Jan Korycan
/
WNCInterface
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: WncControllerK64F
Fork of
WNCInterface
by 
Jan Korycan
Embed:
(wiki syntax)
Show/hide line numbers
des.c
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * DES, on which TDES is based, was originally designed by Horst Feistel 00023 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00024 * 00025 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00026 */ 00027 00028 #if !defined(MBEDTLS_CONFIG_FILE) 00029 #include "mbedtls/config.h" 00030 #else 00031 #include MBEDTLS_CONFIG_FILE 00032 #endif 00033 00034 #if defined(MBEDTLS_DES_C) 00035 00036 #include "mbedtls/des.h" 00037 00038 #include <string.h> 00039 00040 #if defined(MBEDTLS_SELF_TEST) 00041 #if defined(MBEDTLS_PLATFORM_C) 00042 #include "mbedtls/platform.h" 00043 #else 00044 #include <stdio.h> 00045 #define mbedtls_printf pc.printf 00046 #endif /* MBEDTLS_PLATFORM_C */ 00047 #endif /* MBEDTLS_SELF_TEST */ 00048 00049 00050 #if !defined(MBEDTLS_DES_ALT) 00051 00052 /* Implementation that should never be optimized out by the compiler */ 00053 static void mbedtls_zeroize( void *v, size_t n ) { 00054 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; 00055 } 00056 00057 /* 00058 * 32-bit integer manipulation macros (big endian) 00059 */ 00060 #ifndef GET_UINT32_BE 00061 #define GET_UINT32_BE(n,b,i) \ 00062 { \ 00063 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00064 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00065 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00066 | ( (uint32_t) (b)[(i) + 3] ); \ 00067 } 00068 #endif 00069 00070 #ifndef PUT_UINT32_BE 00071 #define PUT_UINT32_BE(n,b,i) \ 00072 { \ 00073 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00074 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00075 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00076 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00077 } 00078 #endif 00079 00080 /* 00081 * Expanded DES S-boxes 00082 */ 00083 static const uint32_t SB1[64] = 00084 { 00085 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00086 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00087 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00088 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00089 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00090 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00091 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00092 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00093 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00094 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00095 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00096 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00097 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00098 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00099 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00100 0x00010004, 0x00010400, 0x00000000, 0x01010004 00101 }; 00102 00103 static const uint32_t SB2[64] = 00104 { 00105 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00106 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00107 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00108 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00109 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00110 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00111 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00112 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00113 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00114 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00115 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00116 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00117 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00118 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00119 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00120 0x80000000, 0x80100020, 0x80108020, 0x00108000 00121 }; 00122 00123 static const uint32_t SB3[64] = 00124 { 00125 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00126 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00127 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00128 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00129 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00130 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00131 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00132 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00133 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00134 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00135 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00136 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00137 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00138 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00139 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00140 0x00020208, 0x00000008, 0x08020008, 0x00020200 00141 }; 00142 00143 static const uint32_t SB4[64] = 00144 { 00145 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00146 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00147 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00148 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00149 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00150 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00151 