I'm trying to use asymmetric encryption in a C program, to encrypt strings.
I chose to go with RSA, but if there's a less complicated yet secure way, do tell me.
OpenSSL is one library I've looked at and found no documentation on implementing it in C code. (I may just have been unlucky, I've been looking for many days)
No luck on YouTube/Google either...
Please point me to a detailed source of information on how how to do this...
I understand both C and the fundamental concepts of RSA pretty well, but I have no idea how to:
Generate the large primes needed to generate the keys.
Fix e = 65537 .
Generate the public / private keys in an alphanumeric format (they are actually numbers, arent they ?) .
Seamlessly combine (e,n) in the public key and (d,n) in the private key in the way tools like OpenSSL seem to do (in an alphanumeric string) .
Here's an example of what you're looking to do. First a utility function to print OpenSSL error messages:
void log_ssl_err(const char *mes)
{
unsigned long err, found;
char errstr[1000];
found = 0;
while ((err = ERR_get_error())) {
ERR_error_string(err, errstr);
printf("%s: %s", mes, errstr);
found = 1;
}
if (!found) {
printf("%s", mes);
}
}
Generating a key with a given exponent:
RSA *rsa;
BIGNUM *e;
uint32_t exponent_bin, exponent_num;
exponent_num = 65537;
exponent_bin = htonl(exponent);
e = BN_bin2bn((const unsigned char *)&exponent_bin, 4, NULL);
if (e == NULL) {
log_ssl_err("BN_bin2bn failed for e");
exit(1);
}
if ((rsa = RSA_new()) == NULL) {
log_ssl_err("RSA_new failed");
BN_free(e);
exit(1);
}
if (!RSA_generate_key_ex(rsa, 2048, e, NULL)) {
log_ssl_err("couldn't generate rsa key");
BN_free(e);
exit(1);
}
Encrypting and decrypting:
unsigned char plaintext[] = "this is the plaintext";
unsigned char *ciphertext, *decrypted;
int cipher_len, decrypted_len;
ciphertext = malloc(RSA_size(rsa));
if ((cipher_len = RSA_public_encrypt(strlen(plaintext), plaintext, ciphertext,
rsa, RSA_PKCS1_OAEP_PADDING)) == -1) {
log_ssl_err("RSA_public_encrypt failed");
exit(1);
}
decrypted = malloc(RSA_size(rsa));
if ((decrypted_len = RSA_private_decrypt(cipher_len, ciphertext, decrypted,
rsa, RSA_PKCS1_OAEP_PADDING)) == -1) {
log_ssl_err("RSA_private_decrypt failed");
return 0;
}
The documentation for OpenSSL can be difficult to navigate, but the information you need can be found in the man pages. If you run man 3 rsa you'll see a list of all the RSA related functions. From there you can look at the man page for each function.
Related
I am playing with OpenSSL 1.0.2o version. I compiled from OpenSSL only static libcrypto. I used this configuration flags:
no-demos, no-bugs, no-apps, no-ssl, no-test, no-shared, no-zlib, no-zlib-dynamic, no-ssl-trace, no-unit-test, no-ec_nistp_64_gcc_128, no-libunbound, no-ssl1, no-ssl2, no-ssl3, no-asm, no-dtls, no-dtls1, no-threads, no-npn, no-weak-ssl-ciphers, no-rfc3779, no-sctp, no-ui, no-async, no-dgram, no-posix-io, no-sock, no-des, no-dso, no-srp, no-store, no-ts, no-txt_db, no-hw, no-ec, no-gmp, -DOPENSSL_NO_STDIO, -DOPENSSL_NO_FP_API, -DOPENSSL_NO_DYNAMIC_ENGINE,-UOPENSSL_FIPS.
I use OpenSSL into small embedded device. (without file operations, without operating system and without libc).
I import RSA public and private keys from memory from PEM-strings and then I want to use it for sign/verify, but RSA_sign() function returns zero. May be am I do that wrong?
