Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers des.c Source File

des.c

00001 /*
00002  *  FIPS-46-3 compliant Triple-DES implementation
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 /*
00022  *  DES, on which TDES is based, was originally designed by Horst Feistel
00023  *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
00024  *
00025  *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
00026  */
00027 
00028 #if !defined(MBEDTLS_CONFIG_FILE)
00029 #include "mbedtls/config.h"
00030 #else
00031 #include MBEDTLS_CONFIG_FILE
00032 #endif
00033 
00034 #if defined(MBEDTLS_DES_C)
00035 
00036 #include "mbedtls/des.h"
00037 #include "mbedtls/platform_util.h"
00038 
00039 #include <string.h>
00040 
00041 #if defined(MBEDTLS_SELF_TEST)
00042 #if defined(MBEDTLS_PLATFORM_C)
00043 #include "mbedtls/platform.h"
00044 #else
00045 #include <stdio.h>
00046 #define mbedtls_printf printf
00047 #endif /* MBEDTLS_PLATFORM_C */
00048 #endif /* MBEDTLS_SELF_TEST */
00049 
00050 #if !defined(MBEDTLS_DES_ALT)
00051 
00052 /*
00053  * 32-bit integer manipulation macros (big endian)
00054  */
00055 #ifndef GET_UINT32_BE
00056 #define GET_UINT32_BE(n,b,i)                            \
00057 {                                                       \
00058     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00059         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00060         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00061         | ( (uint32_t) (b)[(i) + 3]       );            \
00062 }
00063 #endif
00064 
00065 #ifndef PUT_UINT32_BE
00066 #define PUT_UINT32_BE(n,b,i)                            \
00067 {                                                       \
00068     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00069     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00070     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00071     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00072 }
00073 #endif
00074 
00075 /*
00076  * Expanded DES S-boxes
00077  */
00078 static const uint32_t SB1[64] =
00079 {
00080     0x01010400, 0x00000000, 0x00010000, 0x01010404,
00081     0x01010004, 0x00010404, 0x00000004, 0x00010000,
00082     0x00000400, 0x01010400, 0x01010404, 0x00000400,
00083     0x01000404, 0x01010004, 0x01000000, 0x00000004,
00084     0x00000404, 0x01000400, 0x01000400, 0x00010400,
00085     0x00010400, 0x01010000, 0x01010000, 0x01000404,
00086     0x00010004, 0x01000004, 0x01000004, 0x00010004,
00087     0x00000000, 0x00000404, 0x00010404, 0x01000000,
00088     0x00010000, 0x01010404, 0x00000004, 0x01010000,
00089     0x01010400, 0x01000000, 0x01000000, 0x00000400,
00090     0x01010004, 0x00010000, 0x00010400, 0x01000004,
00091     0x00000400, 0x00000004, 0x01000404, 0x00010404,
00092     0x01010404, 0x00010004, 0x01010000, 0x01000404,
00093     0x01000004, 0x00000404, 0x00010404, 0x01010400,
00094     0x00000404, 0x01000400, 0x01000400, 0x00000000,
00095     0x00010004, 0x00010400, 0x00000000, 0x01010004
00096 };
00097 
00098 static const uint32_t SB2[64] =
00099 {
00100     0x80108020, 0x80008000, 0x00008000, 0x00108020,
00101     0x00100000, 0x00000020, 0x80100020, 0x80008020,
00102     0x80000020, 0x80108020, 0x80108000, 0x80000000,
00103     0x80008000, 0x00100000, 0x00000020, 0x80100020,
00104     0x00108000, 0x00100020, 0x80008020, 0x00000000,
00105     0x80000000, 0x00008000, 0x00108020, 0x80100000,
00106     0x00100020, 0x80000020, 0x00000000, 0x00108000,
00107     0x00008020, 0x80108000, 0x80100000, 0x00008020,
00108     0x00000000, 0x00108020, 0x80100020, 0x00100000,
00109     0x80008020, 0x80100000, 0x80108000, 0x00008000,
00110     0x80100000, 0x80008000, 0x00000020, 0x80108020,
00111     0x00108020, 0x00000020, 0x00008000, 0x80000000,
00112     0x00008020, 0x80108000, 0x00100000, 0x80000020,
00113     0x00100020, 0x80008020, 0x80000020, 0x00100020,
00114     0x00108000, 0x00000000, 0x80008000, 0x00008020,
00115     0x80000000, 0x80100020, 0x80108020, 0x00108000
00116 };
00117 
00118 static const uint32_t SB3[64] =
00119 {
00120     0x00000208, 0x08020200, 0x00000000, 0x08020008,
00121     0x08000200, 0x00000000, 0x00020208, 0x08000200,
00122     0x00020008, 0x08000008, 0x08000008, 0x00020000,
00123     0x08020208, 0x00020008, 0x08020000, 0x00000208,
00124     0x08000000, 0x00000008, 0x08020200, 0x00000200,
00125     0x00020200, 0x08020000, 0x08020008, 0x00020208,
00126     0x08000208, 0x00020200, 0x00020000, 0x08000208,
00127     0x00000008, 0x08020208, 0x00000200, 0x08000000,
00128     0x08020200, 0x08000000, 0x00020008, 0x00000208,
00129     0x00020000, 0x08020200, 0x08000200, 0x00000000,
00130     0x00000200, 0x00020008, 0x08020208, 0x08000200,
