1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * DES, on which TDES is based, was originally designed by Horst Feistel
23 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
24 *
25 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
26 */
27
28 #include "des_core.h"
29
30 #include <string.h>
31 #include <stdio.h>
32
33
34 #define mbedtls_printf printf
35
36 #ifndef uint32_t
37 #define uint32_t unsigned int
38 #endif
39
40 /* Implementation that should never be optimized out by the compiler */
mbedtls_zeroize(void * v,size_t n)41 static void mbedtls_zeroize( void *v, size_t n ) {
42 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
43 }
44
45 /*
46 * 32-bit integer manipulation macros (big endian)
47 */
48 #ifndef GET_UINT32_BE
49 #define GET_UINT32_BE(n,b,i) \
50 { \
51 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
52 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
53 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
54 | ( (uint32_t) (b)[(i) + 3] ); \
55 }
56 #endif
57
58 #ifndef PUT_UINT32_BE
59 #define PUT_UINT32_BE(n,b,i) \
60 { \
61 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
62 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
63 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
64 (b)[(i) + 3] = (unsigned char) ( (n) ); \
65 }
66 #endif
67
68 /*
69 * Expanded DES S-boxes
70 */
71 static const uint32_t SB1[64] =
72 {
73 0x01010400, 0x00000000, 0x00010000, 0x01010404,
74 0x01010004, 0x00010404, 0x00000004, 0x00010000,
75 0x00000400, 0x01010400, 0x01010404, 0x00000400,
76 0x01000404, 0x01010004, 0x01000000, 0x00000004,
77 0x00000404, 0x01000400, 0x01000400, 0x00010400,
78 0x00010400, 0x01010000, 0x01010000, 0x01000404,
79 0x00010004, 0x01000004, 0x01000004, 0x00010004,
80 0x00000000, 0x00000404, 0x00010404, 0x01000000,
81 0x00010000, 0x01010404, 0x00000004, 0x01010000,
82 0x01010400, 0x01000000, 0x01000000, 0x00000400,
83 0x01010004, 0x00010000, 0x00010400, 0x01000004,
84 0x00000400, 0x00000004, 0x01000404, 0x00010404,
85 0x01010404, 0x00010004, 0x01010000, 0x01000404,
86 0x01000004, 0x00000404, 0x00010404, 0x01010400,
87 0x00000404, 0x01000400, 0x01000400, 0x00000000,
88 0x00010004, 0x00010400, 0x00000000, 0x01010004
89 };
90
91 static const uint32_t SB2[64] =
92 {
93 0x80108020, 0x80008000, 0x00008000, 0x00108020,
94 0x00100000, 0x00000020, 0x80100020, 0x80008020,
95 0x80000020, 0x80108020, 0x80108000, 0x80000000,
96 0x80008000, 0x00100000, 0x00000020, 0x80100020,
97 0x00108000, 0x00100020, 0x80008020, 0x00000000,
98 0x80000000, 0x00008000, 0x00108020, 0x80100000,
99 0x00100020, 0x80000020, 0x00000000, 0x00108000,
100 0x00008020, 0x80108000, 0x80100000, 0x00008020,
101 0x00000000, 0x00108020, 0x80100020, 0x00100000,
102 0x80008020, 0x80100000, 0x80108000, 0x00008000,
103 0x80100000, 0x80008000, 0x00000020, 0x80108020,
104 0x00108020, 0x00000020, 0x00008000, 0x80000000,
105 0x00008020, 0x80108000, 0x00100000, 0x80000020,
106 0x00100020, 0x80008020, 0x80000020, 0x00100020,
107 0x00108000, 0x00000000, 0x80008000, 0x00008020,
108 0x80000000, 0x80100020, 0x80108020, 0x00108000
109 };
110
111 static const uint32_t SB3[64] =
112 {
113 0x00000208, 0x08020200, 0x00000000, 0x08020008,
114 0x08000200, 0x00000000, 0x00020208, 0x08000200,
115 0x00020008, 0x08000008, 0x08000008, 0x00020000,
116 0x08020208, 0x00020008, 0x08020000, 0x00000208,
117 0x08000000, 0x00000008, 0x08020200, 0x00000200,
118 0x00020200, 0x08020000, 0x08020008, 0x00020208,
119 0x08000208, 0x00020200, 0x00020000, 0x08000208,
120 0x00000008, 0x08020208, 0x00000200, 0x08000000,
121 0x08020200, 0x08000000, 0x00020008, 0x00000208,
122 0x00020000, 0x08020200, 0x08000200, 0x00000000,