Import keys:
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
typedef RSA *(*read_bio2rsa_f)(BIO *, RSA **, pem_password_cb *, void *);
static BIO *pub_bio;
static RSA *pub_key;
static BIO *prv_bio;
static RSA *prv_key;
static RSA *openssl_read_key_rsa(int rsa_type, BIO **bio)
{
RSA *rsa;
char *pem_str;
int pem_str_len;
read_bio2rsa_f read_bio2rsa;
if (rsa_type == PUB_KEY_TYPE) {
pem_str = (char *)pem_pub_key;
pem_str_len = (int)sizeof(pem_pub_key);
read_bio2rsa = PEM_read_bio_RSA_PUBKEY;
} else {
pem_str = (char *)pem_prv_key;
pem_str_len = (int)sizeof(pem_prv_key);
read_bio2rsa = PEM_read_bio_RSAPrivateKey;
}
if ((*bio = BIO_new_mem_buf((const void *)pem_str,
pem_str_len)) == NULL) {
EMSG("BIO_new_mem_buf() FAILED read PEM key");
return NULL;
}
if ((rsa = RSA_new()) == NULL) {
EMSG("RSA_new() FAILED");
return NULL;
}
read_bio2rsa(*bio, &rsa, NULL, NULL);
return rsa;
}
static int check_rsa_key_pair(RSA *pub, RSA *priv)
{
if (BN_cmp(pub->n, priv->n) != 0)
return CRYPTO_ERR;
return CRYPTO_OK;
}
/* extrnal function for import RSA-keys */
int openssl_rsa_init_key(void)
{
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_noconf();
if ((prv_key = openssl_read_key_rsa(PRV_KEY_TYPE, &prv_bio)) == NULL) {
EMSG("Importing the private key FAILED!");
return CRYPTO_ERR;
}
if ((pub_key = openssl_read_key_rsa(PUB_KEY_TYPE, &pub_bio)) == NULL) {
EMSG("Importing the public key FAILED!");
return CRYPTO_ERR;
}
if (!check_rsa_key_pair(pub_key, prv_key)) {
EMSG("Key pair don't match");
return CRYPTO_ERR;
}
EMSG("Import KEYs is successful!");
return CRYPTO_OK;
}
All code above is executed successfully. After this, in theory, I can free use the rsa keys into any OpenSSL functions that expected RSA-type.
I tried to do signature like this:
int openssl_rsa_sign_hash(uint8_t *hash, unsigned int hash_len,
uint8_t *sig, int *sig_len)
{
if (!RSA_sign(NID_sha256, (const unsigned char *)hash, hash_len,
(unsigned char *)sig, (unsigned int *)sig_len,
prv_key)) {
EMSG("RSA signature FAILED with %s",
ERR_error_string(ERR_get_error(), NULL));
return CRYPTO_ERR;
}
EMSG("RSA signature success!");
return CRYPTO_OK;
}
But, I got "RSA signature FAILED with error:00000000:lib(0):func(0):reason(0)" this string into my error output.
Could anyone explain me the mistakes, please?
But, I got "RSA signature FAILED with
error:00000000:lib(0):func(0):reason(0)" this string into my error
output.
Could anyone explain me the mistakes, please?
I don't see a main function, so this is just speculation...
Add a call to SSL_library_init and ERR_load_crypto_strings in main. You may also need a call to OpenSSL_add_all_ciphers.
Since you are not getting a good error string, you might try printing the result of ERR_get_error(). Once you get the result of ERR_get_error(), you can run it through the openssl errstr command:
$ openssl errstr 0406506C
error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len
Also see Library Initialization on the OpenSSL wiki.
This question already has answers here:
Use OpenSSL RSA key with .Net
(1 answer)
How to generate RSA private key using OpenSSL?
(3 answers)
Closed 5 years ago.