00131     0x08000008, 0x00000200, 0x00000000, 0x08020008,
00132     0x08000208, 0x00020000, 0x08000000, 0x08020208,
00133     0x00000008, 0x00020208, 0x00020200, 0x08000008,
00134     0x08020000, 0x08000208, 0x00000208, 0x08020000,
00135     0x00020208, 0x00000008, 0x08020008, 0x00020200
00136 };
00137 
00138 static const uint32_t SB4[64] =
00139 {
00140     0x00802001, 0x00002081, 0x00002081, 0x00000080,
00141     0x00802080, 0x00800081, 0x00800001, 0x00002001,
00142     0x00000000, 0x00802000, 0x00802000, 0x00802081,
00143     0x00000081, 0x00000000, 0x00800080, 0x00800001,
00144     0x00000001, 0x00002000, 0x00800000, 0x00802001,
00145     0x00000080, 0x00800000, 0x00002001, 0x00002080,
00146     0x00800081, 0x00000001, 0x00002080, 0x00800080,
00147     0x00002000, 0x00802080, 0x00802081, 0x00000081,
00148     0x00800080, 0x00800001, 0x00802000, 0x00802081,
00149     0x00000081, 0x00000000, 0x00000000, 0x00802000,
00150     0x00002080, 0x00800080, 0x00800081, 0x00000001,
00151     0x00802001, 0x00002081, 0x00002081, 0x00000080,
00152     0x00802081, 0x00000081, 0x00000001, 0x00002000,
00153     0x00800001, 0x00002001, 0x00802080, 0x00800081,
00154     0x00002001, 0x00002080, 0x00800000, 0x00802001,
00155     0x00000080, 0x00800000, 0x00002000, 0x00802080
00156 };
00157 
00158 static const uint32_t SB5[64] =
00159 {
00160     0x00000100, 0x02080100, 0x02080000, 0x42000100,
00161     0x00080000, 0x00000100, 0x40000000, 0x02080000,
00162     0x40080100, 0x00080000, 0x02000100, 0x40080100,
00163     0x42000100, 0x42080000, 0x00080100, 0x40000000,
00164     0x02000000, 0x40080000, 0x40080000, 0x00000000,
00165     0x40000100, 0x42080100, 0x42080100, 0x02000100,
00166     0x42080000, 0x40000100, 0x00000000, 0x42000000,
00167     0x02080100, 0x02000000, 0x42000000, 0x00080100,
00168     0x00080000, 0x42000100, 0x00000100, 0x02000000,
00169     0x40000000, 0x02080000, 0x42000100, 0x40080100,
00170     0x02000100, 0x40000000, 0x42080000, 0x02080100,
00171     0x40080100, 0x00000100, 0x02000000, 0x42080000,
00172     0x42080100, 0x00080100, 0x42000000, 0x42080100,
00173     0x02080000, 0x00000000, 0x40080000, 0x42000000,
00174     0x00080100, 0x02000100, 0x40000100, 0x00080000,
00175     0x00000000, 0x40080000, 0x02080100, 0x40000100
00176 };
00177 
00178 static const uint32_t SB6[64] =
00179 {
00180     0x20000010, 0x20400000, 0x00004000, 0x20404010,
00181     0x20400000, 0x00000010, 0x20404010, 0x00400000,
00182     0x20004000, 0x00404010, 0x00400000, 0x20000010,
00183     0x00400010, 0x20004000, 0x20000000, 0x00004010,
00184     0x00000000, 0x00400010, 0x20004010, 0x00004000,
00185     0x00404000, 0x20004010, 0x00000010, 0x20400010,
00186     0x20400010, 0x00000000, 0x00404010, 0x20404000,
00187     0x00004010, 0x00404000, 0x20404000, 0x20000000,
00188     0x20004000, 0x00000010, 0x20400010, 0x00404000,
00189     0x20404010, 0x00400000, 0x00004010, 0x20000010,
00190     0x00400000, 0x20004000, 0x20000000, 0x00004010,
00191     0x20000010, 0x20404010, 0x00404000, 0x20400000,
00192     0x00404010, 0x20404000, 0x00000000, 0x20400010,
00193     0x00000010, 0x00004000, 0x20400000, 0x00404010,
00194     0x00004000, 0x00400010, 0x20004010, 0x00000000,
00195     0x20404000, 0x20000000, 0x00400010, 0x20004010
00196 };
00197 
00198 static const uint32_t SB7[64] =
00199 {
00200     0x00200000, 0x04200002, 0x04000802, 0x00000000,
00201     0x00000800, 0x04000802, 0x00200802, 0x04200800,
00202     0x04200802, 0x00200000, 0x00000000, 0x04000002,
00203     0x00000002, 0x04000000, 0x04200002, 0x00000802,
00204     0x04000800, 0x00200802, 0x00200002, 0x04000800,
00205     0x04000002, 0x04200000, 0x04200800, 0x00200002,
00206     0x04200000, 0x00000800, 0x00000802, 0x04200802,
00207     0x00200800, 0x00000002, 0x04000000, 0x00200800,
00208     0x04000000, 0x00200800, 0x00200000, 0x04000802,
00209     0x04000802, 0x04200002, 0x04200002, 0x00000002,
00210     0x00200002, 0x04000000, 0x04000800, 0x00200000,
00211     0x04200800, 0x00000802, 0x00200802, 0x04200800,
00212     0x00000802, 0x04000002, 0x04200802, 0x04200000,
00213     0x00200800, 0x00000000, 0x00000002, 0x04200802,
00214     0x00000000, 0x00200802, 0x04200000, 0x00000800,
00215     0x04000002, 0x04000800, 0x00000800, 0x00200002
00216 };
00217 
00218 static const uint32_t SB8[64] =
00219 {
00220     0x10001040, 0x00001000, 0x00040000, 0x10041040,
00221     0x10000000, 0x10001040, 0x00000040, 0x10000000,
00222     0x00040040, 0x10040000, 0x10041040, 0x00041000,
00223     0x10041000, 0x00041040, 0x00001000, 0x00000040,
00224     0x10040000, 0x10000040, 0x10001000, 0x00001040,
00225     0x00041000, 0x00040040, 0x10040040, 0x10041000,
