Kenji Arai
/
TYBLE16_mbedlized_os5_several_examples_1st
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: nRF51_Vdd TextLCD BME280
Embed:
(wiki syntax)
Show/hide line numbers
des.c
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * DES, on which TDES is based, was originally designed by Horst Feistel 00023 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00024 * 00025 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00026 */ 00027 00028 #if !defined(MBEDTLS_CONFIG_FILE) 00029 #include "mbedtls/config.h" 00030 #else 00031 #include MBEDTLS_CONFIG_FILE 00032 #endif 00033 00034 #if defined(MBEDTLS_DES_C) 00035 00036 #include "mbedtls/des.h" 00037 #include "mbedtls/platform_util.h" 00038 00039 #include <string.h> 00040 00041 #if defined(MBEDTLS_SELF_TEST) 00042 #if defined(MBEDTLS_PLATFORM_C) 00043 #include "mbedtls/platform.h" 00044 #else 00045 #include <stdio.h> 00046 #define mbedtls_printf printf 00047 #endif /* MBEDTLS_PLATFORM_C */ 00048 #endif /* MBEDTLS_SELF_TEST */ 00049 00050 #if !defined(MBEDTLS_DES_ALT) 00051 00052 /* 00053 * 32-bit integer manipulation macros (big endian) 00054 */ 00055 #ifndef GET_UINT32_BE 00056 #define GET_UINT32_BE(n,b,i) \ 00057 { \ 00058 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00059 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00060 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00061 | ( (uint32_t) (b)[(i) + 3] ); \ 00062 } 00063 #endif 00064 00065 #ifndef PUT_UINT32_BE 00066 #define PUT_UINT32_BE(n,b,i) \ 00067 { \ 00068 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00069 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00070 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00071 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00072 } 00073 #endif 00074 00075 /* 00076 * Expanded DES S-boxes 00077 */ 00078 static const uint32_t SB1[64] = 00079 { 00080 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00081 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00082 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00083 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00084 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00085 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00086 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00087 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00088 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00089 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00090 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00091 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00092 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00093 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00094 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00095 0x00010004, 0x00010400, 0x00000000, 0x01010004 00096 }; 00097 00098 static const uint32_t SB2[64] = 00099 { 00100 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00101 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00102 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00103 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00104 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00105 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00106 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00107 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00108 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00109 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00110 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00111 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00112 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00113 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00114 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00115 0x80000000, 0x80100020, 0x80108020, 0x00108000 00116 }; 00117 00118 static const uint32_t SB3[64] = 00119 { 00120 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00121 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00122 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00123 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00124 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00125 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00126 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00127 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00128 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00129 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00130 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00131 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00132 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00133 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00134 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00135 0x00020208, 0x00000008, 0x08020008, 0x00020200 00136 }; 00137 00138 static const uint32_t SB4[64] = 00139 { 00140 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00141 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00142 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00143 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00144 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00145 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00146 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00147 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00148 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00149 