Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers des.c Source File

des.c

00001 /*
00002  *  FIPS-46-3 compliant Triple-DES implementation
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 /*
00022  *  DES, on which TDES is based, was originally designed by Horst Feistel
00023  *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
00024  *
00025  *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
00026  */
00027 
00028 #if !defined(MBEDTLS_CONFIG_FILE)
00029 #include "mbedtls/config.h"
00030 #else
00031 #include MBEDTLS_CONFIG_FILE
00032 #endif
00033 
00034 #if defined(MBEDTLS_DES_C)
00035 
00036 #include "mbedtls/des.h"
00037 #include "mbedtls/platform_util.h"
00038 
00039 #include <string.h>
00040 
00041 #if defined(MBEDTLS_SELF_TEST)
00042 #if defined(MBEDTLS_PLATFORM_C)
00043 #include "mbedtls/platform.h"
00044 #else
00045 #include <stdio.h>
00046 #define mbedtls_printf printf
00047 #endif /* MBEDTLS_PLATFORM_C */
00048 #endif /* MBEDTLS_SELF_TEST */
00049 
00050 #if !defined(MBEDTLS_DES_ALT)
00051 
00052 /*
00053  * 32-bit integer manipulation macros (big endian)
00054  */
00055 #ifndef GET_UINT32_BE
00056 #define GET_UINT32_BE(n,b,i)                            \
00057 {                                                       \
00058     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00059         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00060         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00061         | ( (uint32_t) (b)[(i) + 3]       );            \
00062 }
00063 #endif
00064 
00065 #ifndef PUT_UINT32_BE
00066 #define PUT_UINT32_BE(n,b,i)                            \
00067 {                                                       \
00068     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00069     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00070     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00071     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00072 }
00073 #endif
00074 
00075 /*
00076  * Expanded DES S-boxes
00077  */
00078 static const uint32_t SB1[64] =
00079 {
00080     0x01010400, 0x00000000, 0x00010000, 0x01010404,
00081     0x01010004, 0x00010404, 0x00000004, 0x00010000,
00082     0x00000400, 0x01010400, 0x01010404, 0x00000400,
00083     0x01000404, 0x01010004, 0x01000000, 0x00000004,
00084     0x00000404, 0x01000400, 0x01000400, 0x00010400,
00085     0x00010400, 0x01010000, 0x01010000, 0x01000404,
00086     0x00010004, 0x01000004, 0x01000004, 0x00010004,
00087     0x00000000, 0x00000404, 0x00010404, 0x01000000,
00088     0x00010000, 0x01010404, 0x00000004, 0x01010000,
00089     0x01010400, 0x01000000, 0x01000000, 0x00000400,
00090     0x01010004, 0x00010000, 0x00010400, 0x01000004,
00091     0x00000400, 0x00000004, 0x01000404, 0x00010404,
00092     0x01010404, 0x00010004, 0x01010000, 0x01000404,
00093     0x01000004, 0x00000404, 0x00010404, 0x01010400,
00094     0x00000404, 0x01000400, 0x01000400, 0x00000000,
00095     0x00010004, 0x00010400, 0x00000000, 0x01010004
00096 };
00097 
00098 static const uint32_t SB2[64] =
00099 {
00100     0x80108020, 0x80008000, 0x00008000, 0x00108020,
00101     0x00100000, 0x00000020, 0x80100020, 0x80008020,
00102     0x80000020, 0x80108020, 0x80108000, 0x80000000,
00103     0x80008000, 0x00100000, 0x00000020, 0x80100020,
00104     0x00108000, 0x00100020, 0x80008020, 0x00000000,
00105     0x80000000, 0x00008000, 0x00108020, 0x80100000,
00106     0x00100020, 0x80000020, 0x00000000, 0x00108000,
00107     0x00008020, 0x80108000, 0x80100000, 0x00008020,
00108     0x00000000, 0x00108020, 0x80100020, 0x00100000,
00109     0x80008020, 0x80100000, 0x80108000, 0x00008000,
00110     0x80100000, 0x80008000, 0x00000020, 0x80108020,
00111     0x00108020, 0x00000020, 0x00008000, 0x80000000,
00112     0x00008020, 0x80108000, 0x00100000, 0x80000020,
00113     0x00100020, 0x80008020, 0x80000020, 0x00100020,
00114     0x00108000, 0x00000000, 0x80008000, 0x00008020,
00115     0x80000000, 0x80100020, 0x80108020, 0x00108000
00116 };
00117 
00118 static const uint32_t SB3[64] =
00119 {
00120     0x00000208, 0x08020200, 0x00000000, 0x08020008,
00121     0x08000200, 0x00000000, 0x00020208, 0x08000200,
00122     0x00020008, 0x08000008, 0x08000008, 0x00020000,
00123     0x08020208, 0x00020008, 0x08020000, 0x00000208,
00124     0x08000000, 0x00000008, 0x08020200, 0x00000200,
00125     0x00020200, 0x08020000, 0x08020008, 0x00020208,
00126     0x08000208, 0x00020200, 0x00020000, 0x08000208,
00127     0x00000008, 0x08020208, 0x00000200, 0x08000000,
00128     0x08020200, 0x08000000, 0x00020008, 0x00000208,
00129     0x00020000, 0x08020200, 0x08000200, 0x00000000,
00130     0x00000200, 0x00020008, 0x08020208, 0x08000200,
00131     0x08000008, 0x00000200, 0x00000000, 0x08020008,
