 
644 static int test_des_ede_ofb64(void)
645 {
646     DES_key_schedule ks;
647     int num;
648     size_t i;
649 
650     DES_set_key_checked(&ofb_key, &ks);
651     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
652     memset(ofb_buf1, 0, sizeof(ofb_buf1));
653     memset(ofb_buf2, 0, sizeof(ofb_buf1));
654     num = 0;
655     for (i = 0; i < sizeof(plain); i++) {
656         DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks,
657                                &ks, &ofb_tmp, &num);
658     }
659     if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1)))
660         return 0;
661     memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
662     num = 0;
663     DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
664                            &ofb_tmp, &num);
665     return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2));
666 }
667 
668 static int test_des_cbc_cksum(void)
669 {
670     DES_LONG cs;
671     DES_key_schedule ks;
672     unsigned char cret[8];
673 
674     DES_set_key_checked(&cbc_key, &ks);
675     cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
676                        &cbc_iv);
677     if (!TEST_cs_eq(cs, cbc_cksum_ret))
678         return 0;
679     return TEST_mem_eq(cret, 8, cbc_cksum_data, 8);
680 }
681 
682 static int test_des_quad_cksum(void)
683 {
684     DES_LONG cs, lqret[4];
685 
686     cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
687                         (long)strlen((char *)cbc_data), 2,
688                         (DES_cblock *)cbc_iv);
689     if (!TEST_cs_eq(cs, 0x70d7a63aL))
690         return 0;
691     if (!TEST_cs_eq(lqret[0], 0x327eba8dL))
692         return 0;
693     if (!TEST_cs_eq(lqret[1], 0x201a49ccL))
694         return 0;
695     if (!TEST_cs_eq(lqret[2], 0x70d7a63aL))
696         return 0;
697     if (!TEST_cs_eq(lqret[3], 0x501c2c26L))
698         return 0;
699     return 1;
700 }
701 
702 /*
703  * Test TDES based key wrapping.
704  * The wrapping process uses a randomly generated IV so it is difficult to
705  * undertake KATs.  End to end testing is performed instead.
706  */
707 static const int test_des_key_wrap_sizes[] = {
708     8, 16, 24, 32, 64, 80
709 };
710 
711 static int test_des_key_wrap(int idx)
712 {
713     int in_bytes = test_des_key_wrap_sizes[idx];
714     unsigned char in[100], c_txt[200], p_txt[200], key[24];
715     int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
716     EVP_CIPHER *cipher = NULL;
717     EVP_CIPHER_CTX *ctx = NULL;
718     int res = 0;
719 
720     /* Some sanity checks and cipher loading */
721     if (!TEST_size_t_le(in_bytes, sizeof(in))
722             || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
723             || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
724             || !TEST_size_t_eq(bs * 3u, sizeof(key))
725             || !TEST_true(in_bytes % bs == 0)
726             || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
727         goto err;
728 
729     /* Create random data to end to end test */
730     for (i = 0; i < in_bytes; i++)
731         in[i] = test_random();
732 
733     /* Build the key */
734     memcpy(key, cbc_key, sizeof(cbc_key));
735     memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
736     memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
737 
738     /* Wrap / encrypt the key */
739     clen_upd = sizeof(c_txt);
740     if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
741             || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
742                                             in, in_bytes)))
743         goto err;
744 
745     expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
746     if (!TEST_int_eq(clen_upd, expect))
747         goto err;
748 
749     clen_fin = sizeof(c_txt) - clen_upd;
750     if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
751             || !TEST_int_eq(clen_fin, 0))
752         goto err;
753     clen = clen_upd + clen_fin;
754 
755     /* Decrypt the wrapped key */
756     plen_upd = sizeof(p_txt);
757     if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
758             || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
759                                             c_txt, clen)))
760         goto err;
761     plen_fin = sizeof(p_txt) - plen_upd;
762     if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
763         goto err;
764     plen = plen_upd + plen_fin;
765 
766     if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
767         goto err;
768     res = 1;
769  err:
770     EVP_CIPHER_free(cipher);
771     EVP_CIPHER_CTX_free(ctx);
772     return res;
773 }
774 
775 /*-
776  * Weak and semi weak keys as taken from
777  * %A D.W. Davies
778  * %A W.L. Price