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00150 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00151 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00152 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00153 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00154 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00155 0x00000080, 0x00800000, 0x00002000, 0x00802080 00156 }; 00157 00158 static const uint32_t SB5[64] = 00159 { 00160 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00161 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00162 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00163 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00164 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00165 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00166 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00167 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00168 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00169 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00170 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00171 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00172 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00173 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00174 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00175 0x00000000, 0x40080000, 0x02080100, 0x40000100 00176 }; 00177 00178 static const uint32_t SB6[64] = 00179 { 00180 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00181 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00182 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00183 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00184 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00185 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00186 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00187 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00188 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00189 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00190 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00191 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00192 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00193 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00194 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00195 0x20404000, 0x20000000, 0x00400010, 0x20004010 00196 }; 00197 00198 static const uint32_t SB7[64] = 00199 { 00200 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00201 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00202 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00203 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00204 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00205 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00206 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00207 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00208 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00209 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00210 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00211 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00212 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00213 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00214 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00215 0x04000002, 0x04000800, 0x00000800, 0x00200002 00216 }; 00217 00218 static const uint32_t SB8[64] = 00219 { 00220 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00221 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00222 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00223 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00224 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00225 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00226 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00227 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00228 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00229 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00230 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00231 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00232 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00233 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00234 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00235 0x00001040, 0x00040040, 0x10000000, 0x10041000 00236 }; 00237 00238 /* 00239 * PC1: left and right halves bit-swap 00240 */ 00241 static const uint32_t LHs[16] = 00242 { 00243 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00244 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00245 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00246 0x01010000, 0x01010001, 0x01010100, 0x01010101 00247 }; 00248 00249 static const uint32_t RHs[16] = 00250 { 00251 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00252 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00253 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00254 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00255 }; 00256 00257 /* 00258 * Initial Permutation macro 00259 */ 00260 #define DES_IP(X,Y) \ 00261 { \ 00262 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00263 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00264 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00265 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00266 