00132     0x08000208, 0x00020000, 0x08000000, 0x08020208,
00133     0x00000008, 0x00020208, 0x00020200, 0x08000008,
00134     0x08020000, 0x08000208, 0x00000208, 0x08020000,
00135     0x00020208, 0x00000008, 0x08020008, 0x00020200
00136 };
00137 
00138 static const uint32_t SB4[64] =
00139 {
00140     0x00802001, 0x00002081, 0x00002081, 0x00000080,
00141     0x00802080, 0x00800081, 0x00800001, 0x00002001,
00142     0x00000000, 0x00802000, 0x00802000, 0x00802081,
00143     0x00000081, 0x00000000, 0x00800080, 0x00800001,
00144     0x00000001, 0x00002000, 0x00800000, 0x00802001,
00145     0x00000080, 0x00800000, 0x00002001, 0x00002080,
00146     0x00800081, 0x00000001, 0x00002080, 0x00800080,
00147     0x00002000, 0x00802080, 0x00802081, 0x00000081,
00148     0x00800080, 0x00800001, 0x00802000, 0x00802081,
00149     0x00000081, 0x00000000, 0x00000000, 0x00802000,
00150     0x00002080, 0x00800080, 0x00800081, 0x00000001,
00151     0x00802001, 0x00002081, 0x00002081, 0x00000080,
00152     0x00802081, 0x00000081, 0x00000001, 0x00002000,
00153     0x00800001, 0x00002001, 0x00802080, 0x00800081,
00154     0x00002001, 0x00002080, 0x00800000, 0x00802001,
00155     0x00000080, 0x00800000, 0x00002000, 0x00802080
00156 };
00157 
00158 static const uint32_t SB5[64] =
00159 {
00160     0x00000100, 0x02080100, 0x02080000, 0x42000100,
00161     0x00080000, 0x00000100, 0x40000000, 0x02080000,
00162     0x40080100, 0x00080000, 0x02000100, 0x40080100,
00163     0x42000100, 0x42080000, 0x00080100, 0x40000000,
00164     0x02000000, 0x40080000, 0x40080000, 0x00000000,
00165     0x40000100, 0x42080100, 0x42080100, 0x02000100,
00166     0x42080000, 0x40000100, 0x00000000, 0x42000000,
00167     0x02080100, 0x02000000, 0x42000000, 0x00080100,
00168     0x00080000, 0x42000100, 0x00000100, 0x02000000,
00169     0x40000000, 0x02080000, 0x42000100, 0x40080100,
00170     0x02000100, 0x40000000, 0x42080000, 0x02080100,
00171     0x40080100, 0x00000100, 0x02000000, 0x42080000,
00172     0x42080100, 0x00080100, 0x42000000, 0x42080100,
00173     0x02080000, 0x00000000, 0x40080000, 0x42000000,
00174     0x00080100, 0x02000100, 0x40000100, 0x00080000,
00175     0x00000000, 0x40080000, 0x02080100, 0x40000100
00176 };
00177 
00178 static const uint32_t SB6[64] =
00179 {
00180     0x20000010, 0x20400000, 0x00004000, 0x20404010,
00181     0x20400000, 0x00000010, 0x20404010, 0x00400000,
00182     0x20004000, 0x00404010, 0x00400000, 0x20000010,
00183     0x00400010, 0x20004000, 0x20000000, 0x00004010,
00184     0x00000000, 0x00400010, 0x20004010, 0x00004000,
00185     0x00404000, 0x20004010, 0x00000010, 0x20400010,
00186     0x20400010, 0x00000000, 0x00404010, 0x20404000,
00187     0x00004010, 0x00404000, 0x20404000, 0x20000000,
00188     0x20004000, 0x00000010, 0x20400010, 0x00404000,
00189     0x20404010, 0x00400000, 0x00004010, 0x20000010,
00190     0x00400000, 0x20004000, 0x20000000, 0x00004010,
00191     0x20000010, 0x20404010, 0x00404000, 0x20400000,
00192     0x00404010, 0x20404000, 0x00000000, 0x20400010,
00193     0x00000010, 0x00004000, 0x20400000, 0x00404010,
00194     0x00004000, 0x00400010, 0x20004010, 0x00000000,
00195     0x20404000, 0x20000000, 0x00400010, 0x20004010
00196 };
00197 
00198 static const uint32_t SB7[64] =
00199 {
00200     0x00200000, 0x04200002, 0x04000802, 0x00000000,
00201     0x00000800, 0x04000802, 0x00200802, 0x04200800,
00202     0x04200802, 0x00200000, 0x00000000, 0x04000002,
00203     0x00000002, 0x04000000, 0x04200002, 0x00000802,
00204     0x04000800, 0x00200802, 0x00200002, 0x04000800,
00205     0x04000002, 0x04200000, 0x04200800, 0x00200002,
00206     0x04200000, 0x00000800, 0x00000802, 0x04200802,
00207     0x00200800, 0x00000002, 0x04000000, 0x00200800,
00208     0x04000000, 0x00200800, 0x00200000, 0x04000802,
00209     0x04000802, 0x04200002, 0x04200002, 0x00000002,
00210     0x00200002, 0x04000000, 0x04000800, 0x00200000,
00211     0x04200800, 0x00000802, 0x00200802, 0x04200800,
00212     0x00000802, 0x04000002, 0x04200802, 0x04200000,
00213     0x00200800, 0x00000000, 0x00000002, 0x04200802,
00214     0x00000000, 0x00200802, 0x04200000, 0x00000800,
00215     0x04000002, 0x04000800, 0x00000800, 0x00200002
00216 };
00217 
00218 static const uint32_t SB8[64] =
00219 {
00220     0x10001040, 0x00001000, 0x00040000, 0x10041040,
00221     0x10000000, 0x10001040, 0x00000040, 0x10000000,
00222     0x00040040, 0x10040000, 0x10041040, 0x00041000,
00223     0x10041000, 0x00041040, 0x00001000, 0x00000040,
00224     0x10040000, 0x10000040, 0x10001000, 0x00001040,
00225     0x00041000, 0x00040040, 0x10040040, 0x10041000,
00226     0x00001040, 0x00000000, 0x00000000, 0x10040040,
00227     0x10000040, 0x10001000, 0x00041040, 0x00040000,
00228     0x00041040, 0x00040000, 0x10041000, 0x00001000,