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00152 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00153 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00155 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00156 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00157 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00158 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00159 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00160 0x00000080, 0x00800000, 0x00002000, 0x00802080 00161 }; 00162 00163 static const uint32_t SB5[64] = 00164 { 00165 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00166 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00167 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00168 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00169 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00170 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00171 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00172 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00173 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00174 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00175 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00176 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00177 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00178 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00179 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00180 0x00000000, 0x40080000, 0x02080100, 0x40000100 00181 }; 00182 00183 static const uint32_t SB6[64] = 00184 { 00185 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00186 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00187 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00188 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00189 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00190 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00191 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00192 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00193 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00194 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00195 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00196 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00197 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00198 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00199 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00200 0x20404000, 0x20000000, 0x00400010, 0x20004010 00201 }; 00202 00203 static const uint32_t SB7[64] = 00204 { 00205 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00206 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00207 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00208 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00209 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00210 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00211 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00212 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00213 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00214 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00215 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00216 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00217 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00218 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00219 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00220 0x04000002, 0x04000800, 0x00000800, 0x00200002 00221 }; 00222 00223 static const uint32_t SB8[64] = 00224 { 00225 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00226 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00227 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00228 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00229 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00230 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00231 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00232 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00233 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00234 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00235 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00236 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00237 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00238 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00239 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00240 0x00001040, 0x00040040, 0x10000000, 0x10041000 00241 }; 00242 00243 /* 00244 * PC1: left and right halves bit-swap 00245 */ 00246 static const uint32_t LHs[16] = 00247 { 00248 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00249 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00250 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00251 0x01010000, 0x01010001, 0x01010100, 0x01010101 00252 }; 00253 00254 static const uint32_t RHs[16] = 00255 { 00256 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00257 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00258 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00259 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00260 }; 00261 00262 /* 00263 * Initial Permutation macro 00264 */ 00265 #define DES_IP(X,Y) \ 00266 { \ 00267 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00268 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00269 