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ 00267 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ 00268 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ 00269 } 00270 00271 /* 00272 * Final Permutation macro 00273 */ 00274 #define DES_FP(X,Y) \ 00275 { \ 00276 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ 00277 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ 00278 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ 00279 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00280 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00281 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00282 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00283 } 00284 00285 /* 00286 * DES round macro 00287 */ 00288 #define DES_ROUND(X,Y) \ 00289 { \ 00290 T = *SK++ ^ X; \ 00291 Y ^= SB8[ (T ) & 0x3F ] ^ \ 00292 SB6[ (T >> 8) & 0x3F ] ^ \ 00293 SB4[ (T >> 16) & 0x3F ] ^ \ 00294 SB2[ (T >> 24) & 0x3F ]; \ 00295 \ 00296 T = *SK++ ^ ((X << 28) | (X >> 4)); \ 00297 Y ^= SB7[ (T ) & 0x3F ] ^ \ 00298 SB5[ (T >> 8) & 0x3F ] ^ \ 00299 SB3[ (T >> 16) & 0x3F ] ^ \ 00300 SB1[ (T >> 24) & 0x3F ]; \ 00301 } 00302 00303 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } 00304 00305 void mbedtls_des_init( mbedtls_des_context *ctx ) 00306 { 00307 memset( ctx, 0, sizeof( mbedtls_des_context ) ); 00308 } 00309 00310 void mbedtls_des_free( mbedtls_des_context *ctx ) 00311 { 00312 if( ctx == NULL ) 00313 return; 00314 00315 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); 00316 } 00317 00318 void mbedtls_des3_init( mbedtls_des3_context *ctx ) 00319 { 00320 memset( ctx, 0, sizeof( mbedtls_des3_context ) ); 00321 } 00322 00323 void mbedtls_des3_free( mbedtls_des3_context *ctx ) 00324 { 00325 if( ctx == NULL ) 00326 return; 00327 00328 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); 00329 } 00330 00331 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00332 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00333 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00334 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00335 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00336 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00337 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00338 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00339 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00340 254 }; 00341 00342 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00343 { 00344 int i; 00345 00346 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00347 key[i] = odd_parity_table[key[i] / 2]; 00348 } 00349 00350 /* 00351 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00352 */ 00353 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00354 { 00355 int i; 00356 00357 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00358 if( key[i] != odd_parity_table[key[i] / 2] ) 00359 return( 1 ); 00360 00361 return( 0 ); 00362 } 00363 00364 /* 00365 * Table of weak and semi-weak keys 00366 * 00367 * Source: http://en.wikipedia.org/wiki/Weak_key 00368 * 00369 * Weak: 00370 * Alternating ones + zeros (0x0101010101010101) 00371 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00372 * '0xE0E0E0E0F1F1F1F1' 00373 * '0x1F1F1F1F0E0E0E0E' 00374 * 00375 * Semi-weak: 00376 * 0x011F011F010E010E and 0x1F011F010E010E01 00377 * 0x01E001E001F101F1 and 0xE001E001F101F101 00378 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00379 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00380 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00381 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00382 * 00383 */ 00384 00385 #define WEAK_KEY_COUNT 16 00386 00387 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = 00388 { 00389 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00390 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00391 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00392 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00393 00394 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00395 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00396 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00397 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00398 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00399 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00400 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00401 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00402 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00403 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00404 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00405 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00406 }; 00407 00408 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00409 { 00410 int i; 00411 00412 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00413 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 ) 00414 return( 1 ); 00415 00416 return( 0 ); 00417 } 00418 00419 #if !defined(MBEDTLS_DES_SETKEY_ALT) 00420 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00421 { 00422 int i; 00423 uint32_t X, Y, T; 00424 00425 GET_UINT32_BE( X, key, 0 ); 00426 GET_UINT32_BE( Y, key, 4 ); 00427 00428 /* 00429 * Permuted Choice 1 00430 */ 00431 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00432 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00433 00434 