]> cvs.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/des.c
fix 'lf pcf7931 bruteforce' (bug reported in http://www.proxmark.org/forum/viewtopic...
[proxmark3-svn] / common / mbedtls / des.c
1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 /*
24 * DES, on which TDES is based, was originally designed by Horst Feistel
25 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
26 *
27 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
28 */
29
30 #if !defined(MBEDTLS_CONFIG_FILE)
31 #include "mbedtls/config.h"
32 #else
33 #include MBEDTLS_CONFIG_FILE
34 #endif
35
36 #if defined(MBEDTLS_DES_C)
37
38 #include "mbedtls/des.h"
39 #include "mbedtls/platform_util.h"
40
41 #include <string.h>
42
43 #if defined(MBEDTLS_SELF_TEST)
44 #if defined(MBEDTLS_PLATFORM_C)
45 #include "mbedtls/platform.h"
46 #else
47 #include <stdio.h>
48 #define mbedtls_printf printf
49 #endif /* MBEDTLS_PLATFORM_C */
50 #endif /* MBEDTLS_SELF_TEST */
51
52 #if !defined(MBEDTLS_DES_ALT)
53
54 /*
55 * 32-bit integer manipulation macros (big endian)
56 */
57 #ifndef GET_UINT32_BE
58 #define GET_UINT32_BE(n,b,i) \
59 { \
60 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
61 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
62 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
63 | ( (uint32_t) (b)[(i) + 3] ); \
64 }
65 #endif
66
67 #ifndef PUT_UINT32_BE
68 #define PUT_UINT32_BE(n,b,i) \
69 { \
70 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
71 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
72 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
73 (b)[(i) + 3] = (unsigned char) ( (n) ); \
74 }
75 #endif
76
77 /*
78 * Expanded DES S-boxes
79 */
80 static const uint32_t SB1[64] =
81 {
82 0x01010400, 0x00000000, 0x00010000, 0x01010404,
83 0x01010004, 0x00010404, 0x00000004, 0x00010000,
84 0x00000400, 0x01010400, 0x01010404, 0x00000400,
85 0x01000404, 0x01010004, 0x01000000, 0x00000004,
86 0x00000404, 0x01000400, 0x01000400, 0x00010400,
87 0x00010400, 0x01010000, 0x01010000, 0x01000404,
88 0x00010004, 0x01000004, 0x01000004, 0x00010004,
89 0x00000000, 0x00000404, 0x00010404, 0x01000000,
90 0x00010000, 0x01010404, 0x00000004, 0x01010000,
91 0x01010400, 0x01000000, 0x01000000, 0x00000400,
92 0x01010004, 0x00010000, 0x00010400, 0x01000004,
93 0x00000400, 0x00000004, 0x01000404, 0x00010404,
94 0x01010404, 0x00010004, 0x01010000, 0x01000404,
95 0x01000004, 0x00000404, 0x00010404, 0x01010400,
96 0x00000404, 0x01000400, 0x01000400, 0x00000000,
97 0x00010004, 0x00010400, 0x00000000, 0x01010004
98 };
99
100 static const uint32_t SB2[64] =
101 {
102 0x80108020, 0x80008000, 0x00008000, 0x00108020,
103 0x00100000, 0x00000020, 0x80100020, 0x80008020,
104 0x80000020, 0x80108020, 0x80108000, 0x80000000,
105 0x80008000, 0x00100000, 0x00000020, 0x80100020,
106 0x00108000, 0x00100020, 0x80008020, 0x00000000,
107 0x80000000, 0x00008000, 0x00108020, 0x80100000,
108 0x00100020, 0x80000020, 0x00000000, 0x00108000,
109 0x00008020, 0x80108000, 0x80100000, 0x00008020,
110 0x00000000, 0x00108020, 0x80100020, 0x00100000,
111 0x80008020, 0x80100000, 0x80108000, 0x00008000,
112 0x80100000, 0x80008000, 0x00000020, 0x80108020,
113 0x00108020, 0x00000020, 0x00008000, 0x80000000,
114 0x00008020, 0x80108000, 0x00100000, 0x80000020,
115 0x00100020, 0x80008020, 0x80000020, 0x00100020,
116 0x00108000, 0x00000000, 0x80008000, 0x00008020,
117 0x80000000, 0x80100020, 0x80108020, 0x00108000
118 };
119
120 static const uint32_t SB3[64] =
121 {
122 0x00000208, 0x08020200, 0x00000000, 0x08020008,
123 0x08000200, 0x00000000, 0x00020208, 0x08000200,
124 0x00020008, 0x08000008, 0x08000008, 0x00020000,
125 0x08020208, 0x00020008, 0x08020000, 0x00000208,