00229     0x00000040, 0x10040040, 0x00001000, 0x00041040,
00230     0x10001000, 0x00000040, 0x10000040, 0x10040000,
00231     0x10040040, 0x10000000, 0x00040000, 0x10001040,
00232     0x00000000, 0x10041040, 0x00040040, 0x10000040,
00233     0x10040000, 0x10001000, 0x10001040, 0x00000000,
00234     0x10041040, 0x00041000, 0x00041000, 0x00001040,
00235     0x00001040, 0x00040040, 0x10000000, 0x10041000
00236 };
00237 
00238 /*
00239  * PC1: left and right halves bit-swap
00240  */
00241 static const uint32_t LHs[16] =
00242 {
00243     0x00000000, 0x00000001, 0x00000100, 0x00000101,
00244     0x00010000, 0x00010001, 0x00010100, 0x00010101,
00245     0x01000000, 0x01000001, 0x01000100, 0x01000101,
00246     0x01010000, 0x01010001, 0x01010100, 0x01010101
00247 };
00248 
00249 static const uint32_t RHs[16] =
00250 {
00251     0x00000000, 0x01000000, 0x00010000, 0x01010000,
00252     0x00000100, 0x01000100, 0x00010100, 0x01010100,
00253     0x00000001, 0x01000001, 0x00010001, 0x01010001,
00254     0x00000101, 0x01000101, 0x00010101, 0x01010101,
00255 };
00256 
00257 /*
00258  * Initial Permutation macro
00259  */
00260 #define DES_IP(X,Y)                                                       \
00261     do                                                                    \
00262     {                                                                     \
00263         T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
00264         T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
00265         T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
00266         T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
00267         (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF;                    \
00268         T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T;                 \
00269         (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF;                    \
00270     } while( 0 )
00271 
00272 /*
00273  * Final Permutation macro
00274  */
00275 #define DES_FP(X,Y)                                                       \
00276     do                                                                    \
00277     {                                                                     \
00278         (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF;                    \
00279         T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T;                 \
00280         (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF;                    \
00281         T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
00282         T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
00283         T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
00284         T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
00285     } while( 0 )
00286 
00287 /*
00288  * DES round macro
00289  */
00290 #define DES_ROUND(X,Y)                              \
00291     do                                              \
00292     {                                               \
00293         T = *SK++ ^ (X);                            \
00294         (Y) ^= SB8[ (T      ) & 0x3F ] ^            \
00295                SB6[ (T >>  8) & 0x3F ] ^            \
00296                SB4[ (T >> 16) & 0x3F ] ^            \
00297                SB2[ (T >> 24) & 0x3F ];             \
00298                                                     \
00299         T = *SK++ ^ (((X) << 28) | ((X) >> 4));     \
00300         (Y) ^= SB7[ (T      ) & 0x3F ] ^            \
00301                SB5[ (T >>  8) & 0x3F ] ^            \
00302                SB3[ (T >> 16) & 0x3F ] ^            \
00303                SB1[ (T >> 24) & 0x3F ];             \
00304     } while( 0 )
00305 
00306 #define SWAP(a,b)                                       \
00307     do                                                  \
00308     {                                                   \
00309         uint32_t t = (a); (a) = (b); (b) = t; t = 0;    \
00310     } while( 0 )
00311 
00312 void mbedtls_des_init( mbedtls_des_context *ctx )
00313 {
00314     memset( ctx, 0, sizeof( mbedtls_des_context ) );
00315 }
00316 
00317 void mbedtls_des_free( mbedtls_des_context *ctx )
00318 {
00319     if( ctx == NULL )
00320         return;
00321 
00322     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
00323 }
00324 
00325 void mbedtls_des3_init( mbedtls_des3_context *ctx )
00326 {
00327     memset( ctx, 0, sizeof( mbedtls_des3_context ) );
00328 }
00329 
00330 void mbedtls_des3_free( mbedtls_des3_context *ctx )
00331 {
00332     if( ctx == NULL )
00333         return;
00334 
00335     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
00336 }
00337 
00338 static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
