projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[MBEDTLS]
[reactos.git] / reactos / dll / 3rdparty / mbedtls / des.c
1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 /*
24 * DES, on which TDES is based, was originally designed by Horst Feistel
25 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
26 *
27 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
28 */
29
30 #if !defined(MBEDTLS_CONFIG_FILE)
31 #include "mbedtls/config.h"
32 #else
33 #include MBEDTLS_CONFIG_FILE
34 #endif
35
36 #if defined(MBEDTLS_DES_C)
37
38 #include "mbedtls/des.h"
39
40 #include <string.h>
41
42 #if defined(MBEDTLS_SELF_TEST)
43 #if defined(MBEDTLS_PLATFORM_C)
44 #include "mbedtls/platform.h"
45 #else
46 #include <stdio.h>
47 #define mbedtls_printf printf
48 #endif /* MBEDTLS_PLATFORM_C */
49 #endif /* MBEDTLS_SELF_TEST */
50
51 #if !defined(MBEDTLS_DES_ALT)
52
53 /* Implementation that should never be optimized out by the compiler */
54 static void mbedtls_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
56 }
57
58 /*
59 * 32-bit integer manipulation macros (big endian)
60 */
61 #ifndef GET_UINT32_BE
62 #define GET_UINT32_BE(n,b,i) \
63 { \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68 }
69 #endif
70
71 #ifndef PUT_UINT32_BE
72 #define PUT_UINT32_BE(n,b,i) \
73 { \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78 }
79 #endif
80
81 /*
82 * Expanded DES S-boxes
83 */
84 static const uint32_t SB1[64] =
85 {
86 0x01010400, 0x00000000, 0x00010000, 0x01010404,
87 0x01010004, 0x00010404, 0x00000004, 0x00010000,
88 0x00000400, 0x01010400, 0x01010404, 0x00000400,
89 0x01000404, 0x01010004, 0x01000000, 0x00000004,
90 0x00000404, 0x01000400, 0x01000400, 0x00010400,
91 0x00010400, 0x01010000, 0x01010000, 0x01000404,
92 0x00010004, 0x01000004, 0x01000004, 0x00010004,
93 0x00000000, 0x00000404, 0x00010404, 0x01000000,
94 0x00010000, 0x01010404, 0x00000004, 0x01010000,
95 0x01010400, 0x01000000, 0x01000000, 0x00000400,
96 0x01010004, 0x00010000, 0x00010400, 0x01000004,
97 0x00000400, 0x00000004, 0x01000404, 0x00010404,
98 0x01010404, 0x00010004, 0x01010000, 0x01000404,
99 0x01000004, 0x00000404, 0x00010404, 0x01010400,
100 0x00000404, 0x01000400, 0x01000400, 0x00000000,
101 0x00010004, 0x00010400, 0x00000000, 0x01010004
102 };
103
104 static const uint32_t SB2[64] =
105 {
106 0x80108020, 0x80008000, 0x00008000, 0x00108020,
107 0x00100000, 0x00000020, 0x80100020, 0x80008020,
108 0x80000020, 0x80108020, 0x80108000, 0x80000000,
109 0x80008000, 0x00100000, 0x00000020, 0x80100020,
110 0x00108000, 0x00100020, 0x80008020, 0x00000000,
111 0x80000000, 0x00008000, 0x00108020, 0x80100000,
112 0x00100020, 0x80000020, 0x00000000, 0x00108000,
113 0x00008020, 0x80108000, 0x80100000, 0x00008020,
114 0x00000000, 0x00108020, 0x80100020, 0x00100000,
115 0x80008020, 0x80100000, 0x80108000, 0x00008000,
116 0x80100000, 0x80008000, 0x00000020, 0x80108020,
117 0x00108020, 0x00000020, 0x00008000, 0x80000000,
118 0x00008020, 0x80108000, 0x00100000, 0x80000020,
119 0x00100020, 0x80008020, 0x80000020, 0x00100020,
120 0x00108000, 0x00000000, 0x80008000, 0x00008020,
121 0x80000000, 0x80100020, 0x80108020, 0x00108000
122 };
123
124 static const uint32_t SB3[64] =
125 {
126 0x00000208, 0x08020200, 0x00000000, 0x08020008,
127 0x08000200, 0x00000000, 0x00020208, 0x08000200,
128 0x00020008, 0x08000008, 0x08000008, 0x00020000,
129 0x08020208, 0x00020008, 0x08020000, 0x00000208,
130 0x08000000, 0x00000008, 0x08020200, 0x00000200,
131 0x00020200, 0x08020000, 0x08020008, 0x00020208,
132 0x08000208, 0x00020200, 0x00020000, 0x08000208,
133 0x00000008, 0x08020208, 0x00000200, 0x08000000,
134 0x08020200, 0x08000000, 0x00020008, 0x00000208,
135 0x00020000, 0x08020200, 0x08000200, 0x00000000,
136 0x00000200, 0x00020008, 0x08020208, 0x08000200,
137 0x08000008, 0x00000200, 0x00000000, 0x08020008,
138 0x08000208, 0x00020000, 0x08000000, 0x08020208,
139 0x00000008, 0x00020208, 0x00020200, 0x08000008,
140 0x08020000, 0x08000208, 0x00000208, 0x08020000,
141 0x00020208, 0x00000008, 0x08020008, 0x00020200
142 };
143
144 static const uint32_t SB4[64] =
145 {
146 0x00802001, 0x00002081, 0x00002081, 0x00000080,