123 0x00000200, 0x00020008, 0x08020208, 0x08000200,
124 0x08000008, 0x00000200, 0x00000000, 0x08020008,
125 0x08000208, 0x00020000, 0x08000000, 0x08020208,
126 0x00000008, 0x00020208, 0x00020200, 0x08000008,
127 0x08020000, 0x08000208, 0x00000208, 0x08020000,
128 0x00020208, 0x00000008, 0x08020008, 0x00020200
129 };
130
131 static const uint32_t SB4[64] =
132 {
133 0x00802001, 0x00002081, 0x00002081, 0x00000080,
134 0x00802080, 0x00800081, 0x00800001, 0x00002001,
135 0x00000000, 0x00802000, 0x00802000, 0x00802081,
136 0x00000081, 0x00000000, 0x00800080, 0x00800001,
137 0x00000001, 0x00002000, 0x00800000, 0x00802001,
138 0x00000080, 0x00800000, 0x00002001, 0x00002080,
139 0x00800081, 0x00000001, 0x00002080, 0x00800080,
140 0x00002000, 0x00802080, 0x00802081, 0x00000081,
141 0x00800080, 0x00800001, 0x00802000, 0x00802081,
142 0x00000081, 0x00000000, 0x00000000, 0x00802000,
143 0x00002080, 0x00800080, 0x00800081, 0x00000001,
144 0x00802001, 0x00002081, 0x00002081, 0x00000080,
145 0x00802081, 0x00000081, 0x00000001, 0x00002000,
146 0x00800001, 0x00002001, 0x00802080, 0x00800081,
147 0x00002001, 0x00002080, 0x00800000, 0x00802001,
148 0x00000080, 0x00800000, 0x00002000, 0x00802080
149 };
150
151 static const uint32_t SB5[64] =
152 {
153 0x00000100, 0x02080100, 0x02080000, 0x42000100,
154 0x00080000, 0x00000100, 0x40000000, 0x02080000,
155 0x40080100, 0x00080000, 0x02000100, 0x40080100,
156 0x42000100, 0x42080000, 0x00080100, 0x40000000,
157 0x02000000, 0x40080000, 0x40080000, 0x00000000,
158 0x40000100, 0x42080100, 0x42080100, 0x02000100,
159 0x42080000, 0x40000100, 0x00000000, 0x42000000,
160 0x02080100, 0x02000000, 0x42000000, 0x00080100,
161 0x00080000, 0x42000100, 0x00000100, 0x02000000,
162 0x40000000, 0x02080000, 0x42000100, 0x40080100,
163 0x02000100, 0x40000000, 0x42080000, 0x02080100,
164 0x40080100, 0x00000100, 0x02000000, 0x42080000,
165 0x42080100, 0x00080100, 0x42000000, 0x42080100,
166 0x02080000, 0x00000000, 0x40080000, 0x42000000,
167 0x00080100, 0x02000100, 0x40000100, 0x00080000,
168 0x00000000, 0x40080000, 0x02080100, 0x40000100
169 };
170
171 static const uint32_t SB6[64] =
172 {
173 0x20000010, 0x20400000, 0x00004000, 0x20404010,
174 0x20400000, 0x00000010, 0x20404010, 0x00400000,
175 0x20004000, 0x00404010, 0x00400000, 0x20000010,
176 0x00400010, 0x20004000, 0x20000000, 0x00004010,
177 0x00000000, 0x00400010, 0x20004010, 0x00004000,
178 0x00404000, 0x20004010, 0x00000010, 0x20400010,
179 0x20400010, 0x00000000, 0x00404010, 0x20404000,
180 0x00004010, 0x00404000, 0x20404000, 0x20000000,
181 0x20004000, 0x00000010, 0x20400010, 0x00404000,
182 0x20404010, 0x00400000, 0x00004010, 0x20000010,
183 0x00400000, 0x20004000, 0x20000000, 0x00004010,
184 0x20000010, 0x20404010, 0x00404000, 0x20400000,
185 0x00404010, 0x20404000, 0x00000000, 0x20400010,
186 0x00000010, 0x00004000, 0x20400000, 0x00404010,
187 0x00004000, 0x00400010, 0x20004010, 0x00000000,
188 0x20404000, 0x20000000, 0x00400010, 0x20004010
189 };
190
191 static const uint32_t SB7[64] =
192 {
193 0x00200000, 0x04200002, 0x04000802, 0x00000000,
194 0x00000800, 0x04000802, 0x00200802, 0x04200800,
195 0x04200802, 0x00200000, 0x00000000, 0x04000002,
196 0x00000002, 0x04000000, 0x04200002, 0x00000802,
197 0x04000800, 0x00200802, 0x00200002, 0x04000800,
198 0x04000002, 0x04200000, 0x04200800, 0x00200002,
199 0x04200000, 0x00000800, 0x00000802, 0x04200802,
200 0x00200800, 0x00000002, 0x04000000, 0x00200800,
201 0x04000000, 0x00200800, 0x00200000, 0x04000802,
202 0x04000802, 0x04200002, 0x04200002, 0x00000002,
203 0x00200002, 0x04000000, 0x04000800, 0x00200000,
204 0x04200800, 0x00000802, 0x00200802, 0x04200800,
205 0x00000802, 0x04000002, 0x04200802, 0x04200000,