00226     0x00001040, 0x00000000, 0x00000000, 0x10040040,
00227     0x10000040, 0x10001000, 0x00041040, 0x00040000,
00228     0x00041040, 0x00040000, 0x10041000, 0x00001000,
00229     0x00000040, 0x10040040, 0x00001000, 0x00041040,
00230     0x10001000, 0x00000040, 0x10000040, 0x10040000,
00231     0x10040040, 0x10000000, 0x00040000, 0x10001040,
00232     0x00000000, 0x10041040, 0x00040040, 0x10000040,
00233     0x10040000, 0x10001000, 0x10001040, 0x00000000,
00234     0x10041040, 0x00041000, 0x00041000, 0x00001040,
00235     0x00001040, 0x00040040, 0x10000000, 0x10041000
00236 };
00237 
00238 /*
00239  * PC1: left and right halves bit-swap
00240  */
00241 static const uint32_t LHs[16] =
00242 {
00243     0x00000000, 0x00000001, 0x00000100, 0x00000101,
00244     0x00010000, 0x00010001, 0x00010100, 0x00010101,
00245     0x01000000, 0x01000001, 0x01000100, 0x01000101,
00246     0x01010000, 0x01010001, 0x01010100, 0x01010101
00247 };
00248 
00249 static const uint32_t RHs[16] =
00250 {
00251     0x00000000, 0x01000000, 0x00010000, 0x01010000,
00252     0x00000100, 0x01000100, 0x00010100, 0x01010100,
00253     0x00000001, 0x01000001, 0x00010001, 0x01010001,
00254     0x00000101, 0x01000101, 0x00010101, 0x01010101,
00255 };
00256 
00257 /*
00258  * Initial Permutation macro
00259  */
00260 #define DES_IP(X,Y)                                             \
00261 {                                                               \
00262     T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
00263     T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
00264     T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
00265     T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
00266     Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF;                    \
00267     T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T;                   \
00268     X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF;                    \
00269 }
00270 
00271 /*
00272  * Final Permutation macro
00273  */
00274 #define DES_FP(X,Y)                                             \
00275 {                                                               \
00276     X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF;                    \
00277     T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T;                   \
00278     Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF;                    \
00279     T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
00280     T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
00281     T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
00282     T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
00283 }
00284 
00285 /*
00286  * DES round macro
00287  */
00288 #define DES_ROUND(X,Y)                          \
00289 {                                               \
00290     T = *SK++ ^ X;                              \
00291     Y ^= SB8[ (T      ) & 0x3F ] ^              \
00292          SB6[ (T >>  8) & 0x3F ] ^              \
00293          SB4[ (T >> 16) & 0x3F ] ^              \
00294          SB2[ (T >> 24) & 0x3F ];               \
00295                                                 \
00296     T = *SK++ ^ ((X << 28) | (X >> 4));         \
00297     Y ^= SB7[ (T      ) & 0x3F ] ^              \
00298          SB5[ (T >>  8) & 0x3F ] ^              \
00299          SB3[ (T >> 16) & 0x3F ] ^              \
00300          SB1[ (T >> 24) & 0x3F ];               \
00301 }
00302 
00303 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
00304 
00305 void mbedtls_des_init( mbedtls_des_context *ctx )
00306 {
00307     memset( ctx, 0, sizeof( mbedtls_des_context ) );
00308 }
00309 
00310 void mbedtls_des_free( mbedtls_des_context *ctx )
00311 {
00312     if( ctx == NULL )
00313         return;
00314 
00315     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
00316 }
00317 
00318 void mbedtls_des3_init( mbedtls_des3_context *ctx )
00319 {
00320     memset( ctx, 0, sizeof( mbedtls_des3_context ) );
00321 }
00322 
00323 void mbedtls_des3_free( mbedtls_des3_context *ctx )
00324 {
00325     if( ctx == NULL )
00326         return;
00327 
00328     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
00329 }
00330 
00331 static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
00332         11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
00333         47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
00334         82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
00335         115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
00336         143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