147 0x00802080, 0x00800081, 0x00800001, 0x00002001,
148 0x00000000, 0x00802000, 0x00802000, 0x00802081,
149 0x00000081, 0x00000000, 0x00800080, 0x00800001,
150 0x00000001, 0x00002000, 0x00800000, 0x00802001,
151 0x00000080, 0x00800000, 0x00002001, 0x00002080,
152 0x00800081, 0x00000001, 0x00002080, 0x00800080,
153 0x00002000, 0x00802080, 0x00802081, 0x00000081,
154 0x00800080, 0x00800001, 0x00802000, 0x00802081,
155 0x00000081, 0x00000000, 0x00000000, 0x00802000,
156 0x00002080, 0x00800080, 0x00800081, 0x00000001,
157 0x00802001, 0x00002081, 0x00002081, 0x00000080,
158 0x00802081, 0x00000081, 0x00000001, 0x00002000,
159 0x00800001, 0x00002001, 0x00802080, 0x00800081,
160 0x00002001, 0x00002080, 0x00800000, 0x00802001,
161 0x00000080, 0x00800000, 0x00002000, 0x00802080
162 };
163
164 static const uint32_t SB5[64] =
165 {
166 0x00000100, 0x02080100, 0x02080000, 0x42000100,
167 0x00080000, 0x00000100, 0x40000000, 0x02080000,
168 0x40080100, 0x00080000, 0x02000100, 0x40080100,
169 0x42000100, 0x42080000, 0x00080100, 0x40000000,
170 0x02000000, 0x40080000, 0x40080000, 0x00000000,
171 0x40000100, 0x42080100, 0x42080100, 0x02000100,
172 0x42080000, 0x40000100, 0x00000000, 0x42000000,
173 0x02080100, 0x02000000, 0x42000000, 0x00080100,
174 0x00080000, 0x42000100, 0x00000100, 0x02000000,
175 0x40000000, 0x02080000, 0x42000100, 0x40080100,
176 0x02000100, 0x40000000, 0x42080000, 0x02080100,
177 0x40080100, 0x00000100, 0x02000000, 0x42080000,
178 0x42080100, 0x00080100, 0x42000000, 0x42080100,
179 0x02080000, 0x00000000, 0x40080000, 0x42000000,
180 0x00080100, 0x02000100, 0x40000100, 0x00080000,
181 0x00000000, 0x40080000, 0x02080100, 0x40000100
182 };
183
184 static const uint32_t SB6[64] =
185 {
186 0x20000010, 0x20400000, 0x00004000, 0x20404010,
187 0x20400000, 0x00000010, 0x20404010, 0x00400000,
188 0x20004000, 0x00404010, 0x00400000, 0x20000010,
189 0x00400010, 0x20004000, 0x20000000, 0x00004010,
190 0x00000000, 0x00400010, 0x20004010, 0x00004000,
191 0x00404000, 0x20004010, 0x00000010, 0x20400010,
192 0x20400010, 0x00000000, 0x00404010, 0x20404000,
193 0x00004010, 0x00404000, 0x20404000, 0x20000000,
194 0x20004000, 0x00000010, 0x20400010, 0x00404000,
195 0x20404010, 0x00400000, 0x00004010, 0x20000010,
196 0x00400000, 0x20004000, 0x20000000, 0x00004010,
197 0x20000010, 0x20404010, 0x00404000, 0x20400000,
198 0x00404010, 0x20404000, 0x00000000, 0x20400010,
199 0x00000010, 0x00004000, 0x20400000, 0x00404010,
200 0x00004000, 0x00400010, 0x20004010, 0x00000000,
201 0x20404000, 0x20000000, 0x00400010, 0x20004010
202 };
203
204 static const uint32_t SB7[64] =
205 {
206 0x00200000, 0x04200002, 0x04000802, 0x00000000,
207 0x00000800, 0x04000802, 0x00200802, 0x04200800,
208 0x04200802, 0x00200000, 0x00000000, 0x04000002,
209 0x00000002, 0x04000000, 0x04200002, 0x00000802,
210 0x04000800, 0x00200802, 0x00200002, 0x04000800,
211 0x04000002, 0x04200000, 0x04200800, 0x00200002,
212 0x04200000, 0x00000800, 0x00000802, 0x04200802,
213 0x00200800, 0x00000002, 0x04000000, 0x00200800,
214 0x04000000, 0x00200800, 0x00200000, 0x04000802,
215 0x04000802, 0x04200002, 0x04200002, 0x00000002,
216 0x00200002, 0x04000000, 0x04000800, 0x00200000,
217 0x04200800, 0x00000802, 0x00200802, 0x04200800,
218 0x00000802, 0x04000002, 0x04200802, 0x04200000,
219 0x00200800, 0x00000000, 0x00000002, 0x04200802,
220 0x00000000, 0x00200802, 0x04200000, 0x00000800,
221 0x04000002, 0x04000800, 0x00000800, 0x00200002
222 };
223
224 static const uint32_t SB8[64] =
225 {
226 0x10001040, 0x00001000, 0x00040000, 0x10041040,
227 0x10000000, 0x10001040, 0x00000040, 0x10000000,
228 0x00040040, 0x10040000, 0x10041040, 0x00041000,
229 0x10041000, 0x00041040, 0x00001000, 0x00000040,
230 0x10040000, 0x10000040, 0x10001000, 0x00001040,
231 0x00041000, 0x00040040, 0x10040040, 0x10041000,
232 0x00001040, 0x00000000, 0x00000000, 0x10040040,
233 0x10000040, 0x10001000, 0x00041040, 0x00040000,
234 0x00041040, 0x00040000, 0x10041000, 0x00001000,
235 0x00000040, 0x10040040, 0x00001000, 0x00041040,
236 0x10001000, 0x00000040, 0x10000040, 0x10040000,
237 0x10040040, 0x10000000, 0x00040000, 0x10001040,
238 0x00000000, 0x10041040, 0x00040040, 0x10000040,
239 0x10040000, 0x10001000, 0x10001040, 0x00000000,
