Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
des.c
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * DES, on which TDES is based, was originally designed by Horst Feistel 00023 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00024 * 00025 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00026 */ 00027 00028 #if !defined(MBEDTLS_CONFIG_FILE) 00029 #include "mbedtls/config.h" 00030 #else 00031 #include MBEDTLS_CONFIG_FILE 00032 #endif 00033 00034 #if defined(MBEDTLS_DES_C) 00035 00036 #include "mbedtls/des.h" 00037 #include "mbedtls/platform_util.h" 00038 00039 #include <string.h> 00040 00041 #if defined(MBEDTLS_SELF_TEST) 00042 #if defined(MBEDTLS_PLATFORM_C) 00043 #include "mbedtls/platform.h" 00044 #else 00045 #include <stdio.h> 00046 #define mbedtls_printf printf 00047 #endif /* MBEDTLS_PLATFORM_C */ 00048 #endif /* MBEDTLS_SELF_TEST */ 00049 00050 #if !defined(MBEDTLS_DES_ALT) 00051 00052 /* 00053 * 32-bit integer manipulation macros (big endian) 00054 */ 00055 #ifndef GET_UINT32_BE 00056 #define GET_UINT32_BE(n,b,i) \ 00057 { \ 00058 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00059 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00060 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00061 | ( (uint32_t) (b)[(i) + 3] ); \ 00062 } 00063 #endif 00064 00065 #ifndef PUT_UINT32_BE 00066 #define PUT_UINT32_BE(n,b,i) \ 00067 { \ 00068 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00069 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00070 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00071 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00072 } 00073 #endif 00074 00075 /* 00076 * Expanded DES S-boxes 00077 */ 00078 static const uint32_t SB1[64] = 00079 { 00080 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00081 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00082 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00083 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00084 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00085 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00086 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00087 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00088 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00089 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00090 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00091 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00092 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00093 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00094 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00095 0x00010004, 0x00010400, 0x00000000, 0x01010004 00096 }; 00097 00098 static const uint32_t SB2[64] = 00099 { 00100 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00101 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00102 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00103 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00104 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00105 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00106 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00107 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00108 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00109 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00110 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00111 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00112 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00113 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00114 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00115 0x80000000, 0x80100020, 0x80108020, 0x00108000 00116 }; 00117 00118 static const uint32_t SB3[64] = 00119 { 00120 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00121 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00122 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00123 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00124 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00125 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00126 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00127 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00128 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00129 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00130 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00131 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00132 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00133 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00134 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00135 0x00020208, 0x00000008, 0x08020008, 0x00020200 00136 }; 00137 00138 static const uint32_t SB4[64] = 00139 { 00140 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00141 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00142 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00143 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00144 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00145 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00146 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00147 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00148 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00149 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00150 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00151 