126 0x08000000, 0x00000008, 0x08020200, 0x00000200,
127 0x00020200, 0x08020000, 0x08020008, 0x00020208,
128 0x08000208, 0x00020200, 0x00020000, 0x08000208,
129 0x00000008, 0x08020208, 0x00000200, 0x08000000,
130 0x08020200, 0x08000000, 0x00020008, 0x00000208,
131 0x00020000, 0x08020200, 0x08000200, 0x00000000,
132 0x00000200, 0x00020008, 0x08020208, 0x08000200,
133 0x08000008, 0x00000200, 0x00000000, 0x08020008,
134 0x08000208, 0x00020000, 0x08000000, 0x08020208,
135 0x00000008, 0x00020208, 0x00020200, 0x08000008,
136 0x08020000, 0x08000208, 0x00000208, 0x08020000,
137 0x00020208, 0x00000008, 0x08020008, 0x00020200
138 };
139
140 static const uint32_t SB4[64] =
141 {
142 0x00802001, 0x00002081, 0x00002081, 0x00000080,
143 0x00802080, 0x00800081, 0x00800001, 0x00002001,
144 0x00000000, 0x00802000, 0x00802000, 0x00802081,
145 0x00000081, 0x00000000, 0x00800080, 0x00800001,
146 0x00000001, 0x00002000, 0x00800000, 0x00802001,
147 0x00000080, 0x00800000, 0x00002001, 0x00002080,
148 0x00800081, 0x00000001, 0x00002080, 0x00800080,
149 0x00002000, 0x00802080, 0x00802081, 0x00000081,
150 0x00800080, 0x00800001, 0x00802000, 0x00802081,
151 0x00000081, 0x00000000, 0x00000000, 0x00802000,
152 0x00002080, 0x00800080, 0x00800081, 0x00000001,
153 0x00802001, 0x00002081, 0x00002081, 0x00000080,
154 0x00802081, 0x00000081, 0x00000001, 0x00002000,
155 0x00800001, 0x00002001, 0x00802080, 0x00800081,
156 0x00002001, 0x00002080, 0x00800000, 0x00802001,
157 0x00000080, 0x00800000, 0x00002000, 0x00802080
158 };
159
160 static const uint32_t SB5[64] =
161 {
162 0x00000100, 0x02080100, 0x02080000, 0x42000100,
163 0x00080000, 0x00000100, 0x40000000, 0x02080000,
164 0x40080100, 0x00080000, 0x02000100, 0x40080100,
165 0x42000100, 0x42080000, 0x00080100, 0x40000000,
166 0x02000000, 0x40080000, 0x40080000, 0x00000000,
167 0x40000100, 0x42080100, 0x42080100, 0x02000100,
168 0x42080000, 0x40000100, 0x00000000, 0x42000000,
169 0x02080100, 0x02000000, 0x42000000, 0x00080100,
170 0x00080000, 0x42000100, 0x00000100, 0x02000000,
171 0x40000000, 0x02080000, 0x42000100, 0x40080100,
172 0x02000100, 0x40000000, 0x42080000, 0x02080100,
173 0x40080100, 0x00000100, 0x02000000, 0x42080000,
174 0x42080100, 0x00080100, 0x42000000, 0x42080100,
175 0x02080000, 0x00000000, 0x40080000, 0x42000000,
176 0x00080100, 0x02000100, 0x40000100, 0x00080000,
177 0x00000000, 0x40080000, 0x02080100, 0x40000100
178 };
179
180 static const uint32_t SB6[64] =
181 {
182 0x20000010, 0x20400000, 0x00004000, 0x20404010,
183 0x20400000, 0x00000010, 0x20404010, 0x00400000,
184 0x20004000, 0x00404010, 0x00400000, 0x20000010,
185 0x00400010, 0x20004000, 0x20000000, 0x00004010,
186 0x00000000, 0x00400010, 0x20004010, 0x00004000,
187 0x00404000, 0x20004010, 0x00000010, 0x20400010,
188 0x20400010, 0x00000000, 0x00404010, 0x20404000,
189 0x00004010, 0x00404000, 0x20404000, 0x20000000,
190 0x20004000, 0x00000010, 0x20400010, 0x00404000,
191 0x20404010, 0x00400000, 0x00004010, 0x20000010,
192 0x00400000, 0x20004000, 0x20000000, 0x00004010,
193 0x20000010, 0x20404010, 0x00404000, 0x20400000,
194 0x00404010, 0x20404000, 0x00000000, 0x20400010,
195 0x00000010, 0x00004000, 0x20400000, 0x00404010,
196 0x00004000, 0x00400010, 0x20004010, 0x00000000,
197 0x20404000, 0x20000000, 0x00400010, 0x20004010
198 };
199
200 static const uint32_t SB7[64] =
201 {
202 0x00200000, 0x04200002, 0x04000802, 0x00000000,
203 0x00000800, 0x04000802, 0x00200802, 0x04200800,
204 0x04200802, 0x00200000, 0x00000000, 0x04000002,
205 0x00000002, 0x04000000, 0x04200002, 0x00000802,
206 0x04000800, 0x00200802, 0x00200002, 0x04000800,
207 0x04000002, 0x04200000, 0x04200800, 0x00200002,
208 0x04200000, 0x00000800, 0x00000802, 0x04200802,
