1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * DES, on which TDES is based, was originally designed by Horst Feistel
23 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
24 *
25 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
26 */
27
28 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include "mbedtls/config.h"
30 #else
31 #include MBEDTLS_CONFIG_FILE
32 #endif
33
34 #if defined(MBEDTLS_DES_C)
35
36 #include "mbedtls/des.h"
37
38 #include <string.h>
39
40 #if !defined(MBEDTLS_DES_ALT)
41
42 #include "arc4_alt.h"
43
44 /*
45 * 32-bit integer manipulation macros (big endian)
46 */
47 #ifndef GET_UINT32_BE
48 #define GET_UINT32_BE(n,b,i) \
49 { \
50 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
51 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
52 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
53 | ( (uint32_t) (b)[(i) + 3] ); \
54 }
55 #endif
56
57 #ifndef PUT_UINT32_BE
58 #define PUT_UINT32_BE(n,b,i) \
59 { \
60 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
61 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
62 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
63 (b)[(i) + 3] = (unsigned char) ( (n) ); \
64 }
65 #endif
66
67 /*
68 * Expanded DES S-boxes
69 */
70 static const uint32_t SB1[64] =
71 {
72 0x01010400, 0x00000000, 0x00010000, 0x01010404,
73 0x01010004, 0x00010404, 0x00000004, 0x00010000,
74 0x00000400, 0x01010400, 0x01010404, 0x00000400,
75 0x01000404, 0x01010004, 0x01000000, 0x00000004,
76 0x00000404, 0x01000400, 0x01000400, 0x00010400,
77 0x00010400, 0x01010000, 0x01010000, 0x01000404,
78 0x00010004, 0x01000004, 0x01000004, 0x00010004,
79 0x00000000, 0x00000404, 0x00010404, 0x01000000,
80 0x00010000, 0x01010404, 0x00000004, 0x01010000,
81 0x01010400, 0x01000000, 0x01000000, 0x00000400,
82 0x01010004, 0x00010000, 0x00010400, 0x01000004,
83 0x00000400, 0x00000004, 0x01000404, 0x00010404,
84 0x01010404, 0x00010004, 0x01010000, 0x01000404,
85 0x01000004, 0x00000404, 0x00010404, 0x01010400,
86 0x00000404, 0x01000400, 0x01000400, 0x00000000,
87 0x00010004, 0x00010400, 0x00000000, 0x01010004
88 };
89
90 static const uint32_t SB2[64] =
91 {
92 0x80108020, 0x80008000, 0x00008000, 0x00108020,
93 0x00100000, 0x00000020, 0x80100020, 0x80008020,
94 0x80000020, 0x80108020, 0x80108000, 0x80000000,
95 0x80008000, 0x00100000, 0x00000020, 0x80100020,
96 0x00108000, 0x00100020, 0x80008020, 0x00000000,
97 0x80000000, 0x00008000, 0x00108020, 0x80100000,
98 0x00100020, 0x80000020, 0x00000000, 0x00108000,
99 0x00008020, 0x80108000, 0x80100000, 0x00008020,
100 0x00000000, 0x00108020, 0x80100020, 0x00100000,
101 0x80008020, 0x80100000, 0x80108000, 0x00008000,
102 0x80100000, 0x80008000, 0x00000020, 0x80108020,
103 0x00108020, 0x00000020, 0x00008000, 0x80000000,
104 0x00008020, 0x80108000, 0x00100000, 0x80000020,
105 0x00100020, 0x80008020, 0x80000020, 0x00100020,
106 0x00108000, 0x00000000, 0x80008000, 0x00008020,
107 0x80000000, 0x80100020, 0x80108020, 0x00108000
108 };
109
110 static const uint32_t SB3[64] =
111 {
112 0x00000208, 0x08020200, 0x00000000, 0x08020008,
113 0x08000200, 0x00000000, 0x00020208, 0x08000200,
114 0x00020008, 0x08000008, 0x08000008, 0x00020000,
115 0x08020208, 0x00020008, 0x08020000, 0x00000208,
116 0x08000000, 0x00000008, 0x08020200, 0x00000200,
117 0x00020200, 0x08020000, 0x08020008, 0x00020208,
118 0x08000208, 0x00020200, 0x00020000, 0x08000208,
119 0x00000008, 0x08020208, 0x00000200, 0x08000000,
120 0x08020200, 0x08000000, 0x00020008, 0x00000208,
121 0x00020000, 0x08020200, 0x08000200, 0x00000000,
122 0x00000200, 0x00020008, 0x08020208, 0x08000200,
123 0x08000008, 0x00000200, 0x00000000, 0x08020008,
124 0x08000208, 0x00020000, 0x08000000, 0x08020208,
125 0x00000008, 0x00020208, 0x00020200, 0x08000008,
126 0x08020000, 0x08000208, 0x00000208, 0x08020000,
127 0x00020208, 0x00000008, 0x08020008, 0x00020200
128 };
129
130 static const uint32_t SB4[64] =
131 {
132 0x00802001, 0x00002081, 0x00002081, 0x00000080,
133 0x00802080, 0x00800081, 0x00800001, 0x00002001,
134 0x00000000, 0x00802000, 0x00802000, 0x00802081,
135 0x00000081, 0x00000000, 0x00800080, 0x00800001,
136 0x00000001, 0x00002000, 0x00800000, 0x00802001,