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00152 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00153 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00154 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00155 0x00000080, 0x00800000, 0x00002000, 0x00802080 00156 }; 00157 00158 static const uint32_t SB5[64] = 00159 { 00160 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00161 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00162 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00163 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00164 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00165 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00166 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00167 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00168 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00169 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00170 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00171 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00172 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00173 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00174 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00175 0x00000000, 0x40080000, 0x02080100, 0x40000100 00176 }; 00177 00178 static const uint32_t SB6[64] = 00179 { 00180 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00181 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00182 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00183 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00184 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00185 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00186 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00187 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00188 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00189 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00190 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00191 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00192 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00193 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00194 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00195 0x20404000, 0x20000000, 0x00400010, 0x20004010 00196 }; 00197 00198 static const uint32_t SB7[64] = 00199 { 00200 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00201 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00202 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00203 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00204 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00205 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00206 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00207 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00208 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00209 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00210 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00211 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00212 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00213 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00214 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00215 0x04000002, 0x04000800, 0x00000800, 0x00200002 00216 }; 00217 00218 static const uint32_t SB8[64] = 00219 { 00220 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00221 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00222 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00223 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00224 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00225 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00226 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00227 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00228 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00229 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00230 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00231 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00232 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00233 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00234 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00235 0x00001040, 0x00040040, 0x10000000, 0x10041000 00236 }; 00237 00238 /* 00239 * PC1: left and right halves bit-swap 00240 */ 00241 static const uint32_t LHs[16] = 00242 { 00243 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00244 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00245 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00246 0x01010000, 0x01010001, 0x01010100, 0x01010101 00247 }; 00248 00249 static const uint32_t RHs[16] = 00250 { 00251 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00252 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00253 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00254 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00255 }; 00256 00257 /* 00258 * Initial Permutation macro 00259 */ 00260 #define DES_IP(X,Y) \ 00261 do \ 00262 { \ 00263 T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ 00264 T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \ 00265 T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \ 00266 T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \ 00267 (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \ 00268 T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \ 00269 (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \ 00270 } while( 0 ) 00271 00272 /* 00273 * Final Permutation macro 00274 */ 00275 #define DES_FP(X,Y) \ 00276 do \ 00277 { \ 00278 (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \ 00279 T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T; \ 00280 (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF; \ 00281 T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \ 00282 T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \ 00283 T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \ 00284 T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ 00285 } while( 0 ) 00286 00287 /* 00288 * DES round macro 00289 */ 00290 #define DES_ROUND(X,Y) \ 00291 do \ 00292 { \ 00293 T = *SK++ ^ (X); \ 00294 (Y) ^= SB8[ (T ) & 0x3F ] ^ \ 00295 SB6[ (T >> 8) & 0x3F ] ^ \ 00296 SB4[ (T >> 16) & 0x3F ] ^ \ 00297 SB2[ (T >> 24) & 0x3F ]; \ 00298 \ 00299 T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \ 00300 (Y) ^= SB7[ (T ) & 0x3F ] ^ \ 00301 SB5[ (T >> 8) & 0x3F ] ^ \ 00302 SB3[ (T >> 16) & 0x3F ] ^ \ 00303 SB1[ (T >> 24) & 0x3F ]; \ 00304 } while( 0 ) 00305 00306 #define SWAP(a,b) \ 00307 do \ 00308 { \ 00309 uint32_t t = (a); (a) = (b); (b) = t; t = 0; \ 00310 } while( 0 ) 00311 00312 void mbedtls_des_init( mbedtls_des_context *ctx ) 00313 { 00314 memset( ctx, 0, sizeof( mbedtls_des_context ) ); 00315 } 00316 00317 void mbedtls_des_free( mbedtls_des_context *ctx ) 00318 { 00319 if( ctx == NULL ) 00320 return; 00321 00322 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); 00323 } 00324 00325 void mbedtls_des3_init( mbedtls_des3_context *ctx ) 00326 { 00327 memset( ctx, 0, sizeof( mbedtls_des3_context ) ); 00328 } 00329 00330 void mbedtls_des3_free( mbedtls_des3_context *ctx ) 00331 { 00332 if( ctx == NULL ) 00333 return; 00334 00335 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); 00336 } 00337 00338 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00339 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00340 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00341 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00342 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00343 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00344 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00345 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00346 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00347 254 }; 00348 00349 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00350 { 00351 int i; 00352 00353 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00354 key[i] = odd_parity_table[key[i] / 2]; 00355 } 00356 00357 /* 00358 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00359 */ 00360 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00361 { 00362 int i; 00363 00364 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00365 if( key[i] != odd_parity_table[key[i] / 2] ) 00366 return( 1 ); 00367 00368 return( 0 ); 00369 } 00370 00371 /* 00372 * Table of weak and semi-weak keys 00373 * 00374 * Source: http://en.wikipedia.org/wiki/Weak_key 00375 * 00376 * Weak: 00377 * Alternating ones + zeros (0x0101010101010101) 00378 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00379 * '0xE0E0E0E0F1F1F1F1' 00380 * '0x1F1F1F1F0E0E0E0E' 00381 * 00382 * Semi-weak: 00383 * 0x011F011F010E010E and 0x1F011F010E010E01 00384 * 0x01E001E001F101F1 and 0xE001E001F101F101 00385 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00386 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00387 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00388 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00389 * 00390 */ 00391 00392 #define WEAK_KEY_COUNT 16 00393 00394 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = 00395 { 00396 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00397 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00398 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00399 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00400 00401 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00402 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00403 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00404 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00405 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00406 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00407 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00408 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00409 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00410 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00411 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00412 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00413 }; 00414 00415 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00416 { 00417 int i; 00418 00419 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00420 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 ) 00421 return( 1 ); 00422 00423 return( 0 ); 00424 } 00425 00426 #if !defined(MBEDTLS_DES_SETKEY_ALT) 00427 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00428 { 00429 int i; 00430 uint32_t X, Y, T; 00431 00432 GET_UINT32_BE( X, key, 0 ); 00433 GET_UINT32_BE( Y, key, 4 ); 00434 00435 /* 00436 * Permuted Choice 1 00437 */ 00438 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00439 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00440 00441 