240 0x10041040, 0x00041000, 0x00041000, 0x00001040,
241 0x00001040, 0x00040040, 0x10000000, 0x10041000
242 };
243
244 /*
245 * PC1: left and right halves bit-swap
246 */
247 static const uint32_t LHs[16] =
248 {
249 0x00000000, 0x00000001, 0x00000100, 0x00000101,
250 0x00010000, 0x00010001, 0x00010100, 0x00010101,
251 0x01000000, 0x01000001, 0x01000100, 0x01000101,
252 0x01010000, 0x01010001, 0x01010100, 0x01010101
253 };
254
255 static const uint32_t RHs[16] =
256 {
257 0x00000000, 0x01000000, 0x00010000, 0x01010000,
258 0x00000100, 0x01000100, 0x00010100, 0x01010100,
259 0x00000001, 0x01000001, 0x00010001, 0x01010001,
260 0x00000101, 0x01000101, 0x00010101, 0x01010101,
261 };
262
263 /*
264 * Initial Permutation macro
265 */
266 #define DES_IP(X,Y) \
267 { \
268 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
271 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
272 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
273 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
274 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
275 }
276
277 /*
278 * Final Permutation macro
279 */
280 #define DES_FP(X,Y) \
281 { \
282 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
283 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
284 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
285 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
286 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
287 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
288 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
289 }
290
291 /*
292 * DES round macro
293 */
294 #define DES_ROUND(X,Y) \
295 { \
296 T = *SK++ ^ X; \
297 Y ^= SB8[ (T ) & 0x3F ] ^ \
298 SB6[ (T >> 8) & 0x3F ] ^ \
299 SB4[ (T >> 16) & 0x3F ] ^ \
300 SB2[ (T >> 24) & 0x3F ]; \
301 \
302 T = *SK++ ^ ((X << 28) | (X >> 4)); \
303 Y ^= SB7[ (T ) & 0x3F ] ^ \
304 SB5[ (T >> 8) & 0x3F ] ^ \
305 SB3[ (T >> 16) & 0x3F ] ^ \
306 SB1[ (T >> 24) & 0x3F ]; \
307 }
308
309 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
310
311 void mbedtls_des_init( mbedtls_des_context *ctx )
312 {
313 memset( ctx, 0, sizeof( mbedtls_des_context ) );
314 }
315
316 void mbedtls_des_free( mbedtls_des_context *ctx )
317 {
318 if( ctx == NULL )
319 return;
320
321 mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
322 }
323
324 void mbedtls_des3_init( mbedtls_des3_context *ctx )
325 {
326 memset( ctx, 0, sizeof( mbedtls_des3_context ) );
327 }
328
329 void mbedtls_des3_free( mbedtls_des3_context *ctx )
330 {
331 if( ctx == NULL )
332 return;
333
334 mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
335 }
336
337 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
338 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
339 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
340 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
341 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
342 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
343 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
344 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
345 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
346 254 };
347
348 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
349 {
350 int i;
351
352 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
353 key[i] = odd_parity_table[key[i] / 2];
354 }
355
356 /*
357 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
358 */
359 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
360 {
361 int i;
362
363 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
364 if( key[i] != odd_parity_table[key[i] / 2] )
365 return( 1 );
366
367 return( 0 );
368 }
369
370 /*
371 * Table of weak and semi-weak keys
372 *
373 * Source: http://en.wikipedia.org/wiki/Weak_key
374 *
375 * Weak:
376 * Alternating ones + zeros (0x0101010101010101)
377 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
378 * '0xE0E0E0E0F1F1F1F1'
379 * '0x1F1F1F1F0E0E0E0E'
380 *
381 * Semi-weak:
382 * 0x011F011F010E010E and 0x1F011F010E010E01
383 * 0x01E001E001F101F1 and 0xE001E001F101F101
384 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