I need to write a C program that generates an RSA key, and saves an X.509 public key in DER format and a PKCS#8 private key in DER format. I've used Google, but haven't really found much. What I have so far is this:
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
void main() {
int ret = 0;
RSA *r = NULL;
BIGNUM *bne = NULL;
BIO *bp_public = NULL, *bp_private = NULL;
int bits = 2048;
unsigned long e = RSA_F4;
// Generate the RSA key
printf("Generating RSA key...\n");
bne = BN_new();
ret = BN_set_word(bne, e);
if(ret != 1) {
goto free_all;
}
r = RSA_new();
ret = RSA_generate_key_ex(r, bits, bne, NULL);
if(ret != 1) {
goto free_all;
}
// Save the public key in PEM format
printf("Writing key files...\n");
bp_public = BIO_new_file("public.pem", "w+");
ret = PEM_write_bio_RSAPublicKey(bp_public, r);
if(ret != 1) {
goto free_all;
}
// Save the private key in PEM format
bp_private = BIO_new_file("private.pem", "w+");
ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
// Free everything
free_all:
BIO_free_all(bp_public);
BIO_free_all(bp_private);
RSA_free(r);
BN_free(bne);
printf("Done!\n");
}
This is obviously writing the keys in PEM format. I also need to be able to actually have the data in memory in the code, not just write it directly to a file, as there's some other stuff I need to do with the public key.
Thank you for any help
Your question is a little ambiguous in what you actually mean by "saves an X.509 public key in DER format". Assuming you actually mean "save it as a SubjectPublicKeyInfo structure" (which is the bit of an X.509 certificate that holds public keys) then you should use i2d_RSA_PUBKEY (or i2d_RSA_PUBKEY_fp or i2d_RSA_PUBKEY_bio) to write it out (no need to convert it to an EVP_PKEY first).
For the PKCS#8 private key in DER format, your current method is incorrect for PEM format. The PEM_write_bio_RSAPrivateKey() function will write this out in traditional format (not PKCS#8).
I assume you don't want to do anything complicated like encrypting the key first. For this one you will need to convert it to an EVP_PKEY (using EVP_PKEY_assign_RSA() as mentioned by #JawguyChooser). Next you obtain a PKCS8_PRIV_KEY_INFO structure using the (sadly undocumented) function EVP_PKEY2PKCS8.
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
You need to free this structure when your done using PKCS8_PRIV_KEY_INFO_free(). Next write out the PKCS8 DER using i2d_PKCS8_PRIV_KEY_INFO() (or i2d_PKCS8_PRIV_KEY_INFO_fp() or i2d_PKCS8_PRIV_KEY_INFO_bio).
See the man page for info on various of these functions:
https://www.openssl.org/docs/man1.1.0/crypto/i2d_RSAPublicKey.html
I think you're going to need to convert your key to an EVP_PKEY using EVP_PKEY_assign_RSA. Then you can use i2d_PUBKEY_bio to write out to a bio.
The following modification of your code works for me:
include the header file <openssl/evp.h>
declare BIO for writing out the public_der
create EVP_PKEY structure with EVP_PKEY_new()
convert using EVP_PKEY_assign_RSA
write out to bio with i2d_PUBKEY_bio
In context:
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
void main() {
int ret = 0;
RSA *r = NULL;
BIGNUM *bne = NULL;
BIO *bp_public = NULL, *bp_private = NULL, *bp_public_der = NULL;
int bits = 2048;
unsigned long e = RSA_F4;
// Generate the RSA key
printf("Generating RSA key...\n");
bne = BN_new();
ret = BN_set_word(bne, e);
if(ret != 1) {
goto free_all;
}
r = RSA_new();
ret = RSA_generate_key_ex(r, bits, bne, NULL);
if(ret != 1) {
goto free_all;
}
// Save the public key in PEM format
printf("Writing key files...\n");
bp_public = BIO_new_file("public.pem", "w+");
ret = PEM_write_bio_RSAPublicKey(bp_public, r);
if(ret != 1) {
goto free_all;
}
// Save the private key in PEM format
bp_private = BIO_new_file("private.pem", "w+");
ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
// Save in DER
EVP_PKEY *evp = EVP_PKEY_new();
ret = EVP_PKEY_assign_RSA(evp, r);
if(ret != 1){
printf("failure %i\n", ret);
}
bp_public_der = BIO_new_file("public.key", "w+");
ret = i2d_PUBKEY_bio(bp_public_der, evp);
// Free everything
free_all:
BIO_free_all(bp_public);
BIO_free_all(bp_public_der);
BIO_free_all(bp_private);
RSA_free(r);
BN_free(bne);
printf("Done!\n");
}
You can now find the DER of the public key in public.key. And you should be able to do the same thing for the private.
