Add support for more types of encrypted PEM files

1. ChaCha20, two-key 3DES and DES-X encrypted OpenSSL PEM files

2. AES-GCM and Chacha20+Poly1305 encrypted SSH keys

* OpenSSH uses a slightly different algorithm for its
  `chacha20-poly1305@openssh.com` than defined in the RFC.
  Therefore add an `openssh_compat` flag to
  `chacha20poly1305_state`.
* Add the option to give a 16byte IV and no counter, when calling
  `chacha20poly1305_memory()`
* Add support for DES-X

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

demos/pem-info.c

@@ -16,10 +16,13 @@ static const struct {
    { "", "none" },
    { "aes", "AES" },
    { "blowfish", "Blowfish" },
+   { "c20p1305", "ChaCha20Poly1305" },
    { "camellia", "Camellia" },
    { "cast5", "CAST5" },
+   { "chacha20", "ChaCha20" },
    { "3des", "3DES (EDE)" },
    { "des", "DES" },
+   { "desx", "DES-X" },
    { "idea", "IDEA" },
    { "rc5", "RC5" },
    { "rc2", "RC2" },
@@ -39,14 +42,27 @@ static const char *s_map_cipher(const char *name)
    exit(1);
 }
 
-static const char *cipher_mode_map[] = {
-   "none", "CBC", "CFB", "CTR", "OFB", "STREAM", "GCM"
+static const struct {
+   enum cipher_mode mode;
+   const char *name;
+} cipher_mode_map[] = {
+   { cm_none,   "none",   },
+   { cm_cbc,    "CBC",    },
+   { cm_cfb,    "CFB",    },
+   { cm_ctr,    "CTR",    },
+   { cm_ofb,    "OFB",    },
+   { cm_stream, "STREAM", },
+   { cm_gcm,    "GCM",    },
 };
 
 static const char *s_map_mode(enum cipher_mode mode)
 {
-   if (mode >= 0 && mode <= sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0]))
-      return cipher_mode_map[mode];
+   size_t n;
+   mode &= cm_modes;
+   for (n = 0; n < sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0]); ++n) {
+      if (cipher_mode_map[n].mode == mode)
+         return cipher_mode_map[n].name;
+   }
    fprintf(stderr, "Error: Can't map cipher_mode %d\n", mode);
    exit(1);
 }
@@ -56,23 +72,23 @@ int main(void)
    unsigned long n;
    printf("PEM ciphers:\n\n");
    for (n = 0; n < pem_dek_infos_num; ++n) {
-      char nbuf[20] = {0};
+      char nbuf[32] = {0};
       size_t nlen = strlen(pem_dek_infos[n].name);
       memcpy(nbuf, pem_dek_infos[n].name, nlen);
       nbuf[nlen-1] = '}';
-      printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %s \\\\\n",
+      printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-6s \\\\\n",
                                nbuf, s_map_cipher(pem_dek_infos[n].algo),
                                               pem_dek_infos[n].keylen * 8,
                                                        s_map_mode(pem_dek_infos[n].mode));
    }
 
    printf("\nSSH ciphers:\n\n");
    for (n = 0; n < ssh_ciphers_num; ++n) {
-      char nbuf[20] = {0};
+      char nbuf[32] = {0};
       size_t nlen = strlen(ssh_ciphers[n].name);
       memcpy(nbuf, ssh_ciphers[n].name, nlen);
       nbuf[nlen] = '}';
-      printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-4s \\\\\n",
+      printf("\\hline \\texttt{%-30s & %-16s & %-24ld & %-6s \\\\\n",
                                nbuf, s_map_cipher(ssh_ciphers[n].algo),
                                ssh_ciphers[n].keylen * 8,
                                                        s_map_mode(ssh_ciphers[n].mode));