00339         11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
00340         47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
00341         82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
00342         115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
00343         143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
00344         171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
00345         199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
00346         227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
00347         254 };
00348 
00349 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00350 {
00351     int i;
00352 
00353     for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
00354         key[i] = odd_parity_table[key[i] / 2];
00355 }
00356 
00357 /*
00358  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
00359  */
00360 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00361 {
00362     int i;
00363 
00364     for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
00365         if( key[i] != odd_parity_table[key[i] / 2] )
00366             return( 1 );
00367 
00368     return( 0 );
00369 }
00370 
00371 /*
00372  * Table of weak and semi-weak keys
00373  *
00374  * Source: http://en.wikipedia.org/wiki/Weak_key
00375  *
00376  * Weak:
00377  * Alternating ones + zeros (0x0101010101010101)
00378  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
00379  * '0xE0E0E0E0F1F1F1F1'
00380  * '0x1F1F1F1F0E0E0E0E'
00381  *
00382  * Semi-weak:
00383  * 0x011F011F010E010E and 0x1F011F010E010E01
00384  * 0x01E001E001F101F1 and 0xE001E001F101F101
00385  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
00386  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
00387  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
00388  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
00389  *
00390  */
00391 
00392 #define WEAK_KEY_COUNT 16
00393 
00394 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
00395 {
00396     { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
00397     { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
00398     { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
00399     { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
00400 
00401     { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
00402     { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
00403     { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
00404     { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
00405     { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
00406     { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
00407     { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
00408     { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
00409     { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
00410     { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
00411     { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
00412     { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
00413 };
00414 
00415 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00416 {
00417     int i;
00418 
00419     for( i = 0; i < WEAK_KEY_COUNT; i++ )
00420         if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
00421             return( 1 );
00422 
00423     return( 0 );
00424 }
00425 
00426 #if !defined(MBEDTLS_DES_SETKEY_ALT)
00427 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00428 {
00429     int i;
00430     uint32_t X, Y, T;
00431 
00432     GET_UINT32_BE( X, key, 0 );
00433     GET_UINT32_BE( Y, key, 4 );
00434 
00435     /*
00436      * Permuted Choice 1
00437      */
00438     T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
00439     T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
00440 
00441     X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
00442         | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
00443         | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
00444         | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
00445 
00446     Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
00447         | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
00448         | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
00449         | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
00450 
00451     X &= 0x0FFFFFFF;
00452     Y &= 0x0FFFFFFF;
00453 
00454     /*
00455      * calculate subkeys
00456      */
00457     for( i = 0; i < 16; i++ )
00458     {
00459         if( i < 2 || i == 8 || i == 15 )
00460         {
00461             X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
00462             Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
00463         }