137 0x00000080, 0x00800000, 0x00002001, 0x00002080,
138 0x00800081, 0x00000001, 0x00002080, 0x00800080,
139 0x00002000, 0x00802080, 0x00802081, 0x00000081,
140 0x00800080, 0x00800001, 0x00802000, 0x00802081,
141 0x00000081, 0x00000000, 0x00000000, 0x00802000,
142 0x00002080, 0x00800080, 0x00800081, 0x00000001,
143 0x00802001, 0x00002081, 0x00002081, 0x00000080,
144 0x00802081, 0x00000081, 0x00000001, 0x00002000,
145 0x00800001, 0x00002001, 0x00802080, 0x00800081,
146 0x00002001, 0x00002080, 0x00800000, 0x00802001,
147 0x00000080, 0x00800000, 0x00002000, 0x00802080
148 };
149
150 static const uint32_t SB5[64] =
151 {
152 0x00000100, 0x02080100, 0x02080000, 0x42000100,
153 0x00080000, 0x00000100, 0x40000000, 0x02080000,
154 0x40080100, 0x00080000, 0x02000100, 0x40080100,
155 0x42000100, 0x42080000, 0x00080100, 0x40000000,
156 0x02000000, 0x40080000, 0x40080000, 0x00000000,
157 0x40000100, 0x42080100, 0x42080100, 0x02000100,
158 0x42080000, 0x40000100, 0x00000000, 0x42000000,
159 0x02080100, 0x02000000, 0x42000000, 0x00080100,
160 0x00080000, 0x42000100, 0x00000100, 0x02000000,
161 0x40000000, 0x02080000, 0x42000100, 0x40080100,
162 0x02000100, 0x40000000, 0x42080000, 0x02080100,
163 0x40080100, 0x00000100, 0x02000000, 0x42080000,
164 0x42080100, 0x00080100, 0x42000000, 0x42080100,
165 0x02080000, 0x00000000, 0x40080000, 0x42000000,
166 0x00080100, 0x02000100, 0x40000100, 0x00080000,
167 0x00000000, 0x40080000, 0x02080100, 0x40000100
168 };
169
170 static const uint32_t SB6[64] =
171 {
172 0x20000010, 0x20400000, 0x00004000, 0x20404010,
173 0x20400000, 0x00000010, 0x20404010, 0x00400000,
174 0x20004000, 0x00404010, 0x00400000, 0x20000010,
175 0x00400010, 0x20004000, 0x20000000, 0x00004010,
176 0x00000000, 0x00400010, 0x20004010, 0x00004000,
177 0x00404000, 0x20004010, 0x00000010, 0x20400010,
178 0x20400010, 0x00000000, 0x00404010, 0x20404000,
179 0x00004010, 0x00404000, 0x20404000, 0x20000000,
180 0x20004000, 0x00000010, 0x20400010, 0x00404000,
181 0x20404010, 0x00400000, 0x00004010, 0x20000010,
182 0x00400000, 0x20004000, 0x20000000, 0x00004010,
183 0x20000010, 0x20404010, 0x00404000, 0x20400000,
184 0x00404010, 0x20404000, 0x00000000, 0x20400010,
185 0x00000010, 0x00004000, 0x20400000, 0x00404010,
186 0x00004000, 0x00400010, 0x20004010, 0x00000000,
187 0x20404000, 0x20000000, 0x00400010, 0x20004010
188 };
189
190 static const uint32_t SB7[64] =
191 {
192 0x00200000, 0x04200002, 0x04000802, 0x00000000,
193 0x00000800, 0x04000802, 0x00200802, 0x04200800,
194 0x04200802, 0x00200000, 0x00000000, 0x04000002,
195 0x00000002, 0x04000000, 0x04200002, 0x00000802,
196 0x04000800, 0x00200802, 0x00200002, 0x04000800,
197 0x04000002, 0x04200000, 0x04200800, 0x00200002,
198 0x04200000, 0x00000800, 0x00000802, 0x04200802,
199 0x00200800, 0x00000002, 0x04000000, 0x00200800,
200 0x04000000, 0x00200800, 0x00200000, 0x04000802,
201 0x04000802, 0x04200002, 0x04200002, 0x00000002,
202 0x00200002, 0x04000000, 0x04000800, 0x00200000,
203 0x04200800, 0x00000802, 0x00200802, 0x04200800,
204 0x00000802, 0x04000002, 0x04200802, 0x04200000,
205 0x00200800, 0x00000000, 0x00000002, 0x04200802,
206 0x00000000, 0x00200802, 0x04200000, 0x00000800,
207 0x04000002, 0x04000800, 0x00000800, 0x00200002
208 };
209
210 static const uint32_t SB8[64] =
211 {
212 0x10001040, 0x00001000, 0x00040000, 0x10041040,
213 0x10000000, 0x10001040, 0x00000040, 0x10000000,
214 0x00040040, 0x10040000, 0x10041040, 0x00041000,
215 0x10041000, 0x00041040, 0x00001000, 0x00000040,
216 0x10040000, 0x10000040, 0x10001000, 0x00001040,
217 0x00041000, 0x00040040, 0x10040040, 0x10041000,
218 0x00001040, 0x00000000, 0x00000000, 0x10040040,
219 0x10000040, 0x10001000, 0x00041040, 0x00040000,
220 0x00041040, 0x00040000, 0x10041000, 0x00001000,
221 0x00000040, 0x10040040, 0x00001000, 0x00041040,
222 0x10001000, 0x00000040, 0x10000040, 0x10040000,
223 0x10040040, 0x10000000, 0x00040000, 0x10001040,
224 0x00000000, 0x10041040, 0x00040040, 0x10000040,
225 0x10040000, 0x10001000, 0x10001040, 0x00000000,
226 0x10041040, 0x00041000, 0x00041000, 0x00001040,
227 0x00001040, 0x00040040, 0x10000000, 0x10041000
228 };
229
230 /*