209 0x00200800, 0x00000002, 0x04000000, 0x00200800,
210 0x04000000, 0x00200800, 0x00200000, 0x04000802,
211 0x04000802, 0x04200002, 0x04200002, 0x00000002,
212 0x00200002, 0x04000000, 0x04000800, 0x00200000,
213 0x04200800, 0x00000802, 0x00200802, 0x04200800,
214 0x00000802, 0x04000002, 0x04200802, 0x04200000,
215 0x00200800, 0x00000000, 0x00000002, 0x04200802,
216 0x00000000, 0x00200802, 0x04200000, 0x00000800,
217 0x04000002, 0x04000800, 0x00000800, 0x00200002
218 };
219
220 static const uint32_t SB8[64] =
221 {
222 0x10001040, 0x00001000, 0x00040000, 0x10041040,
223 0x10000000, 0x10001040, 0x00000040, 0x10000000,
224 0x00040040, 0x10040000, 0x10041040, 0x00041000,
225 0x10041000, 0x00041040, 0x00001000, 0x00000040,
226 0x10040000, 0x10000040, 0x10001000, 0x00001040,
227 0x00041000, 0x00040040, 0x10040040, 0x10041000,
228 0x00001040, 0x00000000, 0x00000000, 0x10040040,
229 0x10000040, 0x10001000, 0x00041040, 0x00040000,
230 0x00041040, 0x00040000, 0x10041000, 0x00001000,
231 0x00000040, 0x10040040, 0x00001000, 0x00041040,
232 0x10001000, 0x00000040, 0x10000040, 0x10040000,
233 0x10040040, 0x10000000, 0x00040000, 0x10001040,
234 0x00000000, 0x10041040, 0x00040040, 0x10000040,
235 0x10040000, 0x10001000, 0x10001040, 0x00000000,
236 0x10041040, 0x00041000, 0x00041000, 0x00001040,
237 0x00001040, 0x00040040, 0x10000000, 0x10041000
238 };
239
240 /*
241 * PC1: left and right halves bit-swap
242 */
243 static const uint32_t LHs[16] =
244 {
245 0x00000000, 0x00000001, 0x00000100, 0x00000101,
246 0x00010000, 0x00010001, 0x00010100, 0x00010101,
247 0x01000000, 0x01000001, 0x01000100, 0x01000101,
248 0x01010000, 0x01010001, 0x01010100, 0x01010101
249 };
250
251 static const uint32_t RHs[16] =
252 {
253 0x00000000, 0x01000000, 0x00010000, 0x01010000,
254 0x00000100, 0x01000100, 0x00010100, 0x01010100,
255 0x00000001, 0x01000001, 0x00010001, 0x01010001,
256 0x00000101, 0x01000101, 0x00010101, 0x01010101,
257 };
258
259 /*
260 * Initial Permutation macro
261 */
262 #define DES_IP(X,Y) \
263 { \
264 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
265 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
266 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
267 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
269 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
270 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
271 }
272
273 /*
274 * Final Permutation macro
275 */
276 #define DES_FP(X,Y) \
277 { \
278 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
279 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
280 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
281 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
282 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
283 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
284 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
285 }
286
287 /*
288 * DES round macro
289 */
290 #define DES_ROUND(X,Y) \
291 { \
292 T = *SK++ ^ X; \
293 Y ^= SB8[ (T ) & 0x3F ] ^ \
294 SB6[ (T >> 8) & 0x3F ] ^ \
295 SB4[ (T >> 16) & 0x3F ] ^ \
296 SB2[ (T >> 24) & 0x3F ]; \
297 \
298 T = *SK++ ^ ((X << 28) | (X >> 4)); \
299 Y ^= SB7[ (T ) & 0x3F ] ^ \
300 SB5[ (T >> 8) & 0x3F ] ^ \
301 SB3[ (T >> 16) & 0x3F ] ^ \
302 SB1[ (T >> 24) & 0x3F ]; \
303 }
304
305 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
306
307 void mbedtls_des_init( mbedtls_des_context *ctx )
308 {
309 memset( ctx, 0, sizeof( mbedtls_des_context ) );
310 }
311
312 void mbedtls_des_free( mbedtls_des_context *ctx )
313 {
314 if( ctx == NULL )
315 return;
316
317 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
318 }
319
320 void mbedtls_des3_init( mbedtls_des3_context *ctx )
321 {