206 0x00200800, 0x00000000, 0x00000002, 0x04200802,
207 0x00000000, 0x00200802, 0x04200000, 0x00000800,
208 0x04000002, 0x04000800, 0x00000800, 0x00200002
209 };
210
211 static const uint32_t SB8[64] =
212 {
213 0x10001040, 0x00001000, 0x00040000, 0x10041040,
214 0x10000000, 0x10001040, 0x00000040, 0x10000000,
215 0x00040040, 0x10040000, 0x10041040, 0x00041000,
216 0x10041000, 0x00041040, 0x00001000, 0x00000040,
217 0x10040000, 0x10000040, 0x10001000, 0x00001040,
218 0x00041000, 0x00040040, 0x10040040, 0x10041000,
219 0x00001040, 0x00000000, 0x00000000, 0x10040040,
220 0x10000040, 0x10001000, 0x00041040, 0x00040000,
221 0x00041040, 0x00040000, 0x10041000, 0x00001000,
222 0x00000040, 0x10040040, 0x00001000, 0x00041040,
223 0x10001000, 0x00000040, 0x10000040, 0x10040000,
224 0x10040040, 0x10000000, 0x00040000, 0x10001040,
225 0x00000000, 0x10041040, 0x00040040, 0x10000040,
226 0x10040000, 0x10001000, 0x10001040, 0x00000000,
227 0x10041040, 0x00041000, 0x00041000, 0x00001040,
228 0x00001040, 0x00040040, 0x10000000, 0x10041000
229 };
230
231 /*
232 * PC1: left and right halves bit-swap
233 */
234 static const uint32_t LHs[16] =
235 {
236 0x00000000, 0x00000001, 0x00000100, 0x00000101,
237 0x00010000, 0x00010001, 0x00010100, 0x00010101,
238 0x01000000, 0x01000001, 0x01000100, 0x01000101,
239 0x01010000, 0x01010001, 0x01010100, 0x01010101
240 };
241
242 static const uint32_t RHs[16] =
243 {
244 0x00000000, 0x01000000, 0x00010000, 0x01010000,
245 0x00000100, 0x01000100, 0x00010100, 0x01010100,
246 0x00000001, 0x01000001, 0x00010001, 0x01010001,
247 0x00000101, 0x01000101, 0x00010101, 0x01010101,
248 };
249
250 /*
251 * Initial Permutation macro
252 */
253 #define DES_IP(X,Y) \
254 { \
255 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
256 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
257 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
258 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
259 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
260 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
261 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
262 }
263
264 /*
265 * Final Permutation macro
266 */
267 #define DES_FP(X,Y) \
268 { \
269 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
270 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
271 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
272 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
273 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
274 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
275 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
276 }
277
278 /*
279 * DES round macro
280 */
281 #define DES_ROUND(X,Y) \
282 { \
283 T = *SK++ ^ X; \
284 Y ^= SB8[ (T ) & 0x3F ] ^ \
285 SB6[ (T >> 8) & 0x3F ] ^ \
286 SB4[ (T >> 16) & 0x3F ] ^ \
287 SB2[ (T >> 24) & 0x3F ]; \
288 \
289 T = *SK++ ^ ((X << 28) | (X >> 4)); \
290 Y ^= SB7[ (T ) & 0x3F ] ^ \
291 SB5[ (T >> 8) & 0x3F ] ^ \
292 SB3[ (T >> 16) & 0x3F ] ^ \
293 SB1[ (T >> 24) & 0x3F ]; \
294 }
295
296 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
297
mbedtls_des_init(rk_des_context * ctx)298 void mbedtls_des_init( rk_des_context *ctx )
299 {
300 memset( ctx, 0, sizeof( rk_des_context ) );
301 }
302
mbedtls_des_free(rk_des_context * ctx)303 void mbedtls_des_free( rk_des_context *ctx )
304 {
305 if( ctx == NULL )
306 return;
307
308 mbedtls_zeroize( ctx, sizeof( rk_des_context ) );
309 }
310
mbedtls_des3_init(rk_des3_context * ctx)311 void mbedtls_des3_init( rk_des3_context *ctx )
312 {
313 memset( ctx, 0, sizeof( rk_des3_context ) );
314 }
315
mbedtls_des3_free(rk_des3_context * ctx)316 void mbedtls_des3_free( rk_des3_context *ctx )