00337         171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
00338         199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
00339         227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
00340         254 };
00341 
00342 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00343 {
00344     int i;
00345 
00346     for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
00347         key[i] = odd_parity_table[key[i] / 2];
00348 }
00349 
00350 /*
00351  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
00352  */
00353 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00354 {
00355     int i;
00356 
00357     for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
00358         if( key[i] != odd_parity_table[key[i] / 2] )
00359             return( 1 );
00360 
00361     return( 0 );
00362 }
00363 
00364 /*
00365  * Table of weak and semi-weak keys
00366  *
00367  * Source: http://en.wikipedia.org/wiki/Weak_key
00368  *
00369  * Weak:
00370  * Alternating ones + zeros (0x0101010101010101)
00371  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
00372  * '0xE0E0E0E0F1F1F1F1'
00373  * '0x1F1F1F1F0E0E0E0E'
00374  *
00375  * Semi-weak:
00376  * 0x011F011F010E010E and 0x1F011F010E010E01
00377  * 0x01E001E001F101F1 and 0xE001E001F101F101
00378  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
00379  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
00380  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
00381  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
00382  *
00383  */
00384 
00385 #define WEAK_KEY_COUNT 16
00386 
00387 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
00388 {
00389     { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
00390     { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
00391     { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
00392     { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
00393 
00394     { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
00395     { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
00396     { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
00397     { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
00398     { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
00399     { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
00400     { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
00401     { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
00402     { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
00403     { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
00404     { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
00405     { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
00406 };
00407 
00408 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00409 {
00410     int i;
00411 
00412     for( i = 0; i < WEAK_KEY_COUNT; i++ )
00413         if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
00414             return( 1 );
00415 
00416     return( 0 );
00417 }
00418 
00419 #if !defined(MBEDTLS_DES_SETKEY_ALT)
00420 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00421 {
00422     int i;
00423     uint32_t X, Y, T;
00424 
00425     GET_UINT32_BE( X, key, 0 );
00426     GET_UINT32_BE( Y, key, 4 );
00427 
00428     /*
00429      * Permuted Choice 1
00430      */
00431     T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
00432     T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
00433 
00434     X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
00435         | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
00436         | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
00437         | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
00438 
00439     Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
00440         | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
00441         | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
00442         | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
00443 
00444     X &= 0x0FFFFFFF;
00445     Y &= 0x0FFFFFFF;
00446 
00447     /*
00448      * calculate subkeys
00449      */
00450     for( i = 0; i < 16; i++ )
00451     {
00452         if( i < 2 || i == 8 || i == 15 )
00453         {
00454             X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
00455             Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
00456         }
00457         else
00458         {
00459             X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
00460             Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
00461         }
00462 
00463         *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