Hope this helps.
I am trying to address a use case exactly same as How to encrypt data using RSA, with SHA-256 as hash function and MGF1 as mask generating function?, but I need a few more clarity on this.
The above query was raised in the year 2013. At that time the OpenSSL only supported SHA1 hash (hard coded) for OAEP padding. In the latest OpenSSL (1.0.2k), I can see that this is addressed by using the following API:
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD mgf1md)
RSA_public_encrypt() does not take EVP_MD structure as argument I'm not sure how to specify it.
How can I invoke the SHA-256 mode in RSA_public_encrypt() with a mask generation function?
RSA_public_encrypt(...) is deprecated; EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, ...) should be used instead.
Padding, mask generation function and other parameters are configured for the context which is passed as the first argument to EVP_PKEY_encrypt:
EVP_PKEY* evp_key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
if (evp_key == NULL) {
// handle error
}
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(evp_key, NULL);
if (ctx == NULL) {
// handle error
}
if (EVP_PKEY_encrypt_init(ctx) <= 0) {
// handle error
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
// handle error
}
if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {
// handle error
}
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {
// handle error
}
if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, data, len) <= 0) {
// handle error
}
I want to do an encryption / decryption program in C based on something I did in perl. The compiled perl program is 2MB so I figure if I write it in C it will be a smaller executable size.
My problem is, while I get it to encrypt, I can't get it to decrypt. It's been literally ages since I last used C so I forgot a lot of stuff. Someone please enlighten me to what I'm doing wrong here? Thanks.
/*
============================================================================
Name : test-c.c
Description : Testing Project
Trying to do a C version of this perl code:
my $cipher = Crypt::CBC->new( -key => $salt_key, -cipher => 'DES' -header => 'none');
my $enc_text = $cipher->encrypt_hex($text);
Requires : -lcrypt
References :
Function: cbc_crypt (char *key, char *blocks, unsigned len, unsigned mode, char *ivec)
GNU C Library: DES Encryption (http://www.gnu.org/software/libc/manual/html_node/DES-Encryption.html#DES-Encryption)
cbc_crypt (http://unix.derkeiler.com/Newsgroups/comp.unix.programmer/2012-10/msg00023.html)
============================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <rpc/des_crypt.h>
int main(void) {
char key[] = "aBcDeFg1";
char pass[] = "mypass1234test";
char encbuff[] = "87654321";
char decbuff[] = "87645321";
int buffsize;
int result;
des_setparity(key);
/* Encrypt pass, result is in encbuff */
buffsize = sizeof(pass);
/* Add to pass to ensure size is divisable by 8. */
while (buffsize % 8) {
pass[buffsize++] = '\0';
}
printf("Encrypted: ");
result = cbc_crypt(key, pass, buffsize, DES_ENCRYPT | DES_SW, encbuff);
if (DES_FAILED(result) || strcmp(encbuff, "") == 0) {
if(strcmp(encbuff, "") == 0) {
printf("*** Null Output ***\n");
} else {
printf("*** Encryption Error ***\n");
}
} else {
printf("%s\n", encbuff);
}
/* Decrypt encbuff, result is in decbuff */
/* FIXME: Decryption doesn't work:
Encrypted: ,�7&���8
Decrypted: *** Decryption Error ***
*/
buffsize = sizeof(encbuff);
/* Add to pass to ensure size is divisable by 8. */
while (buffsize % 8) {
encbuff[buffsize++] = '\0';
}
printf("Decrypted: ");
result = cbc_crypt(key, encbuff, buffsize, DES_DECRYPT | DES_SW, decbuff);
if(DES_FAILED(result) || strcmp(decbuff, "") == 0) {
if(strcmp(encbuff, "") == 0) {
printf("*** Null Output ***\n");
} else {
printf("*** Decryption Error ***\n");
}
} else {
printf("%s\n", decbuff);
}
return 0;
}
As noticed by #Brian_Sidebotham , using char str[10];buffsize=sizeof(str);...str[buffsize++]='\0' is not a good thing in c. Writing beyond the end of an array may trigger undefined behavior. It could work or deliver wrong results or stop due to a segmentation fault. So the first thing to do is to work with larger buffers. For instance :
char key[9];
sprintf(key,"12345678");
char password[420];
sprintf(password,"i am not going to write my password here.");
Notice that it is 9, not 8, to leave some place for the null terminating character \0 that is automatically added by sprintf() to build a valid c string.