231 * PC1: left and right halves bit-swap
232 */
233 static const uint32_t LHs[16] =
234 {
235 0x00000000, 0x00000001, 0x00000100, 0x00000101,
236 0x00010000, 0x00010001, 0x00010100, 0x00010101,
237 0x01000000, 0x01000001, 0x01000100, 0x01000101,
238 0x01010000, 0x01010001, 0x01010100, 0x01010101
239 };
240
241 static const uint32_t RHs[16] =
242 {
243 0x00000000, 0x01000000, 0x00010000, 0x01010000,
244 0x00000100, 0x01000100, 0x00010100, 0x01010100,
245 0x00000001, 0x01000001, 0x00010001, 0x01010001,
246 0x00000101, 0x01000101, 0x00010101, 0x01010101,
247 };
248
249 /*
250 * Initial Permutation macro
251 */
252 #define DES_IP(X,Y) \
253 { \
254 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
255 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
256 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
257 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
258 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
259 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
260 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
261 }
262
263 /*
264 * Final Permutation macro
265 */
266 #define DES_FP(X,Y) \
267 { \
268 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
269 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
270 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
271 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
272 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
273 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
274 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
275 }
276
277 /*
278 * DES round macro
279 */
280 #define DES_ROUND(X,Y) \
281 { \
282 T = *SK++ ^ X; \
283 Y ^= SB8[ (T ) & 0x3F ] ^ \
284 SB6[ (T >> 8) & 0x3F ] ^ \
285 SB4[ (T >> 16) & 0x3F ] ^ \
286 SB2[ (T >> 24) & 0x3F ]; \
287 \
288 T = *SK++ ^ ((X << 28) | (X >> 4)); \
289 Y ^= SB7[ (T ) & 0x3F ] ^ \
290 SB5[ (T >> 8) & 0x3F ] ^ \
291 SB3[ (T >> 16) & 0x3F ] ^ \
292 SB1[ (T >> 24) & 0x3F ]; \
293 }
294
295 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
296
mbedtls_des_init(mbedtls_des_context * ctx)297 void mbedtls_des_init( mbedtls_des_context *ctx )
298 {
299 memset( ctx, 0, sizeof( mbedtls_des_context ) );
300 }
301
mbedtls_des_free(mbedtls_des_context * ctx)302 void mbedtls_des_free( mbedtls_des_context *ctx )
303 {
304 if( ctx == NULL )
305 return;
306
307 mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
308 }
309
mbedtls_des3_init(mbedtls_des3_context * ctx)310 void mbedtls_des3_init( mbedtls_des3_context *ctx )
311 {
312 memset( ctx, 0, sizeof( mbedtls_des3_context ) );
313 }
314
mbedtls_des3_free(mbedtls_des3_context * ctx)315 void mbedtls_des3_free( mbedtls_des3_context *ctx )
316 {
317 if( ctx == NULL )
318 return;
319
320 mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
321 }
322
323 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
324 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
325 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
326 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
327 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
328 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
329 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
330 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
331 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
332 254 };
333
mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])334 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
335 {
336 int i;
337
338 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
339 key[i] = odd_parity_table[key[i] / 2];
340 }
341
342 /*
343 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
344 */
mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])345 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
346 {
347 int i;
348
349 for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
350 if( key[i] != odd_parity_table[key[i] / 2] )
351 return( 1 );
352
353 return( 0 );
354 }
355
356 /*
357 * Table of weak and semi-weak keys
358 *
359 * Source: http://en.wikipedia.org/wiki/Weak_key
360 *
361 * Weak:
362 * Alternating ones + zeros (0x0101010101010101)
363 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