317 {
318 if( ctx == NULL )
319 return;
320
321 mbedtls_zeroize( ctx, sizeof( rk_des3_context ) );
322 }
323
324 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
325 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
326 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
327 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
328 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
329 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
330 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
331 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
332 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
333 254 };
334
mbedtls_des_key_set_parity(unsigned char key[DES_BLOCK_SIZE])335 void mbedtls_des_key_set_parity( unsigned char key[DES_BLOCK_SIZE] )
336 {
337 int i;
338
339 for( i = 0; i < DES_BLOCK_SIZE; i++ )
340 key[i] = odd_parity_table[key[i] / 2];
341 }
342
343 /*
344 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
345 */
mbedtls_des_key_check_key_parity(const unsigned char key[DES_BLOCK_SIZE])346 int mbedtls_des_key_check_key_parity( const unsigned char key[DES_BLOCK_SIZE] )
347 {
348 int i;
349
350 for( i = 0; i < DES_BLOCK_SIZE; i++ )
351 if( key[i] != odd_parity_table[key[i] / 2] )
352 return( 1 );
353
354 return( 0 );
355 }
356
357 /*
358 * Table of weak and semi-weak keys
359 *
360 * Source: http://en.wikipedia.org/wiki/Weak_key
361 *
362 * Weak:
363 * Alternating ones + zeros (0x0101010101010101)
364 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
365 * '0xE0E0E0E0F1F1F1F1'
366 * '0x1F1F1F1F0E0E0E0E'
367 *
368 * Semi-weak:
369 * 0x011F011F010E010E and 0x1F011F010E010E01
370 * 0x01E001E001F101F1 and 0xE001E001F101F101
371 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
372 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
373 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
374 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
375 *
376 */
377
378 #define WEAK_KEY_COUNT 16
379
380 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_BLOCK_SIZE] =
381 {
382 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
383 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
384 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
385 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
386
387 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
388 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
389 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
390 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
391 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
392 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
393 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
394 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
395 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
396 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
397 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
398 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
399 };
400
mbedtls_des_key_check_weak(const unsigned char key[DES_BLOCK_SIZE])401 int mbedtls_des_key_check_weak( const unsigned char key[DES_BLOCK_SIZE] )
402 {
403 int i;
404
405 for( i = 0; i < WEAK_KEY_COUNT; i++ )
406 if( memcmp( weak_key_table[i], key, DES_BLOCK_SIZE) == 0 )
407 return( 1 );
408
409 return( 0 );
410 }
411
mbedtls_des_setkey(uint32_t SK[32],const unsigned char key[DES_BLOCK_SIZE])412 void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[DES_BLOCK_SIZE] )
413 {
414 int i;
415 uint32_t X, Y, T;
416
417 GET_UINT32_BE( X, key, 0 );
418 GET_UINT32_BE( Y, key, 4 );
419
420 /*
421 * Permuted Choice 1
422 */