00464         else
00465         {
00466             X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
00467             Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
00468         }
00469 
00470         *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
00471                 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
00472                 | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
00473                 | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
00474                 | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
00475                 | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
00476                 | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
00477                 | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
00478                 | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
00479                 | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
00480                 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
00481 
00482         *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
00483                 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
00484                 | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
00485                 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
00486                 | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
00487                 | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
00488                 | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
00489                 | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
00490                 | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
00491                 | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
00492                 | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
00493     }
00494 }
00495 #endif /* !MBEDTLS_DES_SETKEY_ALT */
00496 
00497 /*
00498  * DES key schedule (56-bit, encryption)
00499  */
00500 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00501 {
00502     mbedtls_des_setkey( ctx->sk , key );
00503 
00504     return( 0 );
00505 }
00506 
00507 /*
00508  * DES key schedule (56-bit, decryption)
00509  */
00510 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
00511 {
00512     int i;
00513 
00514     mbedtls_des_setkey( ctx->sk , key );
00515 
00516     for( i = 0; i < 16; i += 2 )
00517     {
00518         SWAP( ctx->sk [i    ], ctx->sk [30 - i] );
00519         SWAP( ctx->sk [i + 1], ctx->sk [31 - i] );
00520     }
00521 
00522     return( 0 );
00523 }
00524 
00525 static void des3_set2key( uint32_t esk[96],
00526                           uint32_t dsk[96],
00527                           const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
00528 {
00529     int i;
00530 
00531     mbedtls_des_setkey( esk, key );
00532     mbedtls_des_setkey( dsk + 32, key + 8 );
00533 
00534     for( i = 0; i < 32; i += 2 )
00535     {
00536         dsk[i     ] = esk[30 - i];
00537         dsk[i +  1] = esk[31 - i];
00538 
00539         esk[i + 32] = dsk[62 - i];
00540         esk[i + 33] = dsk[63 - i];
00541 
00542         esk[i + 64] = esk[i    ];
00543         esk[i + 65] = esk[i + 1];
00544 
00545         dsk[i + 64] = dsk[i    ];
00546         dsk[i + 65] = dsk[i + 1];
00547     }
00548 }
00549 
00550 /*
00551  * Triple-DES key schedule (112-bit, encryption)
00552  */
00553 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
00554                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
00555 {
00556     uint32_t sk[96];
00557 
00558     des3_set2key( ctx->sk , sk, key );
00559     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00560 
00561     return( 0 );
00562 }
00563 
00564 /*
00565  * Triple-DES key schedule (112-bit, decryption)
00566  */
00567 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
00568                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
00569 {
00570     uint32_t sk[96];
00571 
00572     des3_set2key( sk, ctx->sk , key );
00573     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00574 
00575     return( 0 );
00576 }
00577 
00578 static void des3_set3key( uint32_t esk[96],
00579                           uint32_t dsk[96],
00580                           const unsigned char key[24] )
00581 {
00582     int i;
00583 
00584     mbedtls_des_setkey( esk, key );
00585     mbedtls_des_setkey( dsk + 32, key +  8 );
00586     mbedtls_des_setkey( esk + 64, key + 16 );
00587 
00588     for( i = 0; i < 32; i += 2 )
00589     {
00590         dsk[i     ] = esk[94 - i];
00591         dsk[i +  1] = esk[95 - i];
00592 
00593         esk[i + 32] = dsk[62 - i];
00594         esk[i + 33] = dsk[63 - i];
00595 
00596         dsk[i + 64] = esk[30 - i];