385 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
386 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
387 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
388 *
389 */
390
391 #define WEAK_KEY_COUNT 16
392
393 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
394 {
395 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
396 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
397 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
398 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
399
400 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
401 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
402 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
403 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
404 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
405 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
406 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
407 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
408 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
409 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
410 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
411 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
412 };
413
414 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
415 {
416 int i;
417
418 for( i = 0; i < WEAK_KEY_COUNT; i++ )
419 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
420 return( 1 );
421
422 return( 0 );
423 }
424
425 #if !defined(MBEDTLS_DES_SETKEY_ALT)
426 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
427 {
428 int i;
429 uint32_t X, Y, T;
430
431 GET_UINT32_BE( X, key, 0 );
432 GET_UINT32_BE( Y, key, 4 );
433
434 /*
435 * Permuted Choice 1
436 */
437 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
438 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
439
440 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
441 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
442 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
443 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
444
445 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
446 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
447 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
448 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
449
450 X &= 0x0FFFFFFF;
451 Y &= 0x0FFFFFFF;
452
453 /*
454 * calculate subkeys
455 */
456 for( i = 0; i < 16; i++ )
457 {
458 if( i < 2 || i == 8 || i == 15 )
459 {
460 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
461 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
462 }
463 else
464 {
465 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
466 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
467 }
468
469 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
470 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
471 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
472 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
473 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
474 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
475 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
476 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
477 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
478 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
479 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
480
481 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
482 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
483 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
484 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
485 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
486 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
487 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
488 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
489 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
490 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
491 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
492 }
493 }
494 #endif /* !MBEDTLS_DES_SETKEY_ALT */
495
496 /*
497 * DES key schedule (56-bit, encryption)
498 */
499 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
500 {