364 * '0xE0E0E0E0F1F1F1F1'
365 * '0x1F1F1F1F0E0E0E0E'
366 *
367 * Semi-weak:
368 * 0x011F011F010E010E and 0x1F011F010E010E01
369 * 0x01E001E001F101F1 and 0xE001E001F101F101
370 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
371 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
372 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
373 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
374 *
375 */
376
377 #define WEAK_KEY_COUNT 16
378
379 static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
380 {
381 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
382 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
383 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
384 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
385
386 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
387 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
388 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
389 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
390 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
391 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
392 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
393 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
394 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
395 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
396 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
397 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
398 };
399
mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])400 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
401 {
402 int i;
403
404 for( i = 0; i < WEAK_KEY_COUNT; i++ )
405 if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
406 return( 1 );
407
408 return( 0 );
409 }
410
411 #if !defined(MBEDTLS_DES_SETKEY_ALT)
mbedtls_des_setkey(uint32_t SK[32],const unsigned char key[MBEDTLS_DES_KEY_SIZE])412 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
413 {
414 int i;
415 uint32_t X, Y, T;
416
417 GET_UINT32_BE( X, key, 0 );
418 GET_UINT32_BE( Y, key, 4 );
419
420 /*
421 * Permuted Choice 1
422 */
423 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
424 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
425
426 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
427 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
428 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
429 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
430
431 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
432 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
433 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
434 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
435
436 X &= 0x0FFFFFFF;
437 Y &= 0x0FFFFFFF;
438
439 /*
440 * calculate subkeys
441 */
442 for( i = 0; i < 16; i++ )
443 {
444 if( i < 2 || i == 8 || i == 15 )
445 {
446 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
447 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
448 }
449 else
450 {
451 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
452 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
453 }
454
455 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
456 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
457 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
458 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
459 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
460 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
461 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
462 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
463 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
464 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
465 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
466
467 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
468 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
469 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
470 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
471 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
472 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
473 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