00597         dsk[i + 65] = esk[31 - i];
00598     }
00599 }
00600 
00601 /*
00602  * Triple-DES key schedule (168-bit, encryption)
00603  */
00604 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
00605                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
00606 {
00607     uint32_t sk[96];
00608 
00609     des3_set3key( ctx->sk , sk, key );
00610     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00611 
00612     return( 0 );
00613 }
00614 
00615 /*
00616  * Triple-DES key schedule (168-bit, decryption)
00617  */
00618 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
00619                       const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
00620 {
00621     uint32_t sk[96];
00622 
00623     des3_set3key( sk, ctx->sk , key );
00624     mbedtls_platform_zeroize( sk,  sizeof( sk ) );
00625 
00626     return( 0 );
00627 }
00628 
00629 /*
00630  * DES-ECB block encryption/decryption
00631  */
00632 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
00633 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
00634                     const unsigned char input[8],
00635                     unsigned char output[8] )
00636 {
00637     int i;
00638     uint32_t X, Y, T, *SK;
00639 
00640     SK = ctx->sk ;
00641 
00642     GET_UINT32_BE( X, input, 0 );
00643     GET_UINT32_BE( Y, input, 4 );
00644 
00645     DES_IP( X, Y );
00646 
00647     for( i = 0; i < 8; i++ )
00648     {
00649         DES_ROUND( Y, X );
00650         DES_ROUND( X, Y );
00651     }
00652 
00653     DES_FP( Y, X );
00654 
00655     PUT_UINT32_BE( Y, output, 0 );
00656     PUT_UINT32_BE( X, output, 4 );
00657 
00658     return( 0 );
00659 }
00660 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
00661 
00662 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00663 /*
00664  * DES-CBC buffer encryption/decryption
00665  */
00666 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
00667                     int mode,
00668                     size_t length,
00669                     unsigned char iv[8],
00670                     const unsigned char *input,
00671                     unsigned char *output )
00672 {
00673     int i;
00674     unsigned char temp[8];
00675 
00676     if( length % 8 )
00677         return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
00678 
00679     if( mode == MBEDTLS_DES_ENCRYPT )
00680     {
00681         while( length > 0 )
00682         {
00683             for( i = 0; i < 8; i++ )
00684                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00685 
00686             mbedtls_des_crypt_ecb( ctx, output, output );
00687             memcpy( iv, output, 8 );
00688 
00689             input  += 8;
00690             output += 8;
00691             length -= 8;
00692         }
00693     }
00694     else /* MBEDTLS_DES_DECRYPT */
00695     {
00696         while( length > 0 )
00697         {
00698             memcpy( temp, input, 8 );
00699             mbedtls_des_crypt_ecb( ctx, input, output );
00700 
00701             for( i = 0; i < 8; i++ )
00702                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00703 
00704             memcpy( iv, temp, 8 );
00705 
00706             input  += 8;
00707             output += 8;
00708             length -= 8;
00709         }
00710     }
00711 
00712     return( 0 );
00713 }
00714 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00715 
00716 /*
00717  * 3DES-ECB block encryption/decryption
00718  */
00719 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
00720 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
00721                      const unsigned char input[8],
00722                      unsigned char output[8] )
00723 {
00724     int i;
00725     uint32_t X, Y, T, *SK;
00726 
00727     SK = ctx->sk ;
00728 
00729     GET_UINT32_BE( X, input, 0 );
00730     GET_UINT32_BE( Y, input, 4 );
00731 
00732     DES_IP( X, Y );
00733 
00734     for( i = 0; i < 8; i++ )
00735     {
00736         DES_ROUND( Y, X );
00737         DES_ROUND( X, Y );
00738     }
00739 
00740     for( i = 0; i < 8; i++ )
00741     {
00742         DES_ROUND( X, Y );
00743         DES_ROUND( Y, X );
00744     }
00745 
00746     for( i = 0; i < 8; i++ )
00747     {
00748         DES_ROUND( Y, X );
00749         DES_ROUND( X, Y );
00750     }
00751 
00752     DES_FP( Y, X );
00753 
00754     PUT_UINT32_BE( Y, output, 0 );
00755     PUT_UINT32_BE( X, output, 4 );
00756 
00757     return( 0 );
00758 }
00759 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
00760 
00761 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00762 /*
00763  * 3DES-CBC buffer encryption/decryption
00764  */
00765 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
00766                      int mode,