501 mbedtls_des_setkey( ctx->sk, key );
502
503 return( 0 );
504 }
505
506 /*
507 * DES key schedule (56-bit, decryption)
508 */
509 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
510 {
511 int i;
512
513 mbedtls_des_setkey( ctx->sk, key );
514
515 for( i = 0; i < 16; i += 2 )
516 {
517 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
518 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
519 }
520
521 return( 0 );
522 }
523
524 static void des3_set2key( uint32_t esk[96],
525 uint32_t dsk[96],
526 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
527 {
528 int i;
529
530 mbedtls_des_setkey( esk, key );
531 mbedtls_des_setkey( dsk + 32, key + 8 );
532
533 for( i = 0; i < 32; i += 2 )
534 {
535 dsk[i ] = esk[30 - i];
536 dsk[i + 1] = esk[31 - i];
537
538 esk[i + 32] = dsk[62 - i];
539 esk[i + 33] = dsk[63 - i];
540
541 esk[i + 64] = esk[i ];
542 esk[i + 65] = esk[i + 1];
543
544 dsk[i + 64] = dsk[i ];
545 dsk[i + 65] = dsk[i + 1];
546 }
547 }
548
549 /*
550 * Triple-DES key schedule (112-bit, encryption)
551 */
552 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
553 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
554 {
555 uint32_t sk[96];
556
557 des3_set2key( ctx->sk, sk, key );
558 mbedtls_zeroize( sk, sizeof( sk ) );
559
560 return( 0 );
561 }
562
563 /*
564 * Triple-DES key schedule (112-bit, decryption)
565 */
566 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
567 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
568 {
569 uint32_t sk[96];
570
571 des3_set2key( sk, ctx->sk, key );
572 mbedtls_zeroize( sk, sizeof( sk ) );
573
574 return( 0 );
575 }
576
577 static void des3_set3key( uint32_t esk[96],
578 uint32_t dsk[96],
579 const unsigned char key[24] )
580 {
581 int i;
582
583 mbedtls_des_setkey( esk, key );
584 mbedtls_des_setkey( dsk + 32, key + 8 );
585 mbedtls_des_setkey( esk + 64, key + 16 );
586
587 for( i = 0; i < 32; i += 2 )
588 {
589 dsk[i ] = esk[94 - i];
590 dsk[i + 1] = esk[95 - i];
591
592 esk[i + 32] = dsk[62 - i];
593 esk[i + 33] = dsk[63 - i];
594
595 dsk[i + 64] = esk[30 - i];
596 dsk[i + 65] = esk[31 - i];
597 }
598 }
599
600 /*
601 * Triple-DES key schedule (168-bit, encryption)
602 */
603 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
604 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
605 {
606 uint32_t sk[96];
607
608 des3_set3key( ctx->sk, sk, key );
609 mbedtls_zeroize( sk, sizeof( sk ) );
610
611 return( 0 );
612 }
613
614 /*
615 * Triple-DES key schedule (168-bit, decryption)
616 */
617 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
618 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
619 {
620 uint32_t sk[96];
621
622 des3_set3key( sk, ctx->sk, key );
623 mbedtls_zeroize( sk, sizeof( sk ) );
624
625 return( 0 );
626 }
627
628 /*
629 * DES-ECB block encryption/decryption
630 */
631 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
632 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
633 const unsigned char input[8],
634 unsigned char output[8] )
635 {
636 int i;
637 uint32_t X, Y, T, *SK;
638
639 SK = ctx->sk;
640
641 GET_UINT32_BE( X, input, 0 );
642 GET_UINT32_BE( Y, input, 4 );
643
644 DES_IP( X, Y );
645
646 for( i = 0; i < 8; i++ )
647 {
648 DES_ROUND( Y, X );
649 DES_ROUND( X, Y );
650 }
651
652 DES_FP( Y, X );
653
654 PUT_UINT32_BE( Y, output, 0 );
655 PUT_UINT32_BE( X, output, 4 );
656
657 return( 0 );
658 }
659 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
660
661 #if defined(MBEDTLS_CIPHER_MODE_CBC)
662 /*
663 * DES-CBC buffer encryption/decryption
664 */
665 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
666 int mode,
667 size_t length,
668 unsigned char iv[8],
669 const unsigned char *input,
670 unsigned char *output )
671 {
672 int i;
673 unsigned char temp[8];
674
675 if( length % 8 )
676 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
677
678 if( mode == MBEDTLS_DES_ENCRYPT )
679 {
680 while( length > 0 )
681 {
682 for( i = 0; i < 8; i++ )
683 output[i] = (unsigned char)( input[i] ^ iv[i] );
684
685 mbedtls_des_crypt_ecb( ctx, output, output );
686 memcpy( iv, output, 8 );
687
688 input += 8;
689 output += 8;
690 length -= 8;
691 }
692 }