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00270 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00271 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ 00272 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ 00273 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ 00274 } 00275 00276 /* 00277 * Final Permutation macro 00278 */ 00279 #define DES_FP(X,Y) \ 00280 { \ 00281 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ 00282 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ 00283 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ 00284 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00285 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00286 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00287 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00288 } 00289 00290 /* 00291 * DES round macro 00292 */ 00293 #define DES_ROUND(X,Y) \ 00294 { \ 00295 T = *SK++ ^ X; \ 00296 Y ^= SB8[ (T ) & 0x3F ] ^ \ 00297 SB6[ (T >> 8) & 0x3F ] ^ \ 00298 SB4[ (T >> 16) & 0x3F ] ^ \ 00299 SB2[ (T >> 24) & 0x3F ]; \ 00300 \ 00301 T = *SK++ ^ ((X << 28) | (X >> 4)); \ 00302 Y ^= SB7[ (T ) & 0x3F ] ^ \ 00303 SB5[ (T >> 8) & 0x3F ] ^ \ 00304 SB3[ (T >> 16) & 0x3F ] ^ \ 00305 SB1[ (T >> 24) & 0x3F ]; \ 00306 } 00307 00308 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } 00309 00310 void mbedtls_des_init( mbedtls_des_context *ctx ) 00311 { 00312 memset( ctx, 0, sizeof( mbedtls_des_context ) ); 00313 } 00314 00315 void mbedtls_des_free( mbedtls_des_context *ctx ) 00316 { 00317 if( ctx == NULL ) 00318 return; 00319 00320 mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) ); 00321 } 00322 00323 void mbedtls_des3_init( mbedtls_des3_context *ctx ) 00324 { 00325 memset( ctx, 0, sizeof( mbedtls_des3_context ) ); 00326 } 00327 00328 void mbedtls_des3_free( mbedtls_des3_context *ctx ) 00329 { 00330 if( ctx == NULL ) 00331 return; 00332 00333 mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) ); 00334 } 00335 00336 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00337 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00338 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00339 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00340 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00341 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00342 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00343 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00344 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00345 254 }; 00346 00347 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00348 { 00349 int i; 00350 00351 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00352 key[i] = odd_parity_table[key[i] / 2]; 00353 } 00354 00355 /* 00356 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00357 */ 00358 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00359 { 00360 int i; 00361 00362 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) 00363 if( key[i] != odd_parity_table[key[i] / 2] ) 00364 return( 1 ); 00365 00366 return( 0 ); 00367 } 00368 00369 /* 00370 * Table of weak and semi-weak keys 00371 * 00372 * Source: http://en.wikipedia.org/wiki/Weak_key 00373 * 00374 * Weak: 00375 * Alternating ones + zeros (0x0101010101010101) 00376 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00377 * '0xE0E0E0E0F1F1F1F1' 00378 * '0x1F1F1F1F0E0E0E0E' 00379 * 00380 * Semi-weak: 00381 * 0x011F011F010E010E and 0x1F011F010E010E01 00382 * 0x01E001E001F101F1 and 0xE001E001F101F101 00383 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00384 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00385 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00386 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00387 * 00388 */ 00389 00390 #define WEAK_KEY_COUNT 16 00391 00392 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = 00393 { 00394 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00395 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00396 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00397 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00398 00399 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00400 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00401 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00402 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00403 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00404 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00405 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00406 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00407 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00408 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00409 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00410 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00411 }; 00412 00413 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00414 { 00415 int i; 00416 00417 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00418 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 ) 00419 return( 1 ); 00420 00421 return( 0 ); 00422 } 00423 00424 #if !defined(MBEDTLS_DES_SETKEY_ALT) 00425 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00426 { 00427 int i; 00428 uint32_t X, Y, T; 00429 00430 GET_UINT32_BE( X, key, 0 ); 00431 GET_UINT32_BE( Y, key, 4 ); 00432 00433 /* 00434 * Permuted Choice 1 00435 */ 00436 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00437 