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00435 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00436 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00437 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00438 00439 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00440 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00441 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00442 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00443 00444 X &= 0x0FFFFFFF; 00445 Y &= 0x0FFFFFFF; 00446 00447 /* 00448 * calculate subkeys 00449 */ 00450 for( i = 0; i < 16; i++ ) 00451 { 00452 if( i < 2 || i == 8 || i == 15 ) 00453 { 00454 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00455 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00456 } 00457 else 00458 { 00459 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00460 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00461 } 00462 00463 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00464 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00465 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00466 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00467 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00468 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00469 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00470 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00471 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00472 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00473 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00474 00475 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00476 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00477 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00478 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00479 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00480 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00481 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00482 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00483 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00484 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00485 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00486 } 00487 } 00488 #endif /* !MBEDTLS_DES_SETKEY_ALT */ 00489 00490 /* 00491 * DES key schedule (56-bit, encryption) 00492 */ 00493 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00494 { 00495 mbedtls_des_setkey( ctx->sk , key ); 00496 00497 return( 0 ); 00498 } 00499 00500 /* 00501 * DES key schedule (56-bit, decryption) 00502 */ 00503 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00504 { 00505 int i; 00506 00507 mbedtls_des_setkey( ctx->sk , key ); 00508 00509 for( i = 0; i < 16; i += 2 ) 00510 { 00511 SWAP( ctx->sk [i ], ctx->sk [30 - i] ); 00512 SWAP( ctx->sk [i + 1], ctx->sk [31 - i] ); 00513 } 00514 00515 return( 0 ); 00516 } 00517 00518 static void des3_set2key( uint32_t esk[96], 00519 uint32_t dsk[96], 00520 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] ) 00521 { 00522 int i; 00523 00524 mbedtls_des_setkey( esk, key ); 00525 mbedtls_des_setkey( dsk + 32, key + 8 ); 00526 00527 for( i = 0; i < 32; i += 2 ) 00528 { 00529 dsk[i ] = esk[30 - i]; 00530 dsk[i + 1] = esk[31 - i]; 00531 00532 esk[i + 32] = dsk[62 - i]; 00533 esk[i + 33] = dsk[63 - i]; 00534 00535 esk[i + 64] = esk[i ]; 00536 esk[i + 65] = esk[i + 1]; 00537 00538 dsk[i + 64] = dsk[i ]; 00539 dsk[i + 65] = dsk[i + 1]; 00540 } 00541 } 00542 00543 /* 00544 * Triple-DES key schedule (112-bit, encryption) 00545 */ 00546 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, 00547 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00548 { 00549 uint32_t sk[96]; 00550 00551 des3_set2key( ctx->sk , sk, key ); 00552 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00553 00554 return( 0 ); 00555 } 00556 00557 /* 00558 * Triple-DES key schedule (112-bit, decryption) 00559 */ 00560 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, 00561 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00562 { 00563 uint32_t sk[96]; 00564 00565 des3_set2key( sk, ctx->sk , key ); 00566 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00567 00568 return( 0 ); 00569 } 00570 00571 static void des3_set3key( uint32_t esk[96], 00572 uint32_t dsk[96], 00573 const unsigned char key[24] ) 00574 { 00575 int i; 00576 00577 mbedtls_des_setkey( esk, key ); 00578 mbedtls_des_setkey( dsk + 32, key + 8 ); 00579 mbedtls_des_setkey( esk + 64, key + 16 ); 00580 00581 for( i = 0; i < 32; i += 2 ) 00582 { 00583 dsk[i ] = esk[94 - i]; 00584 dsk[i + 1] = esk[95 - i]; 00585 00586 esk[i + 32] = dsk[62 - i]; 00587 esk[i + 33] = dsk[63 - i]; 00588 00589 dsk[i + 64] = esk[30 - i]; 00590 dsk[i + 65] = esk[31 - i]; 00591 } 00592 } 00593 00594 /* 00595 * Triple-DES key schedule (168-bit, encryption) 00596 */ 00597 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, 00598 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00599 { 00600 uint32_t sk[96]; 00601 00602 des3_set3key( ctx->sk , sk, key ); 00603 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00604 00605 return( 0 ); 00606 } 00607 00608 /* 00609 * Triple-DES key schedule (168-bit, decryption) 00610 */ 00611 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, 00612 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00613 { 00614 uint32_t sk[96]; 00615 00616 des3_set3key( sk, ctx->sk , key ); 00617 