693 else /* MBEDTLS_DES_DECRYPT */
694 {
695 while( length > 0 )
696 {
697 memcpy( temp, input, 8 );
698 mbedtls_des_crypt_ecb( ctx, input, output );
699
700 for( i = 0; i < 8; i++ )
701 output[i] = (unsigned char)( output[i] ^ iv[i] );
702
703 memcpy( iv, temp, 8 );
704
705 input += 8;
706 output += 8;
707 length -= 8;
708 }
709 }
710
711 return( 0 );
712 }
713 #endif /* MBEDTLS_CIPHER_MODE_CBC */
714
715 /*
716 * 3DES-ECB block encryption/decryption
717 */
718 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
719 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
720 const unsigned char input[8],
721 unsigned char output[8] )
722 {
723 int i;
724 uint32_t X, Y, T, *SK;
725
726 SK = ctx->sk;
727
728 GET_UINT32_BE( X, input, 0 );
729 GET_UINT32_BE( Y, input, 4 );
730
731 DES_IP( X, Y );
732
733 for( i = 0; i < 8; i++ )
734 {
735 DES_ROUND( Y, X );
736 DES_ROUND( X, Y );
737 }
738
739 for( i = 0; i < 8; i++ )
740 {
741 DES_ROUND( X, Y );
742 DES_ROUND( Y, X );
743 }
744
745 for( i = 0; i < 8; i++ )
746 {
747 DES_ROUND( Y, X );
748 DES_ROUND( X, Y );
749 }
750
751 DES_FP( Y, X );
752
753 PUT_UINT32_BE( Y, output, 0 );
754 PUT_UINT32_BE( X, output, 4 );
755
756 return( 0 );
757 }
758 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
759
760 #if defined(MBEDTLS_CIPHER_MODE_CBC)
761 /*
762 * 3DES-CBC buffer encryption/decryption
763 */
764 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
765 int mode,
766 size_t length,
767 unsigned char iv[8],
768 const unsigned char *input,
769 unsigned char *output )
770 {
771 int i;
772 unsigned char temp[8];
773
774 if( length % 8 )
775 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
776
777 if( mode == MBEDTLS_DES_ENCRYPT )
778 {
779 while( length > 0 )
780 {
781 for( i = 0; i < 8; i++ )
782 output[i] = (unsigned char)( input[i] ^ iv[i] );
783
784 mbedtls_des3_crypt_ecb( ctx, output, output );
785 memcpy( iv, output, 8 );
786
787 input += 8;
788 output += 8;
789 length -= 8;
790 }
791 }
792 else /* MBEDTLS_DES_DECRYPT */
793 {
794 while( length > 0 )
795 {
796 memcpy( temp, input, 8 );
797 mbedtls_des3_crypt_ecb( ctx, input, output );
798
799 for( i = 0; i < 8; i++ )
800 output[i] = (unsigned char)( output[i] ^ iv[i] );
801
802 memcpy( iv, temp, 8 );
803
804 input += 8;
805 output += 8;
806 length -= 8;
807 }
808 }
809
810 return( 0 );
811 }
812 #endif /* MBEDTLS_CIPHER_MODE_CBC */
813
814 #endif /* !MBEDTLS_DES_ALT */
815
816 #if defined(MBEDTLS_SELF_TEST)
817 /*
818 * DES and 3DES test vectors from:
819 *
820 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
821 */
822 static const unsigned char des3_test_keys[24] =
823 {
824 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
825 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
826 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
827 };
828
829 static const unsigned char des3_test_buf[8] =
830 {
831 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
832 };
833
834 static const unsigned char des3_test_ecb_dec[3][8] =
835 {
836 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
837 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
838 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
839 };
840
841 static const unsigned char des3_test_ecb_enc[3][8] =
842 {
843 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
844 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
845 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
846 };
847
848 #if defined(MBEDTLS_CIPHER_MODE_CBC)
849 static const unsigned char des3_test_iv[8] =
850 {
851 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
852 };
853
854 static const unsigned char des3_test_cbc_dec[3][8] =
855 {
856 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
857 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
858 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
859 };
860
861 static const unsigned char des3_test_cbc_enc[3][8] =
862 {
863 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
864 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
865 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
866 };
867 #endif /* MBEDTLS_CIPHER_MODE_CBC */
868
869 /*
870 * Checkup routine
