diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index e0d471e28..527645e47 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -915,7 +915,11 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, if (version == PKCS5v2 || version == PKCS12) desIv = cbcIv; - Des_SetKey(&dec, key, desIv, DES_DECRYPTION); + + ret = Des_SetKey(&dec, key, desIv, DES_DECRYPTION); + if (ret != 0) + return ret; + Des_CbcDecrypt(&dec, input, input, length); break; } diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 09a120c1c..e69ef0723 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -33,6 +33,7 @@ #endif #include +#include #ifdef NO_INLINE #include @@ -61,7 +62,7 @@ #include "stm32f2xx.h" #include "stm32f2xx_cryp.h" - void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { word32 *dkey = des->key; @@ -69,6 +70,8 @@ ByteReverseWords(dkey, dkey, 8); Des_SetIV(des, iv); + + return 0; } int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) @@ -381,7 +384,7 @@ int Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz) } -void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) +int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { int i ; int status ; @@ -400,6 +403,7 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) des->iv[i] = 0x0 ; } + return 0; } int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) @@ -420,6 +424,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for(i=0; iiv[i] = 0x0 ; } + return 0; } @@ -439,7 +444,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0 }; - void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { int i = 0; byte* dkey = (byte*)des->key; @@ -452,6 +457,8 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for (i = 0; i < 8; i++) { dkey[i] = ((dkey[i] & 0xFE) | parityLookup[dkey[i] >> 1]); } + + return 0; } int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) @@ -616,7 +623,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) void Des_SetIV(Des* des, const byte* iv); int Des3_SetIV(Des3* des, const byte* iv); - void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { word32 *dkey = des->key ; word32 *dreg = des->reg ; @@ -625,6 +632,8 @@ int Des3_SetIV(Des3* des, const byte* iv); ByteReverseWords(dkey, dkey, 8); XMEMCPY((byte *)dreg, (byte *)iv, 8); ByteReverseWords(dreg, dreg, 8); + + return 0; } int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) @@ -977,58 +986,72 @@ static INLINE void FPERM(word32* left, word32* right) } -static void DesSetKey(const byte* key, int dir, word32* out) +static int DesSetKey(const byte* key, int dir, word32* out) { - byte buffer[56+56+8]; - byte *const pc1m = buffer; /* place to modify pc1 into */ - byte *const pcr = pc1m + 56; /* place to rotate pc1 into */ - byte *const ks = pcr + 56; - register int i,j,l; - int m; + byte* buffer = XMALLOC(56+56+8, NULL, DYNAMIC_TYPE_TMP_BUFFER); - for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ - l = pc1[j] - 1; /* integer bit location */ - m = l & 07; /* find bit */ - pc1m[j] = (key[l >> 3] & /* find which key byte l is in */ - bytebit[m]) /* and which bit of that byte */ - ? 1 : 0; /* and store 1-bit result */ + if (!buffer) { + return MEMORY_E; } - for (i = 0; i < 16; i++) { /* key chunk for each iteration */ - XMEMSET(ks, 0, 8); /* Clear key schedule */ - for (j = 0; j < 56; j++) /* rotate pc1 the right amount */ - pcr[j] = pc1m[(l = j + totrot[i]) < (j < 28 ? 28 : 56) ? l: l-28]; - /* rotate left and right halves independently */ - for (j = 0; j < 48; j++){ /* select bits individually */ - /* check bit that goes to ks[j] */ - if (pcr[pc2[j] - 1]){ - /* mask it in if it's there */ - l= j % 6; - ks[j/6] |= bytebit[l] >> 2; + else { + byte* const pc1m = buffer; /* place to modify pc1 into */ + byte* const pcr = pc1m + 56; /* place to rotate pc1 into */ + byte* const ks = pcr + 56; + register int i, j, l; + int m; + + for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ + l = pc1[j] - 1; /* integer bit location */ + m = l & 07; /* find bit */ + pc1m[j] = (key[l >> 3] & /* find which key byte l is in */ + bytebit[m]) /* and which bit of that byte */ + ? 1 : 0; /* and store 1-bit result */ + } + + for (i = 0; i < 16; i++) { /* key chunk for each iteration */ + XMEMSET(ks, 0, 8); /* Clear key schedule */ + + for (j = 0; j < 56; j++) /* rotate pc1 the right amount */ + pcr[j] = + pc1m[(l = j + totrot[i]) < (j < 28 ? 28 : 56) ? l : l-28]; + + /* rotate left and right halves independently */ + for (j = 0; j < 48; j++) { /* select bits individually */ + if (pcr[pc2[j] - 1]) { /* check bit that goes to ks[j] */ + l= j % 6; /* mask it in if it's there */ + ks[j/6] |= bytebit[l] >> 2; + } + } + + /* Now convert to odd/even interleaved form for use in F */ + out[2*i] = ((word32) ks[0] << 24) + | ((word32) ks[2] << 16) + | ((word32) ks[4] << 8) + | ((word32) ks[6]); + + out[2*i + 1] = ((word32) ks[1] << 24) + | ((word32) ks[3] << 16) + | ((word32) ks[5] << 8) + | ((word32) ks[7]); + } + + /* reverse key schedule order */ + if (dir == DES_DECRYPTION) { + for (i = 0; i < 16; i += 2) { + word32 swap = out[i]; + out[i] = out[DES_KS_SIZE - 2 - i]; + out[DES_KS_SIZE - 2 - i] = swap; + + swap = out[i + 1]; + out[i + 1] = out[DES_KS_SIZE - 1 - i]; + out[DES_KS_SIZE - 1 - i] = swap; } } - /* Now convert to odd/even interleaved form for use in F */ - out[2*i] = ((word32)ks[0] << 24) - | ((word32)ks[2] << 16) - | ((word32)ks[4] << 8) - | ((word32)ks[6]); - out[2*i + 1] = ((word32)ks[1] << 24) - | ((word32)ks[3] << 16) - | ((word32)ks[5] << 8) - | ((word32)ks[7]); - } - - /* reverse key schedule order */ - if (dir == DES_DECRYPTION) - for (i = 0; i < 16; i += 2) { - word32 swap = out[i]; - out[i] = out[DES_KS_SIZE - 2 - i]; - out[DES_KS_SIZE - 2 - i] = swap; - swap = out[i + 1]; - out[i + 1] = out[DES_KS_SIZE - 1 - i]; - out[DES_KS_SIZE - 1 - i] = swap; - } - + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + return 0; } @@ -1038,24 +1061,34 @@ static INLINE int Reverse(int dir) } -void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) +int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { - DesSetKey(key, dir, des->key); - Des_SetIV(des, iv); + + return DesSetKey(key, dir, des->key); } int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { + int ret; + #ifdef HAVE_CAVIUM if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) return Des3_CaviumSetKey(des, key, iv); #endif - DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]); - DesSetKey(key + 8, Reverse(dir), des->key[1]); - DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]); + ret = DesSetKey(key + (dir == DES_ENCRYPTION ? 0:16), dir, des->key[0]); + if (ret != 0) + return ret; + + ret = DesSetKey(key + 8, Reverse(dir), des->key[1]); + if (ret != 0) + return ret; + + ret = DesSetKey(key + (dir == DES_DECRYPTION ? 0:16), dir, des->key[2]); + if (ret != 0) + return ret; return Des3_SetIV(des, iv); } diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index 66c64d4f8..c0c96b1c8 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -1041,14 +1041,27 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* encrypt content */ if (pkcs7->encryptOID == DESb) { Des des; - Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION); - Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); - } else if (pkcs7->encryptOID == DES3b) { + ret = Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION); + + if (ret == 0) + ret = Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); + + if (ret != 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (dynamicFlag) + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + } + else if (pkcs7->encryptOID == DES3b) { Des3 des3; + ret = Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION); + if (ret == 0) ret = Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz); + if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dynamicFlag) @@ -1321,15 +1334,24 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, /* decrypt encryptedContent */ if (encOID == DESb) { Des des; - Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); - Des_CbcDecrypt(&des, encryptedContent, encryptedContent, - encryptedContentSz); - } else if (encOID == DES3b) { + ret = Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); + + if (ret == 0) + ret = Des_CbcDecrypt(&des, encryptedContent, encryptedContent, + encryptedContentSz); + + if (ret != 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + } + else if (encOID == DES3b) { Des3 des; ret = Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); if (ret == 0) ret = Des3_CbcDecrypt(&des, encryptedContent, encryptedContent, encryptedContentSz); + if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index b6b7d398b..e6757c414 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1788,17 +1788,23 @@ int des_test(void) 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b }; + int ret; + + ret = Des_SetKey(&enc, key, iv, DES_ENCRYPTION); + if (ret != 0) + return -31; - Des_SetKey(&enc, key, iv, DES_ENCRYPTION); Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); - Des_SetKey(&dec, key, iv, DES_DECRYPTION); + ret = Des_SetKey(&dec, key, iv, DES_DECRYPTION); + if (ret != 0) + return -32; Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (memcmp(plain, vector, sizeof(plain))) - return -31; + return -33; if (memcmp(cipher, verify, sizeof(cipher))) - return -32; + return -34; return 0; } diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index eecdd6e39..cc704b252 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -90,7 +90,7 @@ typedef struct Des3 { } Des3; -CYASSL_API void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); +CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); CYASSL_API void Des_SetIV(Des* des, const byte* iv); CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); diff --git a/src/ssl.c b/src/ssl.c index a728fd891..c00b5b3ec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2022,14 +2022,20 @@ int CyaSSL_Init(void) if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { Des enc; - Des_SetKey(&enc, key, info.iv, DES_DECRYPTION); + + ret = Des_SetKey(&enc, key, info.iv, DES_DECRYPTION); + if (ret != 0) + return ret; + Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); } else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) { Des3 enc; + ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); if (ret != 0) return ret; + ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); if (ret != 0) return ret; @@ -6929,9 +6935,13 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 8; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - Des_SetKey(&ctx->cipher.des, key, iv, + if (key) { + ret = Des_SetKey(&ctx->cipher.des, key, iv, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + if (iv && key == NULL) Des_SetIV(&ctx->cipher.des, iv); } @@ -6948,6 +6958,7 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } + if (iv && key == NULL) { ret = Des3_SetIV(&ctx->cipher.des3, iv); if (ret != 0) @@ -7369,7 +7380,10 @@ int CyaSSL_set_compression(CYASSL* ssl) int enc) { Des myDes; + CYASSL_ENTER("DES_cbc_encrypt"); + + /* OpenSSL compat, no ret */ Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); if (enc) @@ -7386,7 +7400,10 @@ int CyaSSL_set_compression(CYASSL* ssl) int enc) { Des myDes; + CYASSL_ENTER("DES_ncbc_encrypt"); + + /* OpenSSL compat, no ret */ Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); if (enc)