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00438 00439 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00440 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00441 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00442 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00443 00444 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00445 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00446 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00447 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00448 00449 X &= 0x0FFFFFFF; 00450 Y &= 0x0FFFFFFF; 00451 00452 /* 00453 * calculate subkeys 00454 */ 00455 for( i = 0; i < 16; i++ ) 00456 { 00457 if( i < 2 || i == 8 || i == 15 ) 00458 { 00459 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00460 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00461 } 00462 else 00463 { 00464 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00465 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00466 } 00467 00468 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00469 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00470 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00471 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00472 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00473 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00474 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00475 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00476 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00477 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00478 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00479 00480 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00481 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00482 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00483 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00484 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00485 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00486 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00487 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00488 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00489 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00490 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00491 } 00492 } 00493 #endif /* !MBEDTLS_DES_SETKEY_ALT */ 00494 00495 /* 00496 * DES key schedule (56-bit, encryption) 00497 */ 00498 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00499 { 00500 mbedtls_des_setkey( ctx->sk , key ); 00501 00502 return( 0 ); 00503 } 00504 00505 /* 00506 * DES key schedule (56-bit, decryption) 00507 */ 00508 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) 00509 { 00510 int i; 00511 00512 mbedtls_des_setkey( ctx->sk , key ); 00513 00514 for( i = 0; i < 16; i += 2 ) 00515 { 00516 SWAP( ctx->sk [i ], ctx->sk [30 - i] ); 00517 SWAP( ctx->sk [i + 1], ctx->sk [31 - i] ); 00518 } 00519 00520 return( 0 ); 00521 } 00522 00523 static void des3_set2key( uint32_t esk[96], 00524 uint32_t dsk[96], 00525 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] ) 00526 { 00527 int i; 00528 00529 mbedtls_des_setkey( esk, key ); 00530 mbedtls_des_setkey( dsk + 32, key + 8 ); 00531 00532 for( i = 0; i < 32; i += 2 ) 00533 { 00534 dsk[i ] = esk[30 - i]; 00535 dsk[i + 1] = esk[31 - i]; 00536 00537 esk[i + 32] = dsk[62 - i]; 00538 esk[i + 33] = dsk[63 - i]; 00539 00540 esk[i + 64] = esk[i ]; 00541 esk[i + 65] = esk[i + 1]; 00542 00543 dsk[i + 64] = dsk[i ]; 00544 dsk[i + 65] = dsk[i + 1]; 00545 } 00546 } 00547 00548 /* 00549 * Triple-DES key schedule (112-bit, encryption) 00550 */ 00551 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, 00552 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00553 { 00554 uint32_t sk[96]; 00555 00556 des3_set2key( ctx->sk , sk, key ); 00557 mbedtls_zeroize( sk, sizeof( sk ) ); 00558 00559 return( 0 ); 00560 } 00561 00562 /* 00563 * Triple-DES key schedule (112-bit, decryption) 00564 */ 00565 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, 00566 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) 00567 { 00568 uint32_t sk[96]; 00569 00570 des3_set2key( sk, ctx->sk , key ); 00571 mbedtls_zeroize( sk, sizeof( sk ) ); 00572 00573 return( 0 ); 00574 } 00575 00576 static void des3_set3key( uint32_t esk[96], 00577 uint32_t dsk[96], 00578 const unsigned char key[24] ) 00579 { 00580 int i; 00581 00582 mbedtls_des_setkey( esk, key ); 00583 mbedtls_des_setkey( dsk + 32, key + 8 ); 00584 mbedtls_des_setkey( esk + 64, key + 16 ); 00585 00586 for( i = 0; i < 32; i += 2 ) 00587 { 00588 dsk[i ] = esk[94 - i]; 00589 dsk[i + 1] = esk[95 - i]; 00590 00591 esk[i + 32] = dsk[62 - i]; 00592 esk[i + 33] = dsk[63 - i]; 00593 00594 dsk[i + 64] = esk[30 - i]; 00595 dsk[i + 65] = esk[31 - i]; 00596 } 00597 } 00598 00599 /* 00600 * Triple-DES key schedule (168-bit, encryption) 00601 */ 00602 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, 00603 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00604 { 00605 uint32_t sk[96]; 00606 00607 des3_set3key( ctx->sk , sk, key ); 00608 mbedtls_zeroize( sk, sizeof( sk ) ); 00609 00610 return( 0 ); 00611 } 00612 00613 /* 00614 * Triple-DES key schedule (168-bit, decryption) 00615 */ 00616 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, 00617 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) 00618 { 00619 uint32_t sk[96]; 00620 00621 