871 */
872 int mbedtls_des_self_test( int verbose )
873 {
874 int i, j, u, v, ret = 0;
875 mbedtls_des_context ctx;
876 mbedtls_des3_context ctx3;
877 unsigned char buf[8];
878 #if defined(MBEDTLS_CIPHER_MODE_CBC)
879 unsigned char prv[8];
880 unsigned char iv[8];
881 #endif
882
883 mbedtls_des_init( &ctx );
884 mbedtls_des3_init( &ctx3 );
885 /*
886 * ECB mode
887 */
888 for( i = 0; i < 6; i++ )
889 {
890 u = i >> 1;
891 v = i & 1;
892
893 if( verbose != 0 )
894 mbedtls_printf( " DES%c-ECB-%3d (%s): ",
895 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
896 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
897
898 memcpy( buf, des3_test_buf, 8 );
899
900 switch( i )
901 {
902 case 0:
903 mbedtls_des_setkey_dec( &ctx, des3_test_keys );
904 break;
905
906 case 1:
907 mbedtls_des_setkey_enc( &ctx, des3_test_keys );
908 break;
909
910 case 2:
911 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
912 break;
913
914 case 3:
915 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
916 break;
917
918 case 4:
919 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
920 break;
921
922 case 5:
923 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
924 break;
925
926 default:
927 return( 1 );
928 }
929
930 for( j = 0; j < 10000; j++ )
931 {
932 if( u == 0 )
933 mbedtls_des_crypt_ecb( &ctx, buf, buf );
934 else
935 mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
936 }
937
938 if( ( v == MBEDTLS_DES_DECRYPT &&
939 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
940 ( v != MBEDTLS_DES_DECRYPT &&
941 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
942 {
943 if( verbose != 0 )
944 mbedtls_printf( "failed\n" );
945
946 ret = 1;
947 goto exit;
948 }
949
950 if( verbose != 0 )
951 mbedtls_printf( "passed\n" );
952 }
953
954 if( verbose != 0 )
955 mbedtls_printf( "\n" );
956
957 #if defined(MBEDTLS_CIPHER_MODE_CBC)
958 /*
959 * CBC mode
960 */
961 for( i = 0; i < 6; i++ )
962 {
963 u = i >> 1;
964 v = i & 1;
965
966 if( verbose != 0 )
967 mbedtls_printf( " DES%c-CBC-%3d (%s): ",
968 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
969 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
970
971 memcpy( iv, des3_test_iv, 8 );
972 memcpy( prv, des3_test_iv, 8 );
973 memcpy( buf, des3_test_buf, 8 );
974
975 switch( i )
976 {
977 case 0:
978 mbedtls_des_setkey_dec( &ctx, des3_test_keys );
979 break;
980
981 case 1:
982 mbedtls_des_setkey_enc( &ctx, des3_test_keys );
983 break;
984
985 case 2:
986 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
987 break;
988
989 case 3:
990 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
991 break;
992
993 case 4:
994 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
995 break;
996
997 case 5:
998 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
999 break;
1000
1001 default:
1002 return( 1 );
1003 }
1004
1005 if( v == MBEDTLS_DES_DECRYPT )
1006 {
1007 for( j = 0; j < 10000; j++ )
1008 {
1009 if( u == 0 )
1010 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1011 else
1012 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1013 }
1014 }
1015 else
1016 {
1017 for( j = 0; j < 10000; j++ )
1018 {
1019 unsigned char tmp[8];
1020
1021 if( u == 0 )
1022 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1023 else
1024 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1025
1026 memcpy( tmp, prv, 8 );
1027 memcpy( prv, buf, 8 );
1028 memcpy( buf, tmp, 8 );
1029 }
1030
1031 memcpy( buf, prv, 8 );
1032 }
1033
1034 if( ( v == MBEDTLS_DES_DECRYPT &&
1035 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
1036 ( v != MBEDTLS_DES_DECRYPT &&
1037 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
1038 {
1039 if( verbose != 0 )
1040 mbedtls_printf( "failed\n" );
1041
1042 ret = 1;
1043 goto exit;
1044 }
1045
1046 if( verbose != 0 )
1047 mbedtls_printf( "passed\n" );
1048 }
1049 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1050
1051 if( verbose != 0 )
1052 mbedtls_printf( "\n" );
1053
1054 exit:
1055 mbedtls_des_free( &ctx );
1056 mbedtls_des3_free( &ctx3 );
1057
1058 return( ret );
1059 }
1060
1061 #endif /* MBEDTLS_SELF_TEST */
1062
1063 #endif /* MBEDTLS_DES_C */
A free Windows-compatible Operating System