474 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
475 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
476 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
477 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
478 }
479 }
480 #endif /* !MBEDTLS_DES_SETKEY_ALT */
481
482 /*
483 * DES key schedule (56-bit, encryption)
484 */
mbedtls_des_setkey_enc(mbedtls_des_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE])485 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
486 {
487 mbedtls_des_setkey( ctx->sk, key );
488
489 return( 0 );
490 }
491
492 /*
493 * DES key schedule (56-bit, decryption)
494 */
mbedtls_des_setkey_dec(mbedtls_des_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE])495 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
496 {
497 int i;
498
499 mbedtls_des_setkey( ctx->sk, key );
500
501 for( i = 0; i < 16; i += 2 )
502 {
503 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
504 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
505 }
506
507 return( 0 );
508 }
509
des3_set2key(uint32_t esk[96],uint32_t dsk[96],const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])510 static void des3_set2key( uint32_t esk[96],
511 uint32_t dsk[96],
512 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
513 {
514 int i;
515
516 mbedtls_des_setkey( esk, key );
517 mbedtls_des_setkey( dsk + 32, key + 8 );
518
519 for( i = 0; i < 32; i += 2 )
520 {
521 dsk[i ] = esk[30 - i];
522 dsk[i + 1] = esk[31 - i];
523
524 esk[i + 32] = dsk[62 - i];
525 esk[i + 33] = dsk[63 - i];
526
527 esk[i + 64] = esk[i ];
528 esk[i + 65] = esk[i + 1];
529
530 dsk[i + 64] = dsk[i ];
531 dsk[i + 65] = dsk[i + 1];
532 }
533 }
534
535 /*
536 * Triple-DES key schedule (112-bit, encryption)
537 */
mbedtls_des3_set2key_enc(mbedtls_des3_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])538 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
539 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
540 {
541 uint32_t sk[96];
542
543 des3_set2key( ctx->sk, sk, key );
544 mbedtls_zeroize( sk, sizeof( sk ) );
545
546 return( 0 );
547 }
548
549 /*
550 * Triple-DES key schedule (112-bit, decryption)
551 */
mbedtls_des3_set2key_dec(mbedtls_des3_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])552 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
553 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
554 {
555 uint32_t sk[96];
556
557 des3_set2key( sk, ctx->sk, key );
558 mbedtls_zeroize( sk, sizeof( sk ) );
559
560 return( 0 );
561 }
562
des3_set3key(uint32_t esk[96],uint32_t dsk[96],const unsigned char key[24])563 static void des3_set3key( uint32_t esk[96],
564 uint32_t dsk[96],
565 const unsigned char key[24] )
566 {
567 int i;
568
569 mbedtls_des_setkey( esk, key );
570 mbedtls_des_setkey( dsk + 32, key + 8 );
571 mbedtls_des_setkey( esk + 64, key + 16 );
572
573 for( i = 0; i < 32; i += 2 )
574 {
575 dsk[i ] = esk[94 - i];
576 dsk[i + 1] = esk[95 - i];
577
578 esk[i + 32] = dsk[62 - i];
579 esk[i + 33] = dsk[63 - i];
580
581 dsk[i + 64] = esk[30 - i];
582 dsk[i + 65] = esk[31 - i];
583 }
584 }
585
586 /*
587 * Triple-DES key schedule (168-bit, encryption)
588 */
mbedtls_des3_set3key_enc(mbedtls_des3_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])589 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
590 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
591 {
592 uint32_t sk[96];
593
594 des3_set3key( ctx->sk, sk, key );
595 mbedtls_zeroize( sk, sizeof( sk ) );
596
597 return( 0 );
598 }
599
600 /*
601 * Triple-DES key schedule (168-bit, decryption)
602 */
mbedtls_des3_set3key_dec(mbedtls_des3_context * ctx,const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])603 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
604 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
605 {
606 uint32_t sk[96];
607
608 des3_set3key( sk, ctx->sk, key );
609 mbedtls_zeroize( sk, sizeof( sk ) );
610
611 return( 0 );
612 }
613
614 /*
615 * DES-ECB block encryption/decryption
616 */
617 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