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00618 00619 return( 0 ); 00620 } 00621 00622 /* 00623 * DES-ECB block encryption/decryption 00624 */ 00625 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) 00626 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, 00627 const unsigned char input[8], 00628 unsigned char output[8] ) 00629 { 00630 int i; 00631 uint32_t X, Y, T, *SK; 00632 00633 SK = ctx->sk ; 00634 00635 GET_UINT32_BE( X, input, 0 ); 00636 GET_UINT32_BE( Y, input, 4 ); 00637 00638 DES_IP( X, Y ); 00639 00640 for( i = 0; i < 8; i++ ) 00641 { 00642 DES_ROUND( Y, X ); 00643 DES_ROUND( X, Y ); 00644 } 00645 00646 DES_FP( Y, X ); 00647 00648 PUT_UINT32_BE( Y, output, 0 ); 00649 PUT_UINT32_BE( X, output, 4 ); 00650 00651 return( 0 ); 00652 } 00653 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ 00654 00655 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00656 /* 00657 * DES-CBC buffer encryption/decryption 00658 */ 00659 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, 00660 int mode, 00661 size_t length, 00662 unsigned char iv[8], 00663 const unsigned char *input, 00664 unsigned char *output ) 00665 { 00666 int i; 00667 unsigned char temp[8]; 00668 00669 if( length % 8 ) 00670 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00671 00672 if( mode == MBEDTLS_DES_ENCRYPT ) 00673 { 00674 while( length > 0 ) 00675 { 00676 for( i = 0; i < 8; i++ ) 00677 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00678 00679 mbedtls_des_crypt_ecb( ctx, output, output ); 00680 memcpy( iv, output, 8 ); 00681 00682 input += 8; 00683 output += 8; 00684 length -= 8; 00685 } 00686 } 00687 else /* MBEDTLS_DES_DECRYPT */ 00688 { 00689 while( length > 0 ) 00690 { 00691 memcpy( temp, input, 8 ); 00692 mbedtls_des_crypt_ecb( ctx, input, output ); 00693 00694 for( i = 0; i < 8; i++ ) 00695 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00696 00697 memcpy( iv, temp, 8 ); 00698 00699 input += 8; 00700 output += 8; 00701 length -= 8; 00702 } 00703 } 00704 00705 return( 0 ); 00706 } 00707 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00708 00709 /* 00710 * 3DES-ECB block encryption/decryption 00711 */ 00712 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) 00713 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, 00714 const unsigned char input[8], 00715 unsigned char output[8] ) 00716 { 00717 int i; 00718 uint32_t X, Y, T, *SK; 00719 00720 SK = ctx->sk ; 00721 00722 GET_UINT32_BE( X, input, 0 ); 00723 GET_UINT32_BE( Y, input, 4 ); 00724 00725 DES_IP( X, Y ); 00726 00727 for( i = 0; i < 8; i++ ) 00728 { 00729 DES_ROUND( Y, X ); 00730 DES_ROUND( X, Y ); 00731 } 00732 00733 for( i = 0; i < 8; i++ ) 00734 { 00735 DES_ROUND( X, Y ); 00736 DES_ROUND( Y, X ); 00737 } 00738 00739 for( i = 0; i < 8; i++ ) 00740 { 00741 DES_ROUND( Y, X ); 00742 DES_ROUND( X, Y ); 00743 } 00744 00745 DES_FP( Y, X ); 00746 00747 PUT_UINT32_BE( Y, output, 0 ); 00748 PUT_UINT32_BE( X, output, 4 ); 00749 00750 return( 0 ); 00751 } 00752 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ 00753 00754 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00755 /* 00756 * 3DES-CBC buffer encryption/decryption 00757 */ 00758 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, 00759 int mode, 00760 size_t length, 00761 unsigned char iv[8], 00762 const unsigned char *input, 00763 unsigned char *output ) 00764 { 00765 int i; 00766 unsigned char temp[8]; 00767 00768 if( length % 8 ) 00769 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00770 00771 if( mode == MBEDTLS_DES_ENCRYPT ) 00772 { 00773 while( length > 0 ) 00774 { 00775 for( i = 0; i < 8; i++ ) 00776 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00777 00778 mbedtls_des3_crypt_ecb( ctx, output, output ); 00779 memcpy( iv, output, 8 ); 00780 00781 input += 8; 00782 output += 8; 00783 length -= 8; 00784 } 00785 } 00786 else /* MBEDTLS_DES_DECRYPT */ 00787 { 00788 while( length > 0 ) 00789 { 00790 memcpy( temp, input, 8 ); 00791 mbedtls_des3_crypt_ecb( ctx, input, output ); 00792 00793 for( i = 0; i < 8; i++ ) 00794 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00795 00796 memcpy( iv, temp, 8 ); 00797 00798 input += 8; 00799 output += 8; 00800 length -= 8; 00801 } 00802 } 00803 00804 return( 0 ); 00805 } 00806 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00807 00808 #endif /* !MBEDTLS_DES_ALT */ 00809 00810 #if defined(MBEDTLS_SELF_TEST) 00811 /* 00812 * DES and 3DES test vectors from: 00813 * 00814 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00815 */ 00816 static const unsigned char des3_test_keys[24] = 00817 { 00818 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00819 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00820 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00821 }; 00822 00823 static const unsigned char des3_test_buf[8] = 00824 { 00825 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00826 }; 00827 00828 static const unsigned char des3_test_ecb_dec[3][8] = 00829 { 00830 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, 00831 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, 00832 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } 00833 }; 00834 00835 static const unsigned char des3_test_ecb_enc[3][8] = 00836 { 00837 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, 00838 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, 00839 