779  * %T Security for Computer Networks
780  * %I John Wiley & Sons
781  * %D 1984
782  */
783 static struct {
784     const DES_cblock key;
785     int expect;
786 } weak_keys[] = {
787     /* weak keys */
788     {{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 1 },
789     {{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 1 },
790     {{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 1 },
791     {{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 1 },
792     /* semi-weak keys */
793     {{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 1 },
794     {{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 1 },
795     {{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 1 },
796     {{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 1 },
797     {{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 1 },
798     {{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 1 },
799     {{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 1 },
800     {{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 1 },
801     {{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 1 },
802     {{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 1 },
803     {{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 1 },
804     {{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}, 1 },
805     /* good key */
806     {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 }
807 };
808 
809 static int test_des_weak_keys(int n)
810 {
811     const_DES_cblock *key = (unsigned char (*)[8])weak_keys[n].key;
812 
813     return TEST_int_eq(DES_is_weak_key(key), weak_keys[n].expect);
814 }
815 
816 static struct {
817     const DES_cblock key;
818     int expect;
819 } bad_parity_keys[] = {
820     {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 0 },
821     {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 0 },
822     /* Perturb each byte in turn to create even parity */
823     {{0x48, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
824     {{0x49, 0xE8, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
825     {{0x49, 0xE9, 0x5C, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
826     {{0x49, 0xE9, 0x5D, 0x7D, 0x4C, 0xA2, 0x29, 0xBF}, 0 },
827     {{0x49, 0xE9, 0x5D, 0x6D, 0x5C, 0xA2, 0x29, 0xBF}, 0 },
828     {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA3, 0x29, 0xBF}, 0 },
829     {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x39, 0xBF}, 0 },
830     {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBE}, 0 },
831     /* Odd parity version of above */
832     {{0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, 1 }
833 };
834 
835 static int test_des_check_bad_parity(int n)
836 {
837     const_DES_cblock *key = (unsigned char (*)[8])bad_parity_keys[n].key;
838 
839     return TEST_int_eq(DES_check_key_parity(key), bad_parity_keys[n].expect);
840 }
841 
842 /* Test that two key 3DES can generate a random key without error */
843 static int test_des_two_key(void)
844 {
845     int res = 0;
846     EVP_CIPHER *cipher = NULL;
847     EVP_CIPHER_CTX *ctx = NULL;
848     unsigned char key[16];
849 
850     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES-EDE-ECB", NULL))
851             || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
852             || !EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)
853             || !EVP_CIPHER_CTX_set_key_length(ctx, sizeof(key))
854             || !EVP_CIPHER_CTX_rand_key(ctx, key))
855         goto err;
856 
857     res = 1;
858  err:
859     EVP_CIPHER_free(cipher);
860     EVP_CIPHER_CTX_free(ctx);
861     return res;
862 }
863 
864 #endif
865 
866 int setup_tests(void)
867 {
868 #ifndef OPENSSL_NO_DES
869     ADD_ALL_TESTS(test_des_ecb, NUM_TESTS);
870     ADD_TEST(test_des_cbc);
871     ADD_TEST(test_ede_cbc);
872     ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2);
873     ADD_TEST(test_des_ede_cbc);
874     ADD_TEST(test_des_pcbc);
875     ADD_TEST(test_des_cfb8);
876     ADD_TEST(test_des_cfb16);
877     ADD_TEST(test_des_cfb32);
878     ADD_TEST(test_des_cfb48);
879     ADD_TEST(test_des_cfb64);
880     ADD_TEST(test_des_ede_cfb64);
881     ADD_TEST(test_des_ofb);
882     ADD_TEST(test_des_ofb64);
883     ADD_TEST(test_des_ede_ofb64);
884     ADD_TEST(test_des_cbc_cksum);
885     ADD_TEST(test_des_quad_cksum);
886     ADD_TEST(test_des_crypt);
887     ADD_ALL_TESTS(test_input_align, 4);
888     ADD_ALL_TESTS(test_output_align, 4);
889     ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
890     ADD_ALL_TESTS(test_des_weak_keys, OSSL_NELEM(weak_keys));
891     ADD_ALL_TESTS(test_des_check_bad_parity, OSSL_NELEM(bad_parity_keys));
892     ADD_TEST(test_des_two_key);
893 #endif
894     return 1;
895 }
896