doc/crypt.tex

@@ -1433,6 +1433,60 @@ Key Size: 8 bytes
 49: 6B901B2B79B6950C
 
 
+Cipher: desx
+Key Size: 24 bytes
+ 0: F490BAC08301C6C9
+ 1: 5668E3676102907F
+ 2: 5BA2BFCC35AED470
+ 3: B2CC7DBA467E62C6
+ 4: B4BF359A876FAC3E
+ 5: 2EF94EA88C1ACE79
+ 6: 9C175106D3484502
+ 7: 38F466A89DFA587F
+ 8: 745F3EB5BEDE929C
+ 9: 9EBA1D104A86E113
+10: 561DC144F7A2CB5F
+11: E1EBF96BD996F292
+12: 4D96B8CD7D26DA9C
+13: DA59711131B18AF3
+14: F5EEC897F79D3597
+15: 3A39A7F0060373CB
+16: DA95839AA553147F
+17: 8A0BBA6804BDFFF2
+18: B0A0881F389062B5
+19: C6878531FF4888EC
+20: 9C73653BDB9EBFFD
+21: EF81557E5B539A4C
+22: 959ADE9663CC395D
+23: D22C6460C0580E1B
+24: E3B7EFC7DC2EEB28
+25: ACF66715DFE81D84
+26: CD2FC182D9A0F565
+27: 34F6DED980E437FA
+28: 313DE7369F9D1BB9
+29: 554A743622A42A3D
+30: 6F460E480078F091
+31: E752181D34A8FED2
+32: E0C7F0F53F84830B
+33: 1159C652EB6460E1
+34: 2A68847D986CBF7D
+35: B3CB050C29C86EFC
+36: 2C0EB50DBCA918EA
+37: CA1D0D17D185D9BE
+38: 3CB9EB47E1E05CC1
+39: 2AA3DE0A38F3A0F5
+40: EA43C7125932D2A7
+41: 79A23C0EA9E6C11E
+42: B711BFC1DE05D9B0
+43: BCF5ADD7751EED39
+44: 7A41A2FE64720CA2
+45: DC43A35EB0489FE9
+46: 9353A9FBD060B991
+47: 19DD74A5D948AC15
+48: F0E3B7B2D6E328F5
+49: 77C25E387D80E071
+
+
 Cipher: 3des
 Key Size: 16 bytes
  0: DF0B6C9C31CD0CE4

notes/cipher_tv.txt

@@ -313,6 +313,25 @@ EAX-des (8 byte key)
  15: 8D1A1E888BBB8648E638C4E74E11B8, 685E006C441448B8
  16: 93AE906B8BE4EAC8ED6D8F48F04A7AFF, 71DD7AF752FE28FB
 
+EAX-desx (24 byte key)
+  0: , FA66F07E473109A2
+  1: 4B, 576970495248BB09
+  2: D81C, 3AE9E470ABFBEEB1
+  3: 5B2442, F6B3BDC55CBD01A2
+  4: B1A495A8, AAD2D78BC0525DA2
+  5: 7723413A8D, 51D3134CBC32AD9B
+  6: 6F9D40815E10, 552C146A7A769E9E
+  7: B3292E406C9B92, D3ACE79B2D69877B
+  8: EF7513D71D52C33A, 64935E1AE8C416B1
+  9: 068AEDE3E0E1B0DC11, 2C5698925FFC70BF
+ 10: 76A5664A3D5DF553BAC4, 52B9D560C0D9BB0D
+ 11: CC6128B6BD0035354CF3A3, A8BA535862B221BD
+ 12: CB499A58CF55D016B79192EF, 76842391A45C6674
+ 13: 4903FBC696A256D4AC16A3EFD2, 39978842103FE097
+ 14: 9CD5671BEDF4EB8D519A72310A37, F00809AA017E81C5
+ 15: 9F62AB705A285EBF998FCF401166BA, 506244F55C4EAD84
+ 16: 110161EEF9B3CE543DB12EA8682866D4, 7A12BE4371963521
+
 EAX-3des (24 byte key)
   0: , 8914311BB990B725
   1: D8, 2094EDC5D03E54B1

notes/eax_tv.txt

@@ -313,6 +313,25 @@ OCB-des (8 byte key)
  15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B
  16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2
 