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } 00840 }; 00841 00842 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00843 static const unsigned char des3_test_iv[8] = 00844 { 00845 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00846 }; 00847 00848 static const unsigned char des3_test_cbc_dec[3][8] = 00849 { 00850 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, 00851 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, 00852 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } 00853 }; 00854 00855 static const unsigned char des3_test_cbc_enc[3][8] = 00856 { 00857 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, 00858 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, 00859 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } 00860 }; 00861 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00862 00863 /* 00864 * Checkup routine 00865 */ 00866 int mbedtls_des_self_test( int verbose ) 00867 { 00868 int i, j, u, v, ret = 0; 00869 mbedtls_des_context ctx; 00870 mbedtls_des3_context ctx3; 00871 unsigned char buf[8]; 00872 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00873 unsigned char prv[8]; 00874 unsigned char iv[8]; 00875 #endif 00876 00877 mbedtls_des_init( &ctx ); 00878 mbedtls_des3_init( &ctx3 ); 00879 /* 00880 * ECB mode 00881 */ 00882 for( i = 0; i < 6; i++ ) 00883 { 00884 u = i >> 1; 00885 v = i & 1; 00886 00887 if( verbose != 0 ) 00888 mbedtls_printf( " DES%c-ECB-%3d (%s): ", 00889 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00890 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00891 00892 memcpy( buf, des3_test_buf, 8 ); 00893 00894 switch( i ) 00895 { 00896 case 0: 00897 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00898 break; 00899 00900 case 1: 00901 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00902 break; 00903 00904 case 2: 00905 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00906 break; 00907 00908 case 3: 00909 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00910 break; 00911 00912 case 4: 00913 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00914 break; 00915 00916 case 5: 00917 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 00918 break; 00919 00920 default: 00921 return( 1 ); 00922 } 00923 00924 for( j = 0; j < 10000; j++ ) 00925 { 00926 if( u == 0 ) 00927 mbedtls_des_crypt_ecb( &ctx, buf, buf ); 00928 else 00929 mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); 00930 } 00931 00932 if( ( v == MBEDTLS_DES_DECRYPT && 00933 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00934 ( v != MBEDTLS_DES_DECRYPT && 00935 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00936 { 00937 if( verbose != 0 ) 00938 mbedtls_printf( "failed\n" ); 00939 00940 ret = 1; 00941 goto exit; 00942 } 00943 00944 if( verbose != 0 ) 00945 mbedtls_printf( "passed\n" ); 00946 } 00947 00948 if( verbose != 0 ) 00949 mbedtls_printf( "\n" ); 00950 00951 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00952 /* 00953 * CBC mode 00954 */ 00955 for( i = 0; i < 6; i++ ) 00956 { 00957 u = i >> 1; 00958 v = i & 1; 00959 00960 if( verbose != 0 ) 00961 mbedtls_printf( " DES%c-CBC-%3d (%s): ", 00962 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00963 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00964 00965 memcpy( iv, des3_test_iv, 8 ); 00966 memcpy( prv, des3_test_iv, 8 ); 00967 memcpy( buf, des3_test_buf, 8 ); 00968 00969 switch( i ) 00970 { 00971 case 0: 00972 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00973 break; 00974 00975 case 1: 00976 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00977 break; 00978 00979 case 2: 00980 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00981 break; 00982 00983 case 3: 00984 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00985 break; 00986 00987 case 4: 00988 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00989 break; 00990 00991 case 5: 00992 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 00993 break; 00994 00995 default: 00996 return( 1 ); 00997 } 00998 00999 if( v == MBEDTLS_DES_DECRYPT ) 01000 { 01001 for( j = 0; j < 10000; j++ ) 01002 { 01003 if( u == 0 ) 01004 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01005 else 01006 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01007 } 01008 } 01009 else 01010 { 01011 for( j = 0; j < 10000; j++ ) 01012 { 01013 unsigned char tmp[8]; 01014 01015 if( u == 0 ) 01016 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01017 else 01018 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01019 01020 memcpy( tmp, prv, 8 ); 01021 memcpy( prv, buf, 8 ); 01022 memcpy( buf, tmp, 8 ); 01023 } 01024 01025 memcpy( buf, prv, 8 ); 01026 } 01027 01028 if( ( v == MBEDTLS_DES_DECRYPT && 01029 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 01030 ( v != MBEDTLS_DES_DECRYPT && 01031 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 01032 { 01033 if( verbose != 0 ) 01034 mbedtls_printf( "failed\n" ); 01035 01036 ret = 1; 01037 goto exit; 01038 } 01039 01040 if( verbose != 0 ) 01041 mbedtls_printf( "passed\n" ); 01042 } 01043 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 01044 01045 if( verbose != 0 ) 01046 mbedtls_printf( "\n" ); 01047 01048 exit: 01049 mbedtls_des_free( &ctx ); 01050 mbedtls_des3_free( &ctx3 ); 01051 01052 return( ret ); 01053 } 01054 01055 #endif /* MBEDTLS_SELF_TEST */ 01056 01057 #endif /* MBEDTLS_DES_C */
Generated on Tue Jul 12 2022 15:15:42 by
1.7.2