00464                 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
00465                 | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
00466                 | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
00467                 | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
00468                 | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
00469                 | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
00470                 | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
00471                 | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
00472                 | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
00473                 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
00474 
00475         *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
00476                 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
00477                 | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
00478                 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
00479                 | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
00480                 | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
00481                 | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
00482                 | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
00483                 | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
00484                 | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
00485                 | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
00486     }
00487 }
00488 #endif /* !MBEDTLS_DES_SETKEY_ALT */
00489 
00490 /*
00491  * DES key schedule (56-bit, encryption)
00492  */
00493 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00494 {
00495     mbedtls_des_setkey( ctx->sk , key );
00496 
00497     return( 0 );
00498 }
00499 
00500 /*
00501  * DES key schedule (56-bit, decryption)
00502  */
00503 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00504 {
00505     int i;
00506 
00507     mbedtls_des_setkey( ctx->sk , key );
00508 
00509     for( i = 0; i < 16; i += 2 )
00510     {
00511         SWAP( ctx->sk [i    ], ctx->sk [30 - i] );
00512         SWAP( ctx->sk [i + 1], ctx->sk [31 - i] );
00513     }
00514 
00515     return( 0 );
00516 }
00517 
00518 static void des3_set2key( uint32_t esk[96],
00519                           uint32_t dsk[96],
00520                           const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
00521 {
00522     int i;
00523 
00524     mbedtls_des_setkey( esk, key );
00525     mbedtls_des_setkey( dsk + 32, key + 8 );
00526 
00527     for( i = 0; i < 32; i += 2 )
00528     {
00529         dsk[i     ] = esk[30 - i];
00530         dsk[i +  1] = esk[31 - i];
00531 
00532         esk[i + 32] = dsk[62 - i];
00533         esk[i + 33] = dsk[63 - i];
00534 
00535         esk[i + 64] = esk[i    ];
00536         esk[i + 65] = esk[i + 1];
00537 
00538         dsk[i + 64] = dsk[i    ];
00539         dsk[i + 65] = dsk[i + 1];
00540     }
00541 }
00542 
00543 /*
00544  * Triple-DES key schedule (112-bit, encryption)
00545  */
00546 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
00547                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
00548 {
00549     uint32_t sk[96];
00550 
00551     des3_set2key( ctx->sk , sk, key );
00552     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00553 
00554     return( 0 );
00555 }
00556 
00557 /*
00558  * Triple-DES key schedule (112-bit, decryption)
00559  */
00560 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
00561                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
00562 {
00563     uint32_t sk[96];
00564 
00565     des3_set2key( sk, ctx->sk , key );
00566     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00567 
00568     return( 0 );
00569 }
00570 
00571 static void des3_set3key( uint32_t esk[96],
00572                           uint32_t dsk[96],
00573                           const unsigned char key[24] )
00574 {
00575     int i;
00576 
00577     mbedtls_des_setkey( esk, key );
00578     mbedtls_des_setkey( dsk + 32, key +  8 );
00579     mbedtls_des_setkey( esk + 64, key + 16 );
00580 
00581     for( i = 0; i < 32; i += 2 )
00582     {
00583         dsk[i     ] = esk[94 - i];
00584         dsk[i +  1] = esk[95 - i];
00585 
00586         esk[i + 32] = dsk[62 - i];
00587         esk[i + 33] = dsk[63 - i];
00588 
00589         dsk[i + 64] = esk[30 - i];
00590         dsk[i + 65] = esk[31 - i];
00591     }
00592 }
00593 
00594 /*
00595  * Triple-DES key schedule (168-bit, encryption)
00596  */
00597 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