322 memset( ctx, 0, sizeof( mbedtls_des3_context ) );
323 }
324
325 void mbedtls_des3_free( mbedtls_des3_context *ctx )
326 {
327 if( ctx == NULL )
328 return;
329
330 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
331 }
332
333 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
334 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
335 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
336 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
337 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
338 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
339 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
340 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
341 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
342 254 };
343
344 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
345 {
346 int i;
347
348 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
349 key[i] = odd_parity_table[key[i] / 2];
350 }
351
352 /*
353 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
354 */
355 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
356 {
357 int i;
358
359 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
360 if( key[i] != odd_parity_table[key[i] / 2] )
361 return( 1 );
362
363 return( 0 );
364 }
365
366 /*
367 * Table of weak and semi-weak keys
368 *
369 * Source: http://en.wikipedia.org/wiki/Weak_key
370 *
371 * Weak:
372 * Alternating ones + zeros (0x0101010101010101)
373 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
374 * '0xE0E0E0E0F1F1F1F1'
375 * '0x1F1F1F1F0E0E0E0E'
376 *
377 * Semi-weak:
378 * 0x011F011F010E010E and 0x1F011F010E010E01
379 * 0x01E001E001F101F1 and 0xE001E001F101F101
380 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
381 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
382 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
383 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
384 *
385 */
386
387 #define WEAK_KEY_COUNT 16
388
389 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
390 {
391 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
392 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
393 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
394 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
395
396 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
397 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
398 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
399 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
400 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
401 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
402 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
403 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
404 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
405 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
406 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
407 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
408 };
409
410 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
411 {
412 int i;
413
414 for( i = 0; i < WEAK_KEY_COUNT; i++ )
415 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
416 return( 1 );
417
418 return( 0 );
419 }
420
421 #if !defined(MBEDTLS_DES_SETKEY_ALT)
422 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
423 {
424 int i;
425 uint32_t X, Y, T;
426
427 GET_UINT32_BE( X, key, 0 );
428 GET_UINT32_BE( Y, key, 4 );
429
430 /*
431 * Permuted Choice 1
432 */
433 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
434 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
435
436 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
437 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