+OCB-desx (24 byte key)
+  0: , 972B4CC480AEA6A9
+  1: CB, C46CC58DE9615963
+  2: 2911, 9B5117BF9530018F
+  3: 844501, 308F0F36D3313B67
+  4: 0C8CB549, 3F72789FB54CC9B1
+  5: 581FA34114, 1B86E66203EBF9EE
+  6: D0BBE3E43961, 59F730D5ABF13265
+  7: 046529AB0EDD17, 240FF6134AA5327B
+  8: FF4F32C3A96D61D9, 5DE9B81CC39ACC61
+  9: E94A99D609BE5B1A6D, 443F4948DE64E6A0
+ 10: B3E783B59853EE1EBD36, F04B41EAAB9CDE18
+ 11: 0BB36CE35BB8050169F6F2, 598A0705C800BC04
+ 12: BE946B1CB03E7E5DA1CC12B8, 288B827CEA810662
+ 13: 3FEC137C657FF1F2B34F4C5E56, F9248F59D1033253
+ 14: 626DC4527055E80E68A6A1FE0F78, D8AA67D5ABD0B6A5
+ 15: 476247537A509BC42BCD6DEC7F9506, 2C2D0385066B4815
+ 16: 5D32BFE0B9ACB62B6AC29D43A0535A25, DE247F5F809C6CEC
+
 OCB-3des (24 byte key)
   0: , 9CB7074F93CD37DD
   1: 4D, 51541A838A154E0B

notes/ocb_tv.txt

@@ -313,6 +313,25 @@ OMAC-des (8 byte key)
  15: 7FB7CE0862958B37
  16: 55097816B10C549B
 
+OMAC-desx (24 byte key)
+  0: 3DCD366D8E4D6EB8
+  1: AD1DF426B344F922
+  2: C50DD51B953E37EF
+  3: F732DD355496D72F
+  4: B8A9D3819024AD6E
+  5: 7C4624125A33C0DF
+  6: 378D83372E82296F
+  7: 974C7613AF191E95
+  8: C856C3F7B1A944FA
+  9: F7898CFD34AFECE2
+ 10: 9B5B09251EB0F44B
+ 11: 369D0AC2E71641E8
+ 12: B798AFD13EDFD831
+ 13: 066207F46EA9B6F2
+ 14: 4083189F5CE42C5F
+ 15: 6D04E4B9E2ECA8DB
+ 16: 9D9EE9A8B5AC27C2
+
 OMAC-3des (24 byte key)
   0: 7F07A9EA8ECEDF9E
   1: 4E2A652EB5FBF5F8

notes/omac_tv.txt

@@ -313,6 +313,25 @@ PMAC-des (8 byte key)
  15: FCE22E6CAD528B49
  16: 993884FB9B3FB620
 
+PMAC-desx (24 byte key)
+  0: CFC3AC7F6B9BC6C4
+  1: 15F83A2E582CA5DB
+  2: 648B0A54C2A44D96
+  3: 76BD5FCA60D3E0D8
+  4: 59E994CED4C82509
+  5: 15B6B80165023A25
+  6: 095AEDA02E235237
+  7: FDEEF329DD64EE7D
+  8: 1FE317FD5338ADEF
+  9: 0E0530FC5984E574
+ 10: 7D670A434BDF5E6E
+ 11: AD0C2D07F449969F
+ 12: 023D921C2523A41D
+ 13: E98F2BE666A5749D
+ 14: FA9DB0029446CA31
+ 15: AF3350DCF2A5D6AC
+ 16: E72861AE67EF88E2
+
 PMAC-3des (24 byte key)
   0: E42CCBC9C9457DF6
   1: FE766F7930557708