Moreover, the last parameter of cbc_crypt() is not the output. It is not the encrypted string but an 8-byte initialization vector for the chaining. That way, if you need to encrypt multiple strings, it prevents regularities in the clear text from appearing in the cipher text. As the cipher text is to be decrypted, the same initialization vector must be provided. Encryption is performed in place : the input string pass will be overwritten by the encrypted text.
Finally, make sure that your strings are large enough because the encrypted text seems to be slightly larger that the clear text.
The following code is expected to work. It is compiled by gcc main.c -o main
/*
============================================================================
Name : test-c.c
Description : Testing Project
Trying to do a C version of this perl code:
my $cipher = Crypt::CBC->new( -key => $salt_key, -cipher => 'DES' -header => 'none');
my $enc_text = $cipher->encrypt_hex($text);
Requires : -lcrypt
References :
Function: cbc_crypt (char *key, char *blocks, unsigned len, unsigned mode, char *ivec)
GNU C Library: DES Encryption (http://www.gnu.org/software/libc/manual/html_node/DES-Encryption.html#DES-Encryption)
cbc_crypt (http://unix.derkeiler.com/Newsgroups/comp.unix.programmer/2012-10/msg00023.html)
============================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <rpc/des_crypt.h>
#define BUFFSIZE 420
int main(void) {
// char key[] = "aBcDeFg1";
char key[9];
sprintf(key,"aBcDeFg1");
//char pass[] = "mypass1234test";
char pass[BUFFSIZE];
sprintf(pass,"mypass1234test");
// char encbuff[] = "87654321";
char ivec[9];
sprintf(ivec,"87654321");
// char decbuff[] = "87645321";
char ivectemp[9];
strcpy(ivectemp,ivec);
int buffsize;
int result;
des_setparity(key);
/* Encrypt pass, result is in encbuff */
buffsize = strlen(pass);
printf("buffsize is %d\n",buffsize);
/* Add to pass to ensure size is divisable by 8. */
while (buffsize % 8 && buffsize<BUFFSIZE) {
pass[buffsize++] = '\0';
}
printf("pass is %s\n",pass);
printf("buffsize is %d\n",buffsize);
printf("Encrypted: ");
result = cbc_crypt(key, pass, buffsize, DES_ENCRYPT | DES_SW, ivectemp);
if (DES_FAILED(result) || strcmp(pass, "") == 0) {
if(strcmp(pass, "") == 0) {
printf("*** Null Output ***\n");
} else {
printf("*** Encryption Error ***\n");
}
} else {
printf("%s\n", pass);
}
/* Decrypt encbuff, result is in decbuff */
/* FIXME: Decryption doesn't work:
Encrypted: ,�7&���8
Decrypted: *** Decryption Error ***
*/
buffsize = strlen(pass);
printf("buffsize is %d\n",buffsize);
/* Add to pass to ensure size is divisable by 8. */
while (buffsize % 8 && buffsize<BUFFSIZE) {
pass[buffsize++] = '\0';
}
printf("buffsize is %d\n",buffsize);
printf("Decrypted: ");
//keeping the same initialization vector for decrypting, encrypt has altered ivectemp
strcpy(ivectemp,ivec);
result = cbc_crypt(key, pass, buffsize, DES_DECRYPT | DES_SW, ivectemp);
if(DES_FAILED(result) || strcmp(pass, "") == 0) {
if(strcmp(pass, "") == 0) {
printf("*** Null Output ***\n");
} else {
printf("*** Decryption Error ***\n");
}
} else {
printf("%s\n",pass);
}
return 0;
}
Now... A few words about security... According to the wikipedia page about the Data Encryption Standard NBS DES :
DES is now considered to be insecure for many applications. This is mainly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes
You may switch to the implementation of AES by the openssl library for instance. See How to do encryption using AES in Openssl or Simple AES encryption decryption with openssl library in C or AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C for instance.