00598                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
00599 {
00600     uint32_t sk[96];
00601 
00602     des3_set3key( ctx->sk , sk, key );
00603     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00604 
00605     return( 0 );
00606 }
00607 
00608 /*
00609  * Triple-DES key schedule (168-bit, decryption)
00610  */
00611 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
00612                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
00613 {
00614     uint32_t sk[96];
00615 
00616     des3_set3key( sk, ctx->sk , key );
00617     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00618 
00619     return( 0 );
00620 }
00621 
00622 /*
00623  * DES-ECB block encryption/decryption
00624  */
00625 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
00626 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
00627                     const unsigned char input[8],
00628                     unsigned char output[8] )
00629 {
00630     int i;
00631     uint32_t X, Y, T, *SK;
00632 
00633     SK = ctx->sk ;
00634 
00635     GET_UINT32_BE( X, input, 0 );
00636     GET_UINT32_BE( Y, input, 4 );
00637 
00638     DES_IP( X, Y );
00639 
00640     for( i = 0; i < 8; i++ )
00641     {
00642         DES_ROUND( Y, X );
00643         DES_ROUND( X, Y );
00644     }
00645 
00646     DES_FP( Y, X );
00647 
00648     PUT_UINT32_BE( Y, output, 0 );
00649     PUT_UINT32_BE( X, output, 4 );
00650 
00651     return( 0 );
00652 }
00653 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
00654 
00655 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00656 /*
00657  * DES-CBC buffer encryption/decryption
00658  */
00659 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
00660                     int mode,
00661                     size_t length,
00662                     unsigned char iv[8],
00663                     const unsigned char *input,
00664                     unsigned char *output )
00665 {
00666     int i;
00667     unsigned char temp[8];
00668 
00669     if( length % 8 )
00670         return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
00671 
00672     if( mode == MBEDTLS_DES_ENCRYPT )
00673     {
00674         while( length > 0 )
00675         {
00676             for( i = 0; i < 8; i++ )
00677                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00678 
00679             mbedtls_des_crypt_ecb( ctx, output, output );
00680             memcpy( iv, output, 8 );
00681 
00682             input  += 8;
00683             output += 8;
00684             length -= 8;
00685         }
00686     }
00687     else /* MBEDTLS_DES_DECRYPT */
00688     {
00689         while( length > 0 )
00690         {
00691             memcpy( temp, input, 8 );
00692             mbedtls_des_crypt_ecb( ctx, input, output );
00693 
00694             for( i = 0; i < 8; i++ )
00695                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00696 
00697             memcpy( iv, temp, 8 );
00698 
00699             input  += 8;
00700             output += 8;
00701             length -= 8;
00702         }
00703     }
00704 
00705     return( 0 );
00706 }
00707 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00708 
00709 /*
00710  * 3DES-ECB block encryption/decryption
00711  */
00712 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
00713 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
00714                      const unsigned char input[8],
00715                      unsigned char output[8] )
00716 {
00717     int i;
00718     uint32_t X, Y, T, *SK;
00719 
00720     SK = ctx->sk ;
00721 
00722     GET_UINT32_BE( X, input, 0 );
00723     GET_UINT32_BE( Y, input, 4 );
00724 
00725     DES_IP( X, Y );
00726 
00727     for( i = 0; i < 8; i++ )
00728     {
00729         DES_ROUND( Y, X );
00730         DES_ROUND( X, Y );
00731     }
00732 
00733     for( i = 0; i < 8; i++ )
00734     {
00735         DES_ROUND( X, Y );
00736         DES_ROUND( Y, X );
00737     }
00738 
00739     for( i = 0; i < 8; i++ )
00740     {
00741         DES_ROUND( Y, X );
00742         DES_ROUND( X, Y );
00743     }
00744 
00745     DES_FP( Y, X );
00746 
00747     PUT_UINT32_BE( Y, output, 0 );
00748     PUT_UINT32_BE( X, output, 4 );
00749 
00750     return( 0 );
00751 }
00752 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
00753 
00754 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00755 /*
00756  * 3DES-CBC buffer encryption/decryption
00757  */
00758 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
00759                      int mode,
00760                      size_t length,
00761                      unsigned char iv[8],
00762                      const unsigned char *input,