00767                      size_t length,
00768                      unsigned char iv[8],
00769                      const unsigned char *input,
00770                      unsigned char *output )
00771 {
00772     int i;
00773     unsigned char temp[8];
00774 
00775     if( length % 8 )
00776         return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
00777 
00778     if( mode == MBEDTLS_DES_ENCRYPT )
00779     {
00780         while( length > 0 )
00781         {
00782             for( i = 0; i < 8; i++ )
00783                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00784 
00785             mbedtls_des3_crypt_ecb( ctx, output, output );
00786             memcpy( iv, output, 8 );
00787 
00788             input  += 8;
00789             output += 8;
00790             length -= 8;
00791         }
00792     }
00793     else /* MBEDTLS_DES_DECRYPT */
00794     {
00795         while( length > 0 )
00796         {
00797             memcpy( temp, input, 8 );
00798             mbedtls_des3_crypt_ecb( ctx, input, output );
00799 
00800             for( i = 0; i < 8; i++ )
00801                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00802 
00803             memcpy( iv, temp, 8 );
00804 
00805             input  += 8;
00806             output += 8;
00807             length -= 8;
00808         }
00809     }
00810 
00811     return( 0 );
00812 }
00813 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00814 
00815 #endif /* !MBEDTLS_DES_ALT */
00816 
00817 #if defined(MBEDTLS_SELF_TEST)
00818 /*
00819  * DES and 3DES test vectors from:
00820  *
00821  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
00822  */
00823 static const unsigned char des3_test_keys[24] =
00824 {
00825     0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
00826     0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
00827     0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
00828 };
00829 
00830 static const unsigned char des3_test_buf[8] =
00831 {
00832     0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
00833 };
00834 
00835 static const unsigned char des3_test_ecb_dec[3][8] =
00836 {
00837     { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 },
00838     { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 },
00839     { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D }
00840 };
00841 
00842 static const unsigned char des3_test_ecb_enc[3][8] =
00843 {
00844     { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB },
00845     { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 },
00846     { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F }
00847 };
00848 
00849 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00850 static const unsigned char des3_test_iv[8] =
00851 {
00852     0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
00853 };
00854 
00855 static const unsigned char des3_test_cbc_dec[3][8] =
00856 {
00857     { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A },
00858     { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 },
00859     { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF }
00860 };
00861 
00862 static const unsigned char des3_test_cbc_enc[3][8] =
00863 {
00864     { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D },
00865     { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 },
00866     { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 }
00867 };
00868 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00869 
00870 /*
00871  * Checkup routine
00872  */
00873 int mbedtls_des_self_test( int verbose )
00874 {
00875     int i, j, u, v, ret = 0;
00876     mbedtls_des_context ctx;
00877     mbedtls_des3_context ctx3;
00878     unsigned char buf[8];
00879 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00880     unsigned char prv[8];
00881     unsigned char iv[8];
00882 #endif
00883 
00884     mbedtls_des_init( &ctx );
00885     mbedtls_des3_init( &ctx3 );
00886     /*
00887      * ECB mode
00888      */
00889     for( i = 0; i < 6; i++ )
00890     {
00891         u = i >> 1;
00892         v = i  & 1;
00893 
00894         if( verbose != 0 )
00895             mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
00896                              ( u == 0 ) ? ' ' : '3', 56 + u * 56,
00897                              ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
00898 
00899         memcpy( buf, des3_test_buf, 8 );
00900 
00901         switch( i )
00902         {
00903         case 0:
00904             mbedtls_des_setkey_dec( &ctx, des3_test_keys );
00905             break;
00906 
00907         case 1:
00908             mbedtls_des_setkey_enc( &ctx, des3_test_keys );
00909             break;
00910 
00911         case 2:
00912             mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