438 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
439 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
440
441 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
442 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
443 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
444 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
445
446 X &= 0x0FFFFFFF;
447 Y &= 0x0FFFFFFF;
448
449 /*
450 * calculate subkeys
451 */
452 for( i = 0; i < 16; i++ )
453 {
454 if( i < 2 || i == 8 || i == 15 )
455 {
456 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
457 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
458 }
459 else
460 {
461 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
462 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
463 }
464
465 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
466 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
467 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
468 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
469 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
470 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
471 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
472 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
473 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
474 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
475 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
476
477 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
478 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
479 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
480 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
481 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
482 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
483 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
484 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
485 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
486 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
487 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
488 }
489 }
490 #endif /* !MBEDTLS_DES_SETKEY_ALT */
491
492 /*
493 * DES key schedule (56-bit, encryption)
494 */
495 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
496 {
497 mbedtls_des_setkey( ctx->sk, key );
498
499 return( 0 );
500 }
501
502 /*
503 * DES key schedule (56-bit, decryption)
504 */
505 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
506 {
507 int i;
508
509 mbedtls_des_setkey( ctx->sk, key );
510
511 for( i = 0; i < 16; i += 2 )
512 {
513 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
514 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
515 }
516
517 return( 0 );
518 }
519
520 static void des3_set2key( uint32_t esk[96],
521 uint32_t dsk[96],
522 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
523 {
524 int i;
525
526 mbedtls_des_setkey( esk, key );
527 mbedtls_des_setkey( dsk + 32, key + 8 );
528
529 for( i = 0; i < 32; i += 2 )
530 {
531 dsk[i ] = esk[30 - i];
532 dsk[i + 1] = esk[31 - i];
533
534 esk[i + 32] = dsk[62 - i];
535 esk[i + 33] = dsk[63 - i];
536
537 esk[i + 64] = esk[i ];
538 esk[i + 65] = esk[i + 1];
539
540 dsk[i + 64] = dsk[i ];
541 dsk[i + 65] = dsk[i + 1];
542 }
543 }
544
545 /*
546 * Triple-DES key schedule (112-bit, encryption)
547 */
548 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
549 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
550 {
551 uint32_t sk[96];
552
553 des3_set2key( ctx->sk, sk, key );
554 mbedtls_platform_zeroize( sk, sizeof( sk ) );
555
556 return( 0 );
557 }
558
559 /*
560 * Triple-DES key schedule (112-bit, decryption)
561 */
562 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