423 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
424 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
425
426 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
427 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
428 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
429 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
430
431 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
432 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
433 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
434 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
435
436 X &= 0x0FFFFFFF;
437 Y &= 0x0FFFFFFF;
438
439 /*
440 * calculate subkeys
441 */
442 for( i = 0; i < 16; i++ )
443 {
444 if( i < 2 || i == 8 || i == 15 )
445 {
446 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
447 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
448 }
449 else
450 {
451 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
452 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
453 }
454
455 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
456 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
457 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
458 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
459 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
460 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
461 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
462 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
463 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
464 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
465 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
466
467 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
468 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
469 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
470 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
471 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
472 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
473 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
474 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
475 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
476 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
477 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
478 }
479 }
480
481 /*
482 * DES key schedule (56-bit, encryption)
483 */
rk_des_setkey_enc(rk_des_context * ctx,const unsigned char key[DES_BLOCK_SIZE])484 int rk_des_setkey_enc( rk_des_context *ctx, const unsigned char key[DES_BLOCK_SIZE] )
485 {
486 mbedtls_des_setkey( ctx->sk, key );
487
488 return( 0 );
489 }
490
491 /*
492 * DES key schedule (56-bit, decryption)
493 */
rk_des_setkey_dec(rk_des_context * ctx,const unsigned char key[DES_BLOCK_SIZE])494 int rk_des_setkey_dec( rk_des_context *ctx, const unsigned char key[DES_BLOCK_SIZE] )
495 {
496 int i;
497
498 mbedtls_des_setkey( ctx->sk, key );
499
500 for( i = 0; i < 16; i += 2 )
501 {
502 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
503 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
504 }
505
506 return( 0 );
507 }
508
des3_set2key(uint32_t esk[96],uint32_t dsk[96],const unsigned char key[DES_BLOCK_SIZE * 2])509 static void des3_set2key( uint32_t esk[96],
510 uint32_t dsk[96],
511 const unsigned char key[DES_BLOCK_SIZE*2] )
512 {
513 int i;
514
515 mbedtls_des_setkey( esk, key );
516 mbedtls_des_setkey( dsk + 32, key + 8 );
517
518 for( i = 0; i < 32; i += 2 )
519 {
520 dsk[i ] = esk[30 - i];
521 dsk[i + 1] = esk[31 - i];
522
523 esk[i + 32] = dsk[62 - i];
524 esk[i + 33] = dsk[63 - i];
525
526 esk[i + 64] = esk[i ];
527 esk[i + 65] = esk[i + 1];
528
529 dsk[i + 64] = dsk[i ];