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00442 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00443 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00444 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00445 00446 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00447 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00448 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00449 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00450 00451 X &= 0x0FFFFFFF; 00452 Y &= 0x0FFFFFFF; 00453 00454 /* 00455 * calculate subkeys 00456 */ 00457 for( i = 0; i < 16; i++ ) 00458 { 00459 if( i < 2 || i == 8 || i == 15 ) 00460 { 00461 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00462 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00463 } 00464 else 00465 { 00466 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00467 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00468 } 00469 00470 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00471 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00472 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00473 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00474 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00475 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00476 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00477 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00478 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00479 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00480 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00481 00482 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00483 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00484 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00485 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00486 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00487 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00488 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00489 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00490 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00491 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00492 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00493 } 00494 } 00495 #endif /* !MBEDTLS_DES_SETKEY_ALT */ 00496 00497 /* 00498 * DES key schedule (56-bit, encryption) 00499 */ 00500 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00501 { 00502 mbedtls_des_setkey( ctx->sk , key ); 00503 00504 return( 0 ); 00505 } 00506 00507 /* 00508 * DES key schedule (56-bit, decryption) 00509 */ 00510 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00511 { 00512 int i; 00513 00514 mbedtls_des_setkey( ctx->sk , key ); 00515 00516 for( i = 0; i < 16; i += 2 ) 00517 { 00518 SWAP( ctx->sk [i ], ctx->sk [30 - i] ); 00519 SWAP( ctx->sk [i + 1], ctx->sk [31 - i] ); 00520 } 00521 00522 return( 0 ); 00523 } 00524 00525 static void des3_set2key( uint32_t esk[96], 00526 uint32_t dsk[96], 00527 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] ) 00528 { 00529 int i; 00530 00531 mbedtls_des_setkey( esk, key ); 00532 mbedtls_des_setkey( dsk + 32, key + 8 ); 00533 00534 for( i = 0; i < 32; i += 2 ) 00535 { 00536 dsk[i ] = esk[30 - i]; 00537 dsk[i + 1] = esk[31 - i]; 00538 00539 esk[i + 32] = dsk[62 - i]; 00540 esk[i + 33] = dsk[63 - i]; 00541 00542 esk[i + 64] = esk[i ]; 00543 esk[i + 65] = esk[i + 1]; 00544 00545 dsk[i + 64] = dsk[i ]; 00546 dsk[i + 65] = dsk[i + 1]; 00547 } 00548 } 00549 00550 /* 00551 * Triple-DES key schedule (112-bit, encryption) 00552 */ 00553 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, 00554 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00555 { 00556 uint32_t sk[96]; 00557 00558 des3_set2key( ctx->sk , sk, key ); 00559 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00560 00561 return( 0 ); 00562 } 00563 00564 /* 00565 * Triple-DES key schedule (112-bit, decryption) 00566 */ 00567 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, 00568 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00569 { 00570 uint32_t sk[96]; 00571 00572 des3_set2key( sk, ctx->sk , key ); 00573 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00574 00575 return( 0 ); 00576 } 00577 00578 static void des3_set3key( uint32_t esk[96], 00579 uint32_t dsk[96], 00580 const unsigned char key[24] ) 00581 { 00582 int i; 00583 00584 mbedtls_des_setkey( esk, key ); 00585 mbedtls_des_setkey( dsk + 32, key + 8 ); 00586 mbedtls_des_setkey( esk + 64, key + 16 ); 00587 00588 for( i = 0; i < 32; i += 2 ) 00589 { 00590 dsk[i ] = esk[94 - i]; 00591 dsk[i + 1] = esk[95 - i]; 00592 00593 esk[i + 32] = dsk[62 - i]; 00594 esk[i + 33] = dsk[63 - i]; 00595 00596 dsk[i + 64] = esk[30 - i]; 00597 dsk[i + 65] = esk[31 - i]; 00598 } 00599 } 00600 00601 /* 00602 * Triple-DES key schedule (168-bit, encryption) 00603 */ 00604 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, 00605 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00606 { 00607 uint32_t sk[96]; 00608 00609 des3_set3key( ctx->sk , sk, key ); 00610 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00611 00612 return( 0 ); 00613 } 00614 00615 /* 00616 * Triple-DES key schedule (168-bit, decryption) 00617 */ 00618 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, 00619 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00620 { 00621 uint32_t sk[96]; 00622 00623 des3_set3key( sk, ctx->sk , key ); 00624 mbedtls_platform_zeroize( sk, sizeof( sk ) ); 00625 00626 return( 0 ); 00627 } 00628 00629 /* 00630 * DES-ECB block encryption/decryption 00631 */ 00632 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) 00633 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, 00634 const unsigned char input[8], 00635 unsigned char output[8] ) 00636 { 00637 int i; 00638 uint32_t X, Y, T, *SK; 00639 00640 SK = ctx->sk ; 00641 00642 GET_UINT32_BE( X, input, 0 ); 00643 GET_UINT32_BE( Y, input, 4 ); 00644 00645 DES_IP( X, Y ); 00646 00647 for( i = 0; i < 8; i++ ) 00648 { 00649 DES_ROUND( Y, X ); 00650 DES_ROUND( X, Y ); 00651 } 00652 00653 DES_FP( Y, X ); 00654 00655 PUT_UINT32_BE( Y, output, 0 ); 00656 PUT_UINT32_BE( X, output, 4 ); 00657 00658 return( 0 ); 00659 } 00660 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ 00661 00662 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00663 /* 00664 * DES-CBC buffer encryption/decryption 00665 */ 00666 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, 00667 int mode, 00668 size_t length, 00669 unsigned char iv[8], 00670 const unsigned char *input, 00671 unsigned char *output ) 00672 { 00673 int i; 00674 unsigned char temp[8]; 00675 00676 if( length % 8 ) 00677 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00678 00679 if( mode == MBEDTLS_DES_ENCRYPT ) 00680 { 00681 while( length > 0 ) 00682 { 00683 for( i = 0; i < 8; i++ ) 00684 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00685 00686 mbedtls_des_crypt_ecb( ctx, output, output ); 00687 memcpy( iv, output, 8 ); 00688 00689 input += 8; 00690 output += 8; 00691 length -= 8; 00692 } 00693 } 00694 else /* MBEDTLS_DES_DECRYPT */ 00695 { 00696 while( length > 0 ) 00697 { 00698 memcpy( temp, input, 8 ); 00699 mbedtls_des_crypt_ecb( ctx, input, output ); 00700 00701 for( i = 0; i < 8; i++ ) 00702 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00703 00704 memcpy( iv, temp, 8 ); 00705 00706 input += 8; 00707 output += 8; 00708 length -= 8; 00709 } 00710 } 00711 00712 return( 0 ); 00713 } 00714 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00715 00716 /* 00717 * 3DES-ECB block encryption/decryption 00718 */ 00719 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) 00720 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, 00721 const unsigned char input[8], 00722 unsigned char output[8] ) 00723 { 00724 int i; 00725 uint32_t X, Y, T, *SK; 00726 00727 SK = ctx->sk ; 00728 00729 GET_UINT32_BE( X, input, 0 ); 00730 GET_UINT32_BE( Y, input, 4 ); 00731 00732 DES_IP( X, Y ); 00733 00734 for( i = 0; i < 8; i++ ) 00735 { 00736 DES_ROUND( Y, X ); 00737 DES_ROUND( X, Y ); 00738 } 00739 00740 for( i = 0; i < 8; i++ ) 00741 { 00742 DES_ROUND( X, Y ); 00743 DES_ROUND( Y, X ); 00744 } 00745 00746 for( i = 0; i < 8; i++ ) 00747 { 00748 DES_ROUND( Y, X ); 00749 DES_ROUND( X, Y ); 00750 } 00751 00752 DES_FP( Y, X ); 00753 00754 PUT_UINT32_BE( Y, output, 0 ); 00755 PUT_UINT32_BE( X, output, 4 ); 00756 00757 return( 0 ); 00758 } 00759 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ 00760 00761 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00762 /* 00763 * 3DES-CBC buffer encryption/decryption 00764 */ 00765 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, 00766 int mode, 00767 size_t length, 00768 unsigned char iv[8], 00769 const unsigned char *input, 00770 unsigned char *output ) 00771 { 00772 int i; 00773 unsigned char temp[8]; 00774 00775 if( length % 8 ) 00776 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00777 00778 if( mode == MBEDTLS_DES_ENCRYPT ) 00779 { 00780 while( length > 0 ) 00781 { 00782 for( i = 0; i < 8; i++ ) 00783 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00784 00785 mbedtls_des3_crypt_ecb( ctx, output, output ); 00786 memcpy( iv, output, 8 ); 00787 00788 input += 8; 00789 output += 8; 00790 length -= 8; 00791 } 00792 } 00793 else /* MBEDTLS_DES_DECRYPT */ 00794 { 00795 while( length > 0 ) 00796 { 00797 memcpy( temp, input, 8 ); 00798 mbedtls_des3_crypt_ecb( ctx, input, output ); 00799 00800 for( i = 0; i < 8; i++ ) 00801 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00802 00803 memcpy( iv, temp, 8 ); 00804 00805 input += 8; 00806 output += 8; 00807 length -= 8; 00808 } 00809 } 00810 00811 return( 0 ); 00812 } 00813 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00814 00815 #endif /* !MBEDTLS_DES_ALT */ 00816 00817 #if defined(MBEDTLS_SELF_TEST) 00818 /* 00819 * DES and 3DES test vectors from: 00820 * 00821 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00822 */ 00823 static const unsigned char des3_test_keys[24] = 00824 { 00825 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00826 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00827 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00828 }; 00829 00830 static const unsigned char des3_test_buf[8] = 00831 { 00832 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00833 }; 00834 00835 static const unsigned char des3_test_ecb_dec[3][8] = 00836 { 00837 { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 }, 00838 { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 }, 00839 { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D } 00840 }; 00841 00842 static const unsigned char des3_test_ecb_enc[3][8] = 00843 { 00844 { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB }, 00845 { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 }, 00846 { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F } 00847 }; 00848 00849 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00850 static const unsigned char des3_test_iv[8] = 00851 { 00852 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00853 }; 00854 00855 static const unsigned char des3_test_cbc_dec[3][8] = 00856 { 00857 { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A }, 00858 { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 }, 00859 { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF } 00860 }; 00861 00862 static const unsigned char des3_test_cbc_enc[3][8] = 00863 { 00864 { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D }, 00865 { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 }, 00866 { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 } 00867 }; 00868 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00869 00870 /* 00871 * Checkup routine 00872 */ 00873 int mbedtls_des_self_test( int verbose ) 00874 { 00875 int i, j, u, v, ret = 0; 00876 mbedtls_des_context ctx; 00877 mbedtls_des3_context ctx3; 00878 unsigned char buf[8]; 00879 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00880 unsigned char prv[8]; 00881 unsigned char iv[8]; 00882 #endif 00883 00884 mbedtls_des_init( &ctx ); 00885 mbedtls_des3_init( &ctx3 ); 00886 /* 00887 * ECB mode 00888 */ 00889 for( i = 0; i < 6; i++ ) 00890 { 00891 u = i >> 1; 00892 v = i & 1; 00893 00894 if( verbose != 0 ) 00895 mbedtls_printf( " DES%c-ECB-%3d (%s): ", 00896 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00897 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00898 00899 memcpy( buf, des3_test_buf, 8 ); 00900 00901 switch( i ) 00902 { 00903 case 0: 00904 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00905 break; 00906 00907 case 1: 00908 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00909 break; 00910 00911 case 2: 00912 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00913 break; 00914 00915 case 3: 00916 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00917 break; 00918 00919 case 4: 00920 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00921 break; 00922 00923 case 5: 00924 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 00925 break; 00926 00927 default: 00928 return( 1 ); 00929 } 00930 00931 for( j = 0; j < 100; j++ ) 00932 { 00933 if( u == 0 ) 00934 mbedtls_des_crypt_ecb( &ctx, buf, buf ); 00935 else 00936 mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); 00937 } 00938 00939 if( ( v == MBEDTLS_DES_DECRYPT && 00940 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00941 ( v != MBEDTLS_DES_DECRYPT && 00942 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00943 { 00944 if( verbose != 0 ) 00945 mbedtls_printf( "failed\n" ); 00946 00947 ret = 1; 00948 goto exit; 00949 } 00950 00951 if( verbose != 0 ) 00952 mbedtls_printf( "passed\n" ); 00953 } 00954 00955 if( verbose != 0 ) 00956 mbedtls_printf( "\n" ); 00957 00958 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00959 /* 00960 * CBC mode 00961 */ 00962 for( i = 0; i < 6; i++ ) 00963 { 00964 u = i >> 1; 00965 v = i & 1; 00966 00967 if( verbose != 0 ) 00968 mbedtls_printf( " DES%c-CBC-%3d (%s): ", 00969 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00970 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00971 00972 memcpy( iv, des3_test_iv, 8 ); 00973 memcpy( prv, des3_test_iv, 8 ); 00974 memcpy( buf, des3_test_buf, 8 ); 00975 00976 switch( i ) 00977 { 00978 case 0: 00979 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00980 break; 00981 00982 case 1: 00983 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00984 break; 00985 00986 case 2: 00987 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00988 break; 00989 00990 case 3: 00991 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00992 break; 00993 00994 case 4: 00995 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00996 break; 00997 00998 case 5: 00999 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 01000 break; 01001 01002 default: 01003 return( 1 ); 01004 } 01005 01006 if( v == MBEDTLS_DES_DECRYPT ) 01007 { 01008 for( j = 0; j < 100; j++ ) 01009 { 01010 if( u == 0 ) 01011 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01012 else 01013 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01014 } 01015 } 01016 else 01017 { 01018 for( j = 0; j < 100; j++ ) 01019 { 01020 unsigned char tmp[8]; 01021 01022 if( u == 0 ) 01023 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01024 else 01025 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01026 01027 memcpy( tmp, prv, 8 ); 01028 memcpy( prv, buf, 8 ); 01029 memcpy( buf, tmp, 8 ); 01030 } 01031 01032 memcpy( buf, prv, 8 ); 01033 } 01034 01035 if( ( v == MBEDTLS_DES_DECRYPT && 01036 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 01037 ( v != MBEDTLS_DES_DECRYPT && 01038 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 01039 { 01040 if( verbose != 0 ) 01041 mbedtls_printf( "failed\n" ); 01042 01043 ret = 1; 01044 goto exit; 01045 } 01046 01047 if( verbose != 0 ) 01048 mbedtls_printf( "passed\n" ); 01049 } 01050 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 01051 01052 if( verbose != 0 ) 01053 mbedtls_printf( "\n" ); 01054 01055 exit: 01056 mbedtls_des_free( &ctx ); 01057 mbedtls_des3_free( &ctx3 ); 01058 01059 return( ret ); 01060 } 01061 01062 #endif /* MBEDTLS_SELF_TEST */ 01063 01064 #endif /* MBEDTLS_DES_C */
Generated on Tue Jul 12 2022 13:54:16 by