I'm trying to implement Triple DES encryption in C using OpenSSL library but I am not such professional in cryptography. I've found a useful sample code here for DES ECB crypto but I could not find an example code on how to implement 3DES and most of web resources just describe how to use OpenSSL as a tool.
I've implemented DES ECB for a specific purpose as follows
typedef struct
{
size_t size;
unsigned char* data;
} byte_array, *byte_array_ptr;
for encryption
byte_array_ptr des_encrypt_to_pin_block(byte_array_ptr key_bytes, byte_array_ptr xor_bytes)
{
if ((key_bytes->size != 8) || (xor_bytes->size != 8))
return NULL;
DES_key_schedule schedule;
const_DES_cblock key_data;
const_DES_cblock xor_data;
DES_cblock buffer;
memcpy(&key_data, key_bytes->data, key_bytes->size);
memcpy(&xor_data, xor_bytes->data, xor_bytes->size);
if (DES_set_key(&key_data, &schedule) < 0)
{
printf("ERROR: %s", "DES Set Key Error!");
return NULL;
}
DES_ecb_encrypt(&xor_data, &buffer, &schedule, DES_ENCRYPT);
byte_array_ptr pin_block;
pin_block = (byte_array_ptr)malloc(sizeof(size_t) + 8);
pin_block->size = 8;
pin_block->data = (unsigned char *)malloc(pin_block->size);
memcpy(pin_block->data, &buffer, pin_block->size);
return pin_block;
}
and the decryption
byte_array_ptr des_decrypt_to_xor_bytes(byte_array_ptr key_bytes, byte_array_ptr pin_block)
{
if ((key_bytes->size != 8) || (pin_block->size != 8))
return NULL;
DES_key_schedule schedule;
const_DES_cblock key_data;
const_DES_cblock pin_data;
DES_cblock buffer;
memcpy(&key_data, key_bytes->data, key_bytes->size);
memcpy(&pin_data, pin_block->data, pin_block->size);
if (DES_set_key(&key_data, &schedule) < 0)
{
printf("ERROR: %s", "DES Set Key Error!");
return NULL;
}
DES_ecb_encrypt(&pin_data, &buffer, &schedule, DES_DECRYPT);
byte_array_ptr xor_bytes;
xor_bytes = (byte_array_ptr)malloc(sizeof(size_t) + 8);
xor_bytes->size = 8;
xor_bytes->data = (unsigned char *)malloc(xor_bytes->size);
memcpy(xor_bytes->data, &buffer, xor_bytes->size);
return xor_bytes;
}
but I have no idea how to do it for 3DES.
Any idea?
OpenSSL provides a set of functions for Triple DES in EDE mode(Encrypt using key #1, Decrypt using key #2, Encrypt using key #3) for all encryption schemes. Also its common situation when key #1 equals key #3, there are functions for this case either.
So if you have all three keys the functions are:
DES_ecb3_encrypt()
DES_ede3_cbc_encrypt()
DES_ede3_ofb_encrypt()
DES_ede3_cfb_encrypt()
If you have only two keys the functions are:
DES_ecb2_encrypt()
DES_ede2_cbc_encrypt()
DES_ede2_ofb_encrypt()
DES_ede2_cfb_encrypt()