563 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
564 {
565 uint32_t sk[96];
566
567 des3_set2key( sk, ctx->sk, key );
568 mbedtls_platform_zeroize( sk, sizeof( sk ) );
569
570 return( 0 );
571 }
572
573 static void des3_set3key( uint32_t esk[96],
574 uint32_t dsk[96],
575 const unsigned char key[24] )
576 {
577 int i;
578
579 mbedtls_des_setkey( esk, key );
580 mbedtls_des_setkey( dsk + 32, key + 8 );
581 mbedtls_des_setkey( esk + 64, key + 16 );
582
583 for( i = 0; i < 32; i += 2 )
584 {
585 dsk[i ] = esk[94 - i];
586 dsk[i + 1] = esk[95 - i];
587
588 esk[i + 32] = dsk[62 - i];
589 esk[i + 33] = dsk[63 - i];
590
591 dsk[i + 64] = esk[30 - i];
592 dsk[i + 65] = esk[31 - i];
593 }
594 }
595
596 /*
597 * Triple-DES key schedule (168-bit, encryption)
598 */
599 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
600 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
601 {
602 uint32_t sk[96];
603
604 des3_set3key( ctx->sk, sk, key );
605 mbedtls_platform_zeroize( sk, sizeof( sk ) );
606
607 return( 0 );
608 }
609
610 /*
611 * Triple-DES key schedule (168-bit, decryption)
612 */
613 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
614 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
615 {
616 uint32_t sk[96];
617
618 des3_set3key( sk, ctx->sk, key );
619 mbedtls_platform_zeroize( sk, sizeof( sk ) );
620
621 return( 0 );
622 }
623
624 /*
625 * DES-ECB block encryption/decryption
626 */
627 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
628 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
629 const unsigned char input[8],
630 unsigned char output[8] )
631 {
632 int i;
633 uint32_t X, Y, T, *SK;
634
635 SK = ctx->sk;
636
637 GET_UINT32_BE( X, input, 0 );
638 GET_UINT32_BE( Y, input, 4 );
639
640 DES_IP( X, Y );
641
642 for( i = 0; i < 8; i++ )
643 {
644 DES_ROUND( Y, X );
645 DES_ROUND( X, Y );
646 }
647
648 DES_FP( Y, X );
649
650 PUT_UINT32_BE( Y, output, 0 );
651 PUT_UINT32_BE( X, output, 4 );
652
653 return( 0 );
654 }
655 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
656
657 #if defined(MBEDTLS_CIPHER_MODE_CBC)
658 /*
659 * DES-CBC buffer encryption/decryption
660 */
661 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
662 int mode,
663 size_t length,
664 unsigned char iv[8],
665 const unsigned char *input,
666 unsigned char *output )
667 {
668 int i;
669 unsigned char temp[8];
670
671 if( length % 8 )
672 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
673
674 if( mode == MBEDTLS_DES_ENCRYPT )
675 {
676 while( length > 0 )
677 {
678 for( i = 0; i < 8; i++ )
679 output[i] = (unsigned char)( input[i] ^ iv[i] );
680
681 mbedtls_des_crypt_ecb( ctx, output, output );
682 memcpy( iv, output, 8 );
683
684 input += 8;
685 output += 8;
686 length -= 8;
687 }
688 }
689 else /* MBEDTLS_DES_DECRYPT */
690 {
691 while( length > 0 )
692 {
693 memcpy( temp, input, 8 );
694 mbedtls_des_crypt_ecb( ctx, input, output );
695
696 for( i = 0; i < 8; i++ )
697 output[i] = (unsigned char)( output[i] ^ iv[i] );
698
699 memcpy( iv, temp, 8 );
700
701 input += 8;
702 output += 8;
703 length -= 8;
704 }
705 }
706
707 return( 0 );
708 }
709 #endif /* MBEDTLS_CIPHER_MODE_CBC */
710
711 /*
712 * 3DES-ECB block encryption/decryption
713 */
714 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
715 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
716 const unsigned char input[8],
717 unsigned char output[8] )
718 {
719 int i;
720 uint32_t X, Y, T, *SK;
721
722 SK = ctx->sk;
723
724 GET_UINT32_BE( X, input, 0 );
725 GET_UINT32_BE( Y, input, 4 );
726
727 DES_IP( X, Y );
728
729 for( i = 0; i < 8; i++ )
730 {
731 DES_ROUND( Y, X );
732 DES_ROUND( X, Y );
733 }
734
735 for( i = 0; i < 8; i++ )
736 {