des3_set3key( sk, ctx->sk , key ); 00622 mbedtls_zeroize( sk, sizeof( sk ) ); 00623 00624 return( 0 ); 00625 } 00626 00627 /* 00628 * DES-ECB block encryption/decryption 00629 */ 00630 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) 00631 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, 00632 const unsigned char input[8], 00633 unsigned char output[8] ) 00634 { 00635 int i; 00636 uint32_t X, Y, T, *SK; 00637 00638 SK = ctx->sk ; 00639 00640 GET_UINT32_BE( X, input, 0 ); 00641 GET_UINT32_BE( Y, input, 4 ); 00642 00643 DES_IP( X, Y ); 00644 00645 for( i = 0; i < 8; i++ ) 00646 { 00647 DES_ROUND( Y, X ); 00648 DES_ROUND( X, Y ); 00649 } 00650 00651 DES_FP( Y, X ); 00652 00653 PUT_UINT32_BE( Y, output, 0 ); 00654 PUT_UINT32_BE( X, output, 4 ); 00655 00656 return( 0 ); 00657 } 00658 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ 00659 00660 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00661 /* 00662 * DES-CBC buffer encryption/decryption 00663 */ 00664 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, 00665 int mode, 00666 size_t length, 00667 unsigned char iv[8], 00668 const unsigned char *input, 00669 unsigned char *output ) 00670 { 00671 int i; 00672 unsigned char temp[8]; 00673 00674 if( length % 8 ) 00675 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00676 00677 if( mode == MBEDTLS_DES_ENCRYPT ) 00678 { 00679 while( length > 0 ) 00680 { 00681 for( i = 0; i < 8; i++ ) 00682 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00683 00684 mbedtls_des_crypt_ecb( ctx, output, output ); 00685 memcpy( iv, output, 8 ); 00686 00687 input += 8; 00688 output += 8; 00689 length -= 8; 00690 } 00691 } 00692 else /* MBEDTLS_DES_DECRYPT */ 00693 { 00694 while( length > 0 ) 00695 { 00696 memcpy( temp, input, 8 ); 00697 mbedtls_des_crypt_ecb( ctx, input, output ); 00698 00699 for( i = 0; i < 8; i++ ) 00700 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00701 00702 memcpy( iv, temp, 8 ); 00703 00704 input += 8; 00705 output += 8; 00706 length -= 8; 00707 } 00708 } 00709 00710 return( 0 ); 00711 } 00712 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00713 00714 /* 00715 * 3DES-ECB block encryption/decryption 00716 */ 00717 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) 00718 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, 00719 const unsigned char input[8], 00720 unsigned char output[8] ) 00721 { 00722 int i; 00723 uint32_t X, Y, T, *SK; 00724 00725 SK = ctx->sk ; 00726 00727 GET_UINT32_BE( X, input, 0 ); 00728 GET_UINT32_BE( Y, input, 4 ); 00729 00730 DES_IP( X, Y ); 00731 00732 for( i = 0; i < 8; i++ ) 00733 { 00734 DES_ROUND( Y, X ); 00735 DES_ROUND( X, Y ); 00736 } 00737 00738 for( i = 0; i < 8; i++ ) 00739 { 00740 DES_ROUND( X, Y ); 00741 DES_ROUND( Y, X ); 00742 } 00743 00744 for( i = 0; i < 8; i++ ) 00745 { 00746 DES_ROUND( Y, X ); 00747 DES_ROUND( X, Y ); 00748 } 00749 00750 DES_FP( Y, X ); 00751 00752 PUT_UINT32_BE( Y, output, 0 ); 00753 PUT_UINT32_BE( X, output, 4 ); 00754 00755 return( 0 ); 00756 } 00757 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ 00758 00759 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00760 /* 00761 * 3DES-CBC buffer encryption/decryption 00762 */ 00763 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, 00764 int mode, 00765 size_t length, 00766 unsigned char iv[8], 00767 const unsigned char *input, 00768 unsigned char *output ) 00769 { 00770 int i; 00771 unsigned char temp[8]; 00772 00773 if( length % 8 ) 00774 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); 00775 00776 if( mode == MBEDTLS_DES_ENCRYPT ) 00777 { 00778 while( length > 0 ) 00779 { 00780 for( i = 0; i < 8; i++ ) 00781 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00782 00783 mbedtls_des3_crypt_ecb( ctx, output, output ); 00784 memcpy( iv, output, 8 ); 00785 00786 input += 8; 00787 output += 8; 00788 length -= 8; 00789 } 00790 } 00791 else /* MBEDTLS_DES_DECRYPT */ 00792 { 00793 while( length > 0 ) 00794 { 00795 memcpy( temp, input, 8 ); 00796 mbedtls_des3_crypt_ecb( ctx, input, output ); 00797 00798 for( i = 0; i < 8; i++ ) 00799 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00800 00801 memcpy( iv, temp, 8 ); 00802 00803 input += 8; 00804 output += 8; 00805 length -= 8; 00806 } 00807 } 00808 00809 return( 0 ); 00810 } 00811 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00812 00813 #endif /* !MBEDTLS_DES_ALT */ 00814 00815 #if defined(MBEDTLS_SELF_TEST) 00816 /* 00817 * DES and 3DES test vectors from: 00818 * 00819 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00820 */ 00821 static const unsigned char des3_test_keys[24] = 00822 { 00823 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00824 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00825 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00826 }; 00827 00828 static const unsigned char des3_test_buf[8] = 00829 { 00830 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00831 }; 00832 00833 static const unsigned char des3_test_ecb_dec[3][8] = 00834 { 00835 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, 00836 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, 00837 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } 00838 }; 00839 00840 static const unsigned char des3_test_ecb_enc[3][8] = 00841 { 00842 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, 00843 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, 00844 