530 dsk[i + 65] = dsk[i + 1];
531 }
532 }
533
534 /*
535 * Triple-DES key schedule (112-bit, encryption)
536 */
rk_des3_set2key_enc(rk_des3_context * ctx,const unsigned char key[DES_BLOCK_SIZE * 2])537 int rk_des3_set2key_enc( rk_des3_context *ctx,
538 const unsigned char key[DES_BLOCK_SIZE * 2] )
539 {
540 uint32_t sk[96];
541
542 des3_set2key( ctx->sk, sk, key );
543 mbedtls_zeroize( sk, sizeof( sk ) );
544
545 return( 0 );
546 }
547
548 /*
549 * Triple-DES key schedule (112-bit, decryption)
550 */
rk_des3_set2key_dec(rk_des3_context * ctx,const unsigned char key[DES_BLOCK_SIZE * 2])551 int rk_des3_set2key_dec( rk_des3_context *ctx,
552 const unsigned char key[DES_BLOCK_SIZE * 2] )
553 {
554 uint32_t sk[96];
555
556 des3_set2key( sk, ctx->sk, key );
557 mbedtls_zeroize( sk, sizeof( sk ) );
558
559 return( 0 );
560 }
561
des3_set3key(uint32_t esk[96],uint32_t dsk[96],const unsigned char key[24])562 static void des3_set3key( uint32_t esk[96],
563 uint32_t dsk[96],
564 const unsigned char key[24] )
565 {
566 int i;
567
568 mbedtls_des_setkey( esk, key );
569 mbedtls_des_setkey( dsk + 32, key + 8 );
570 mbedtls_des_setkey( esk + 64, key + 16 );
571
572 for( i = 0; i < 32; i += 2 )
573 {
574 dsk[i ] = esk[94 - i];
575 dsk[i + 1] = esk[95 - i];
576
577 esk[i + 32] = dsk[62 - i];
578 esk[i + 33] = dsk[63 - i];
579
580 dsk[i + 64] = esk[30 - i];
581 dsk[i + 65] = esk[31 - i];
582 }
583 }
584
585 /*
586 * Triple-DES key schedule (168-bit, encryption)
587 */
rk_des3_set3key_enc(rk_des3_context * ctx,const unsigned char key[DES_BLOCK_SIZE * 3])588 int rk_des3_set3key_enc( rk_des3_context *ctx,
589 const unsigned char key[DES_BLOCK_SIZE * 3] )
590 {
591 uint32_t sk[96];
592
593 des3_set3key( ctx->sk, sk, key );
594 mbedtls_zeroize( sk, sizeof( sk ) );
595
596 return( 0 );
597 }
598
599 /*
600 * Triple-DES key schedule (168-bit, decryption)
601 */
rk_des3_set3key_dec(rk_des3_context * ctx,const unsigned char key[DES_BLOCK_SIZE * 3])602 int rk_des3_set3key_dec( rk_des3_context *ctx,
603 const unsigned char key[DES_BLOCK_SIZE * 3] )
604 {
605 uint32_t sk[96];
606
607 des3_set3key( sk, ctx->sk, key );
608 mbedtls_zeroize( sk, sizeof( sk ) );
609
610 return( 0 );
611 }
612
613 /*
614 * DES-ECB block encryption/decryption
615 */
rk_des_crypt_ecb(const unsigned char input[8],unsigned char output[8],void * ctx)616 int rk_des_crypt_ecb(const unsigned char input[8],
617 unsigned char output[8], void *ctx)
618 {
619 int i;
620 uint32_t X, Y, T, *SK;
621
622 SK = ((rk_des_context *)ctx)->sk;
623
624 GET_UINT32_BE( X, input, 0 );
625 GET_UINT32_BE( Y, input, 4 );
626
627 DES_IP( X, Y );
628
629 for( i = 0; i < 8; i++ )
630 {
631 DES_ROUND( Y, X );
632 DES_ROUND( X, Y );
633 }
634
635 DES_FP( Y, X );
636
637 PUT_UINT32_BE( Y, output, 0 );
638 PUT_UINT32_BE( X, output, 4 );
639
640 return( 0 );
641 }
642
643 /*
644 * 3DES-ECB block encryption/decryption
645 */
rk_des3_crypt_ecb(const unsigned char input[8],unsigned char output[8],void * ctx)646 int rk_des3_crypt_ecb( const unsigned char input[8],
647 unsigned char output[8], void *ctx)
648 {
649 int i;
650 uint32_t X, Y, T, *SK;
651
652 SK = ((rk_des3_context*)ctx)->sk;
653
654 GET_UINT32_BE( X, input, 0 );
655 GET_UINT32_BE( Y, input, 4 );
656
657 DES_IP( X, Y );
658
659 for( i = 0; i < 8; i++ )
660 {
661 DES_ROUND( Y, X );
662 DES_ROUND( X, Y );
663 }
664
665 for( i = 0; i < 8; i++ )
666 {
667 DES_ROUND( X, Y );
668 DES_ROUND( Y, X );
669 }
670
671 for( i = 0; i < 8; i++ )
672 {
673 DES_ROUND( Y, X );
674 DES_ROUND( X, Y );
675 }
676
677 DES_FP( Y, X );
678
679 PUT_UINT32_BE( Y, output, 0 );
680 PUT_UINT32_BE( X, output, 4 );
681
682 return( 0 );
683 }
684
685
686
687
688
689