mbedtls_des_crypt_ecb(mbedtls_des_context * ctx,const unsigned char input[8],unsigned char output[8])618 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
619 const unsigned char input[8],
620 unsigned char output[8] )
621 {
622 int i;
623 uint32_t X, Y, T, *SK;
624
625 SK = ctx->sk;
626
627 GET_UINT32_BE( X, input, 0 );
628 GET_UINT32_BE( Y, input, 4 );
629
630 DES_IP( X, Y );
631
632 for( i = 0; i < 8; i++ )
633 {
634 DES_ROUND( Y, X );
635 DES_ROUND( X, Y );
636 }
637
638 DES_FP( Y, X );
639
640 PUT_UINT32_BE( Y, output, 0 );
641 PUT_UINT32_BE( X, output, 4 );
642
643 return( 0 );
644 }
645 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
646
647 #if defined(MBEDTLS_CIPHER_MODE_CBC)
648 /*
649 * DES-CBC buffer encryption/decryption
650 */
mbedtls_des_crypt_cbc(mbedtls_des_context * ctx,int mode,size_t length,unsigned char iv[8],const unsigned char * input,unsigned char * output)651 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
652 int mode,
653 size_t length,
654 unsigned char iv[8],
655 const unsigned char *input,
656 unsigned char *output )
657 {
658 int i;
659 unsigned char temp[8];
660
661 if( length % 8 )
662 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
663
664 if( mode == MBEDTLS_DES_ENCRYPT )
665 {
666 while( length > 0 )
667 {
668 for( i = 0; i < 8; i++ )
669 output[i] = (unsigned char)( input[i] ^ iv[i] );
670
671 mbedtls_des_crypt_ecb( ctx, output, output );
672 memcpy( iv, output, 8 );
673
674 input += 8;
675 output += 8;
676 length -= 8;
677 }
678 }
679 else /* MBEDTLS_DES_DECRYPT */
680 {
681 while( length > 0 )
682 {
683 memcpy( temp, input, 8 );
684 mbedtls_des_crypt_ecb( ctx, input, output );
685
686 for( i = 0; i < 8; i++ )
687 output[i] = (unsigned char)( output[i] ^ iv[i] );
688
689 memcpy( iv, temp, 8 );
690
691 input += 8;
692 output += 8;
693 length -= 8;
694 }
695 }
696
697 return( 0 );
698 }
699 #endif /* MBEDTLS_CIPHER_MODE_CBC */
700
701 /*
702 * 3DES-ECB block encryption/decryption
703 */
704 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
mbedtls_des3_crypt_ecb(mbedtls_des3_context * ctx,const unsigned char input[8],unsigned char output[8])705 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
706 const unsigned char input[8],
707 unsigned char output[8] )
708 {
709 int i;
710 uint32_t X, Y, T, *SK;
711
712 SK = ctx->sk;
713
714 GET_UINT32_BE( X, input, 0 );
715 GET_UINT32_BE( Y, input, 4 );
716
717 DES_IP( X, Y );
718
719 for( i = 0; i < 8; i++ )
720 {
721 DES_ROUND( Y, X );
722 DES_ROUND( X, Y );
723 }
724
725 for( i = 0; i < 8; i++ )
726 {
727 DES_ROUND( X, Y );
728 DES_ROUND( Y, X );
729 }
730
731 for( i = 0; i < 8; i++ )
732 {
733 DES_ROUND( Y, X );
734 DES_ROUND( X, Y );
735 }
736
737 DES_FP( Y, X );
738
739 PUT_UINT32_BE( Y, output, 0 );
740 PUT_UINT32_BE( X, output, 4 );
741
742 return( 0 );
743 }
744 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
745
746 #if defined(MBEDTLS_CIPHER_MODE_CBC)
747 /*
748 * 3DES-CBC buffer encryption/decryption
749 */
mbedtls_des3_crypt_cbc(mbedtls_des3_context * ctx,int mode,size_t length,unsigned char iv[8],const unsigned char * input,unsigned char * output)750 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
751 int mode,
752 size_t length,
753 unsigned char iv[8],
754 const unsigned char *input,
755 unsigned char *output )
756 {
757 int i;
758 unsigned char temp[8];
759
760 if( length % 8 )
761 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
762
763 if( mode == MBEDTLS_DES_ENCRYPT )
764 {
765 while( length > 0 )
766 {
767 for( i = 0; i < 8; i++ )
768 output[i] = (unsigned char)( input[i] ^ iv[i] );
769
770 mbedtls_des3_crypt_ecb( ctx, output, output );
771 memcpy( iv, output, 8 );
772
773 input += 8;
774 output += 8;
775 length -= 8;
776 }
777 }
778 else /* MBEDTLS_DES_DECRYPT */
779 {
780 while( length > 0 )
781 {
782 memcpy( temp, input, 8 );
783 mbedtls_des3_crypt_ecb( ctx, input, output );
784
785 for( i = 0; i < 8; i++ )
786 output[i] = (unsigned char)( output[i] ^ iv[i] );
787
788 memcpy( iv, temp, 8 );
789
790 input += 8;
791 output += 8;
792 length -= 8;
793 }
794 }
795
796 return( 0 );
797 }
798 #endif /* MBEDTLS_CIPHER_MODE_CBC */
799
800 #endif /* !MBEDTLS_DES_ALT */
801
802 #endif /* MBEDTLS_DES_C */
803