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } 00845 }; 00846 00847 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00848 static const unsigned char des3_test_iv[8] = 00849 { 00850 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00851 }; 00852 00853 static const unsigned char des3_test_cbc_dec[3][8] = 00854 { 00855 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, 00856 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, 00857 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } 00858 }; 00859 00860 static const unsigned char des3_test_cbc_enc[3][8] = 00861 { 00862 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, 00863 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, 00864 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } 00865 }; 00866 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00867 00868 /* 00869 * Checkup routine 00870 */ 00871 int mbedtls_des_self_test( int verbose ) 00872 { 00873 int i, j, u, v, ret = 0; 00874 mbedtls_des_context ctx; 00875 mbedtls_des3_context ctx3; 00876 unsigned char buf[8]; 00877 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00878 unsigned char prv[8]; 00879 unsigned char iv[8]; 00880 #endif 00881 00882 mbedtls_des_init( &ctx ); 00883 mbedtls_des3_init( &ctx3 ); 00884 /* 00885 * ECB mode 00886 */ 00887 for( i = 0; i < 6; i++ ) 00888 { 00889 u = i >> 1; 00890 v = i & 1; 00891 00892 if( verbose != 0 ) 00893 mbedtls_printf( " DES%c-ECB-%3d (%s): ", 00894 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00895 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00896 00897 memcpy( buf, des3_test_buf, 8 ); 00898 00899 switch( i ) 00900 { 00901 case 0: 00902 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00903 break; 00904 00905 case 1: 00906 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00907 break; 00908 00909 case 2: 00910 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00911 break; 00912 00913 case 3: 00914 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00915 break; 00916 00917 case 4: 00918 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00919 break; 00920 00921 case 5: 00922 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 00923 break; 00924 00925 default: 00926 return( 1 ); 00927 } 00928 00929 for( j = 0; j < 10000; j++ ) 00930 { 00931 if( u == 0 ) 00932 mbedtls_des_crypt_ecb( &ctx, buf, buf ); 00933 else 00934 mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); 00935 } 00936 00937 if( ( v == MBEDTLS_DES_DECRYPT && 00938 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00939 ( v != MBEDTLS_DES_DECRYPT && 00940 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00941 { 00942 if( verbose != 0 ) 00943 mbedtls_printf( "failed\n" ); 00944 00945 ret = 1; 00946 goto exit; 00947 } 00948 00949 if( verbose != 0 ) 00950 mbedtls_printf( "passed\n" ); 00951 } 00952 00953 if( verbose != 0 ) 00954 mbedtls_printf( "\n" ); 00955 00956 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00957 /* 00958 * CBC mode 00959 */ 00960 for( i = 0; i < 6; i++ ) 00961 { 00962 u = i >> 1; 00963 v = i & 1; 00964 00965 if( verbose != 0 ) 00966 mbedtls_printf( " DES%c-CBC-%3d (%s): ", 00967 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00968 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); 00969 00970 memcpy( iv, des3_test_iv, 8 ); 00971 memcpy( prv, des3_test_iv, 8 ); 00972 memcpy( buf, des3_test_buf, 8 ); 00973 00974 switch( i ) 00975 { 00976 case 0: 00977 mbedtls_des_setkey_dec( &ctx, des3_test_keys ); 00978 break; 00979 00980 case 1: 00981 mbedtls_des_setkey_enc( &ctx, des3_test_keys ); 00982 break; 00983 00984 case 2: 00985 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); 00986 break; 00987 00988 case 3: 00989 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); 00990 break; 00991 00992 case 4: 00993 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); 00994 break; 00995 00996 case 5: 00997 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); 00998 break; 00999 01000 default: 01001 return( 1 ); 01002 } 01003 01004 if( v == MBEDTLS_DES_DECRYPT ) 01005 { 01006 for( j = 0; j < 10000; j++ ) 01007 { 01008 if( u == 0 ) 01009 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01010 else 01011 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01012 } 01013 } 01014 else 01015 { 01016 for( j = 0; j < 10000; j++ ) 01017 { 01018 unsigned char tmp[8]; 01019 01020 if( u == 0 ) 01021 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01022 else 01023 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01024 01025 memcpy( tmp, prv, 8 ); 01026 memcpy( prv, buf, 8 ); 01027 memcpy( buf, tmp, 8 ); 01028 } 01029 01030 memcpy( buf, prv, 8 ); 01031 } 01032 01033 if( ( v == MBEDTLS_DES_DECRYPT && 01034 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 01035 ( v != MBEDTLS_DES_DECRYPT && 01036 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 01037 { 01038 if( verbose != 0 ) 01039 mbedtls_printf( "failed\n" ); 01040 01041 ret = 1; 01042 goto exit; 01043 } 01044 01045 if( verbose != 0 ) 01046 mbedtls_printf( "passed\n" ); 01047 } 01048 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 01049 01050 if( verbose != 0 ) 01051 mbedtls_printf( "\n" ); 01052 01053 exit: 01054 mbedtls_des_free( &ctx ); 01055 mbedtls_des3_free( &ctx3 ); 01056 01057 return( ret ); 01058 } 01059 01060 #endif /* MBEDTLS_SELF_TEST */ 01061 01062 #endif /* MBEDTLS_DES_C */
Generated on Tue Jul 12 2022 20:52:40 by
1.7.2