00763                      unsigned char *output )
00764 {
00765     int i;
00766     unsigned char temp[8];
00767 
00768     if( length % 8 )
00769         return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
00770 
00771     if( mode == MBEDTLS_DES_ENCRYPT )
00772     {
00773         while( length > 0 )
00774         {
00775             for( i = 0; i < 8; i++ )
00776                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00777 
00778             mbedtls_des3_crypt_ecb( ctx, output, output );
00779             memcpy( iv, output, 8 );
00780 
00781             input  += 8;
00782             output += 8;
00783             length -= 8;
00784         }
00785     }
00786     else /* MBEDTLS_DES_DECRYPT */
00787     {
00788         while( length > 0 )
00789         {
00790             memcpy( temp, input, 8 );
00791             mbedtls_des3_crypt_ecb( ctx, input, output );
00792 
00793             for( i = 0; i < 8; i++ )
00794                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00795 
00796             memcpy( iv, temp, 8 );
00797 
00798             input  += 8;
00799             output += 8;
00800             length -= 8;
00801         }
00802     }
00803 
00804     return( 0 );
00805 }
00806 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00807 
00808 #endif /* !MBEDTLS_DES_ALT */
00809 
00810 #if defined(MBEDTLS_SELF_TEST)
00811 /*
00812  * DES and 3DES test vectors from:
00813  *
00814  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
00815  */
00816 static const unsigned char des3_test_keys[24] =
00817 {
00818     0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
00819     0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
00820     0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
00821 };
00822 
00823 static const unsigned char des3_test_buf[8] =
00824 {
00825     0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
00826 };
00827 
00828 static const unsigned char des3_test_ecb_dec[3][8] =
00829 {
00830     { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
00831     { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
00832     { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
00833 };
00834 
00835 static const unsigned char des3_test_ecb_enc[3][8] =
00836 {
00837     { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
00838     { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
00839     { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
00840 };
00841 
00842 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00843 static const unsigned char des3_test_iv[8] =
00844 {
00845     0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
00846 };
00847 
00848 static const unsigned char des3_test_cbc_dec[3][8] =
00849 {
00850     { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
00851     { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
00852     { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
00853 };
00854 
00855 static const unsigned char des3_test_cbc_enc[3][8] =
00856 {
00857     { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
00858     { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
00859     { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
00860 };
00861 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00862 
00863 /*
00864  * Checkup routine
00865  */
00866 int mbedtls_des_self_test( int verbose )
00867 {
00868     int i, j, u, v, ret = 0;
00869     mbedtls_des_context ctx;
00870     mbedtls_des3_context ctx3;
00871     unsigned char buf[8];
00872 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00873     unsigned char prv[8];
00874     unsigned char iv[8];
00875 #endif
00876 
00877     mbedtls_des_init( &ctx );
00878     mbedtls_des3_init( &ctx3 );
00879     /*
00880      * ECB mode
00881      */
00882     for( i = 0; i < 6; i++ )
00883     {
00884         u = i >> 1;
00885         v = i  & 1;
00886 
00887         if( verbose != 0 )
00888             mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
00889                              ( u == 0 ) ? ' ' : '3', 56 + u * 56,
00890                              ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
00891 
00892         memcpy( buf, des3_test_buf, 8 );
00893 
00894         switch( i )
00895         {
00896         case 0:
00897             mbedtls_des_setkey_dec( &ctx, des3_test_keys );
00898             break;
00899 
00900         case 1:
00901             mbedtls_des_setkey_enc( &ctx, des3_test_keys );
00902             break;
00903 
00904         case 2:
00905             mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
00906             break;
00907 
00908         case 3:
00909             mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
00910             break;
00911 
00912         case 4:
00913             mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
00914             break;
00915 
00916         case 5:
00917             mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
00918             break;
00919 
00920         default:
00921             return( 1 );
00922         }
00923 
00924         for( j = 0; j < 10000; j++ )
00925         {
00926             if( u == 0 )
00927                 mbedtls_des_crypt_ecb( &ctx, buf, buf );
00928             else
00929                 mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
00930         }
00931 
00932         if( ( v == MBEDTLS_DES_DECRYPT &&
00933                 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
00934             ( v != MBEDTLS_DES_DECRYPT &&
00935                 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
00936         {
00937             if( verbose != 0 )
00938                 mbedtls_printf( "failed\n" );
00939 
00940             ret = 1;
00941             goto exit;
00942         }
00943 
00944         if( verbose != 0 )
00945             mbedtls_printf( "passed\n" );
00946     }
00947 
00948     if( verbose != 0 )
00949         mbedtls_printf( "\n" );
00950 
00951 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00952     /*
00953      * CBC mode
00954      */
00955     for( i = 0; i < 6; i++ )
00956     {
00957         u = i >> 1;
00958         v = i  & 1;
00959 
00960         if( verbose != 0 )
00961             mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
00962                              ( u == 0 ) ? ' ' : '3', 56 + u * 56,
00963                              ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
00964 
00965         memcpy( iv,  des3_test_iv,  8 );
00966         memcpy( prv, des3_test_iv,  8 );
00967         memcpy( buf, des3_test_buf, 8 );
00968 
00969         switch( i )
00970         {
00971         case 0:
00972             mbedtls_des_setkey_dec( &ctx, des3_test_keys );
00973             break;
00974 
00975         case 1:
00976             mbedtls_des_setkey_enc( &ctx, des3_test_keys );
00977             break;
00978 
00979         case 2:
00980             mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
00981             break;
00982 
00983         case 3:
00984             mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
00985             break;
00986 
00987         case 4:
00988             mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
00989             break;
00990 
00991         case 5:
00992             mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
00993             break;
00994 
00995         default:
00996             return( 1 );
00997         }
00998 
00999         if( v == MBEDTLS_DES_DECRYPT )
01000         {
01001             for( j = 0; j < 10000; j++ )
01002             {
01003                 if( u == 0 )
01004                     mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
01005                 else
01006                     mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
01007             }
01008         }
01009         else
01010         {
01011             for( j = 0; j < 10000; j++ )
01012             {
01013                 unsigned char tmp[8];
01014 
01015                 if( u == 0 )
01016                     mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
01017                 else
01018                     mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
01019 
01020                 memcpy( tmp, prv, 8 );
01021                 memcpy( prv, buf, 8 );
01022                 memcpy( buf, tmp, 8 );
01023             }
01024 
01025             memcpy( buf, prv, 8 );
01026         }
01027 
01028         if( ( v == MBEDTLS_DES_DECRYPT &&
01029                 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
01030             ( v != MBEDTLS_DES_DECRYPT &&
01031                 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
01032         {
01033             if( verbose != 0 )
01034                 mbedtls_printf( "failed\n" );
01035 
01036             ret = 1;
01037             goto exit;
01038         }
01039 
01040         if( verbose != 0 )
01041             mbedtls_printf( "passed\n" );
01042     }
01043 #endif /* MBEDTLS_CIPHER_MODE_CBC */
01044 
01045     if( verbose != 0 )
01046         mbedtls_printf( "\n" );
01047 
01048 exit:
01049     mbedtls_des_free( &ctx );
01050     mbedtls_des3_free( &ctx3 );
01051 
01052     return( ret );
01053 }
01054 
01055 #endif /* MBEDTLS_SELF_TEST */
01056 
01057 #endif /* MBEDTLS_DES_C */