737 DES_ROUND( X, Y );
738 DES_ROUND( Y, X );
739 }
740
741 for( i = 0; i < 8; i++ )
742 {
743 DES_ROUND( Y, X );
744 DES_ROUND( X, Y );
745 }
746
747 DES_FP( Y, X );
748
749 PUT_UINT32_BE( Y, output, 0 );
750 PUT_UINT32_BE( X, output, 4 );
751
752 return( 0 );
753 }
754 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
755
756 #if defined(MBEDTLS_CIPHER_MODE_CBC)
757 /*
758 * 3DES-CBC buffer encryption/decryption
759 */
760 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
761 int mode,
762 size_t length,
763 unsigned char iv[8],
764 const unsigned char *input,
765 unsigned char *output )
766 {
767 int i;
768 unsigned char temp[8];
769
770 if( length % 8 )
771 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
772
773 if( mode == MBEDTLS_DES_ENCRYPT )
774 {
775 while( length > 0 )
776 {
777 for( i = 0; i < 8; i++ )
778 output[i] = (unsigned char)( input[i] ^ iv[i] );
779
780 mbedtls_des3_crypt_ecb( ctx, output, output );
781 memcpy( iv, output, 8 );
782
783 input += 8;
784 output += 8;
785 length -= 8;
786 }
787 }
788 else /* MBEDTLS_DES_DECRYPT */
789 {
790 while( length > 0 )
791 {
792 memcpy( temp, input, 8 );
793 mbedtls_des3_crypt_ecb( ctx, input, output );
794
795 for( i = 0; i < 8; i++ )
796 output[i] = (unsigned char)( output[i] ^ iv[i] );
797
798 memcpy( iv, temp, 8 );
799
800 input += 8;
801 output += 8;
802 length -= 8;
803 }
804 }
805
806 return( 0 );
807 }
808 #endif /* MBEDTLS_CIPHER_MODE_CBC */
809
810 #endif /* !MBEDTLS_DES_ALT */
811
812 #if defined(MBEDTLS_SELF_TEST)
813 /*
814 * DES and 3DES test vectors from:
815 *
816 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
817 */
818 static const unsigned char des3_test_keys[24] =
819 {
820 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
821 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
822 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
823 };
824
825 static const unsigned char des3_test_buf[8] =
826 {
827 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
828 };
829
830 static const unsigned char des3_test_ecb_dec[3][8] =
831 {
832 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
833 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
834 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
835 };
836
837 static const unsigned char des3_test_ecb_enc[3][8] =
838 {
839 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
840 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
841 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
842 };
843
844 #if defined(MBEDTLS_CIPHER_MODE_CBC)
845 static const unsigned char des3_test_iv[8] =
846 {
847 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
848 };
849
850 static const unsigned char des3_test_cbc_dec[3][8] =
851 {
852 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
853 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
854 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
855 };
856
857 static const unsigned char des3_test_cbc_enc[3][8] =
858 {
859 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
860 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
861 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
862 };
863 #endif /* MBEDTLS_CIPHER_MODE_CBC */
864
865 /*
866 * Checkup routine
867 */
868 int mbedtls_des_self_test( int verbose )
869 {
870 int i, j, u, v, ret = 0;
871 mbedtls_des_context ctx;
872 mbedtls_des3_context ctx3;
873 unsigned char buf[8];
874 #if defined(MBEDTLS_CIPHER_MODE_CBC)
875 unsigned char prv[8];
876 unsigned char iv[8];
877 #endif
878
879 mbedtls_des_init( &ctx );
880 mbedtls_des3_init( &ctx3 );
881 /*
882 * ECB mode
883 */
884 for( i = 0; i < 6; i++ )
885 {
886 u = i >> 1;
887 v = i & 1;
888
889 if( verbose != 0 )