00913             break;
00914 
00915         case 3:
00916             mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
00917             break;
00918 
00919         case 4:
00920             mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
00921             break;
00922 
00923         case 5:
00924             mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
00925             break;
00926 
00927         default:
00928             return( 1 );
00929         }
00930 
00931         for( j = 0; j < 100; j++ )
00932         {
00933             if( u == 0 )
00934                 mbedtls_des_crypt_ecb( &ctx, buf, buf );
00935             else
00936                 mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
00937         }
00938 
00939         if( ( v == MBEDTLS_DES_DECRYPT &&
00940                 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
00941             ( v != MBEDTLS_DES_DECRYPT &&
00942                 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
00943         {
00944             if( verbose != 0 )
00945                 mbedtls_printf( "failed\n" );
00946 
00947             ret = 1;
00948             goto exit;
00949         }
00950 
00951         if( verbose != 0 )
00952             mbedtls_printf( "passed\n" );
00953     }
00954 
00955     if( verbose != 0 )
00956         mbedtls_printf( "\n" );
00957 
00958 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00959     /*
00960      * CBC mode
00961      */
00962     for( i = 0; i < 6; i++ )
00963     {
00964         u = i >> 1;
00965         v = i  & 1;
00966 
00967         if( verbose != 0 )
00968             mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
00969                              ( u == 0 ) ? ' ' : '3', 56 + u * 56,
00970                              ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
00971 
00972         memcpy( iv,  des3_test_iv,  8 );
00973         memcpy( prv, des3_test_iv,  8 );
00974         memcpy( buf, des3_test_buf, 8 );
00975 
00976         switch( i )
00977         {
00978         case 0:
00979             mbedtls_des_setkey_dec( &ctx, des3_test_keys );
00980             break;
00981 
00982         case 1:
00983             mbedtls_des_setkey_enc( &ctx, des3_test_keys );
00984             break;
00985 
00986         case 2:
00987             mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
00988             break;
00989 
00990         case 3:
00991             mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
00992             break;
00993 
00994         case 4:
00995             mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
00996             break;
00997 
00998         case 5:
00999             mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
01000             break;
01001 
01002         default:
01003             return( 1 );
01004         }
01005 
01006         if( v == MBEDTLS_DES_DECRYPT )
01007         {
01008             for( j = 0; j < 100; j++ )
01009             {
01010                 if( u == 0 )
01011                     mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
01012                 else
01013                     mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
01014             }
01015         }
01016         else
01017         {
01018             for( j = 0; j < 100; j++ )
01019             {
01020                 unsigned char tmp[8];
01021 
01022                 if( u == 0 )
01023                     mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
01024                 else
01025                     mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
01026 
01027                 memcpy( tmp, prv, 8 );
01028                 memcpy( prv, buf, 8 );
01029                 memcpy( buf, tmp, 8 );
01030             }
01031 
01032             memcpy( buf, prv, 8 );
01033         }
01034 
01035         if( ( v == MBEDTLS_DES_DECRYPT &&
01036                 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
01037             ( v != MBEDTLS_DES_DECRYPT &&
01038                 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
01039         {
01040             if( verbose != 0 )
01041                 mbedtls_printf( "failed\n" );
01042 
01043             ret = 1;
01044             goto exit;
01045         }
01046 
01047         if( verbose != 0 )
01048             mbedtls_printf( "passed\n" );
01049     }
01050 #endif /* MBEDTLS_CIPHER_MODE_CBC */
01051 
01052     if( verbose != 0 )
01053         mbedtls_printf( "\n" );
01054 
01055 exit:
01056     mbedtls_des_free( &ctx );
01057     mbedtls_des3_free( &ctx3 );
01058 
01059     return( ret );
01060 }
01061 
01062 #endif /* MBEDTLS_SELF_TEST */
01063 
01064 #endif /* MBEDTLS_DES_C */