890 mbedtls_printf( " DES%c-ECB-%3d (%s): ",
891 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
892 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
893
894 memcpy( buf, des3_test_buf, 8 );
895
896 switch( i )
897 {
898 case 0:
899 mbedtls_des_setkey_dec( &ctx, des3_test_keys );
900 break;
901
902 case 1:
903 mbedtls_des_setkey_enc( &ctx, des3_test_keys );
904 break;
905
906 case 2:
907 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
908 break;
909
910 case 3:
911 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
912 break;
913
914 case 4:
915 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
916 break;
917
918 case 5:
919 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
920 break;
921
922 default:
923 return( 1 );
924 }
925
926 for( j = 0; j < 10000; j++ )
927 {
928 if( u == 0 )
929 mbedtls_des_crypt_ecb( &ctx, buf, buf );
930 else
931 mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
932 }
933
934 if( ( v == MBEDTLS_DES_DECRYPT &&
935 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
936 ( v != MBEDTLS_DES_DECRYPT &&
937 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
938 {
939 if( verbose != 0 )
940 mbedtls_printf( "failed\n" );
941
942 ret = 1;
943 goto exit;
944 }
945
946 if( verbose != 0 )
947 mbedtls_printf( "passed\n" );
948 }
949
950 if( verbose != 0 )
951 mbedtls_printf( "\n" );
952
953 #if defined(MBEDTLS_CIPHER_MODE_CBC)
954 /*
955 * CBC mode
956 */
957 for( i = 0; i < 6; i++ )
958 {
959 u = i >> 1;
960 v = i & 1;
961
962 if( verbose != 0 )
963 mbedtls_printf( " DES%c-CBC-%3d (%s): ",
964 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
965 ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
966
967 memcpy( iv, des3_test_iv, 8 );
968 memcpy( prv, des3_test_iv, 8 );
969 memcpy( buf, des3_test_buf, 8 );
970
971 switch( i )
972 {
973 case 0:
974 mbedtls_des_setkey_dec( &ctx, des3_test_keys );
975 break;
976
977 case 1:
978 mbedtls_des_setkey_enc( &ctx, des3_test_keys );
979 break;
980
981 case 2:
982 mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
983 break;
984
985 case 3:
986 mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
987 break;
988
989 case 4:
990 mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
991 break;
992
993 case 5:
994 mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
995 break;
996
997 default:
998 return( 1 );
999 }
1000
1001 if( v == MBEDTLS_DES_DECRYPT )
1002 {
1003 for( j = 0; j < 10000; j++ )
1004 {
1005 if( u == 0 )
1006 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1007 else
1008 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1009 }
1010 }
1011 else
1012 {
1013 for( j = 0; j < 10000; j++ )
1014 {
1015 unsigned char tmp[8];
1016
1017 if( u == 0 )
1018 mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1019 else
1020 mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1021
1022 memcpy( tmp, prv, 8 );
1023 memcpy( prv, buf, 8 );
1024 memcpy( buf, tmp, 8 );
1025 }
1026
1027 memcpy( buf, prv, 8 );
1028 }
1029
1030 if( ( v == MBEDTLS_DES_DECRYPT &&
1031 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
1032 ( v != MBEDTLS_DES_DECRYPT &&
1033 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
1034 {
1035 if( verbose != 0 )
1036 mbedtls_printf( "failed\n" );
1037
1038 ret = 1;
1039 goto exit;
1040 }
1041
1042 if( verbose != 0 )
1043 mbedtls_printf( "passed\n" );
1044 }
1045 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1046
1047 if( verbose != 0 )
1048 mbedtls_printf( "\n" );
1049
1050 exit:
1051 mbedtls_des_free( &ctx );
1052 mbedtls_des3_free( &ctx3 );
1053
1054 return( ret );
1055 }
1056
1057 #endif /* MBEDTLS_SELF_TEST */
1058
1059 #endif /* MBEDTLS_DES_C */
Impressum, Datenschutz