Coverage Report

Created: 2024-11-21 07:03

/src/mbedtls/library/des.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  FIPS-46-3 compliant Triple-DES implementation
3
 *
4
 *  Copyright The Mbed TLS Contributors
5
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
 */
7
/*
8
 *  DES, on which TDES is based, was originally designed by Horst Feistel
9
 *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
10
 *
11
 *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
12
 */
13
14
#include "common.h"
15
16
#if defined(MBEDTLS_DES_C)
17
18
#include "mbedtls/des.h"
19
#include "mbedtls/error.h"
20
#include "mbedtls/platform_util.h"
21
22
#include <string.h>
23
24
#include "mbedtls/platform.h"
25
26
#if !defined(MBEDTLS_DES_ALT)
27
28
/*
29
 * Expanded DES S-boxes
30
 */
31
static const uint32_t SB1[64] =
32
{
33
    0x01010400, 0x00000000, 0x00010000, 0x01010404,
34
    0x01010004, 0x00010404, 0x00000004, 0x00010000,
35
    0x00000400, 0x01010400, 0x01010404, 0x00000400,
36
    0x01000404, 0x01010004, 0x01000000, 0x00000004,
37
    0x00000404, 0x01000400, 0x01000400, 0x00010400,
38
    0x00010400, 0x01010000, 0x01010000, 0x01000404,
39
    0x00010004, 0x01000004, 0x01000004, 0x00010004,
40
    0x00000000, 0x00000404, 0x00010404, 0x01000000,
41
    0x00010000, 0x01010404, 0x00000004, 0x01010000,
42
    0x01010400, 0x01000000, 0x01000000, 0x00000400,
43
    0x01010004, 0x00010000, 0x00010400, 0x01000004,
44
    0x00000400, 0x00000004, 0x01000404, 0x00010404,
45
    0x01010404, 0x00010004, 0x01010000, 0x01000404,
46
    0x01000004, 0x00000404, 0x00010404, 0x01010400,
47
    0x00000404, 0x01000400, 0x01000400, 0x00000000,
48
    0x00010004, 0x00010400, 0x00000000, 0x01010004
49
};
50
51
static const uint32_t SB2[64] =
52
{
53
    0x80108020, 0x80008000, 0x00008000, 0x00108020,
54
    0x00100000, 0x00000020, 0x80100020, 0x80008020,
55
    0x80000020, 0x80108020, 0x80108000, 0x80000000,
56
    0x80008000, 0x00100000, 0x00000020, 0x80100020,
57
    0x00108000, 0x00100020, 0x80008020, 0x00000000,
58
    0x80000000, 0x00008000, 0x00108020, 0x80100000,
59
    0x00100020, 0x80000020, 0x00000000, 0x00108000,
60
    0x00008020, 0x80108000, 0x80100000, 0x00008020,
61
    0x00000000, 0x00108020, 0x80100020, 0x00100000,
62
    0x80008020, 0x80100000, 0x80108000, 0x00008000,
63
    0x80100000, 0x80008000, 0x00000020, 0x80108020,
64
    0x00108020, 0x00000020, 0x00008000, 0x80000000,
65
    0x00008020, 0x80108000, 0x00100000, 0x80000020,
66
    0x00100020, 0x80008020, 0x80000020, 0x00100020,
67
    0x00108000, 0x00000000, 0x80008000, 0x00008020,
68
    0x80000000, 0x80100020, 0x80108020, 0x00108000
69
};
70
71
static const uint32_t SB3[64] =
72
{
73
    0x00000208, 0x08020200, 0x00000000, 0x08020008,
74
    0x08000200, 0x00000000, 0x00020208, 0x08000200,
75
    0x00020008, 0x08000008, 0x08000008, 0x00020000,
76
    0x08020208, 0x00020008, 0x08020000, 0x00000208,
77
    0x08000000, 0x00000008, 0x08020200, 0x00000200,
78
    0x00020200, 0x08020000, 0x08020008, 0x00020208,
79
    0x08000208, 0x00020200, 0x00020000, 0x08000208,
80
    0x00000008, 0x08020208, 0x00000200, 0x08000000,
81
    0x08020200, 0x08000000, 0x00020008, 0x00000208,
82
    0x00020000, 0x08020200, 0x08000200, 0x00000000,
83
    0x00000200, 0x00020008, 0x08020208, 0x08000200,
84
    0x08000008, 0x00000200, 0x00000000, 0x08020008,
85
    0x08000208, 0x00020000, 0x08000000, 0x08020208,
86
    0x00000008, 0x00020208, 0x00020200, 0x08000008,
87
    0x08020000, 0x08000208, 0x00000208, 0x08020000,
88
    0x00020208, 0x00000008, 0x08020008, 0x00020200
89
};
90
91
static const uint32_t SB4[64] =
92
{
93
    0x00802001, 0x00002081, 0x00002081, 0x00000080,
94
    0x00802080, 0x00800081, 0x00800001, 0x00002001,
95
    0x00000000, 0x00802000, 0x00802000, 0x00802081,
96
    0x00000081, 0x00000000, 0x00800080, 0x00800001,
97
    0x00000001, 0x00002000, 0x00800000, 0x00802001,
98
    0x00000080, 0x00800000, 0x00002001, 0x00002080,
99
    0x00800081, 0x00000001, 0x00002080, 0x00800080,
100
    0x00002000, 0x00802080, 0x00802081, 0x00000081,
101
    0x00800080, 0x00800001, 0x00802000, 0x00802081,
102
    0x00000081, 0x00000000, 0x00000000, 0x00802000,
103
    0x00002080, 0x00800080, 0x00800081, 0x00000001,
104
    0x00802001, 0x00002081, 0x00002081, 0x00000080,
105
    0x00802081, 0x00000081, 0x00000001, 0x00002000,
106
    0x00800001, 0x00002001, 0x00802080, 0x00800081,
107
    0x00002001, 0x00002080, 0x00800000, 0x00802001,
108
    0x00000080, 0x00800000, 0x00002000, 0x00802080
109
};
110
111
static const uint32_t SB5[64] =
112
{
113
    0x00000100, 0x02080100, 0x02080000, 0x42000100,
114
    0x00080000, 0x00000100, 0x40000000, 0x02080000,
115
    0x40080100, 0x00080000, 0x02000100, 0x40080100,
116
    0x42000100, 0x42080000, 0x00080100, 0x40000000,
117
    0x02000000, 0x40080000, 0x40080000, 0x00000000,
118
    0x40000100, 0x42080100, 0x42080100, 0x02000100,
119
    0x42080000, 0x40000100, 0x00000000, 0x42000000,
120
    0x02080100, 0x02000000, 0x42000000, 0x00080100,
121
    0x00080000, 0x42000100, 0x00000100, 0x02000000,
122
    0x40000000, 0x02080000, 0x42000100, 0x40080100,
123
    0x02000100, 0x40000000, 0x42080000, 0x02080100,
124
    0x40080100, 0x00000100, 0x02000000, 0x42080000,
125
    0x42080100, 0x00080100, 0x42000000, 0x42080100,
126
    0x02080000, 0x00000000, 0x40080000, 0x42000000,
127
    0x00080100, 0x02000100, 0x40000100, 0x00080000,
128
    0x00000000, 0x40080000, 0x02080100, 0x40000100
129
};
130
131
static const uint32_t SB6[64] =
132
{
133
    0x20000010, 0x20400000, 0x00004000, 0x20404010,
134
    0x20400000, 0x00000010, 0x20404010, 0x00400000,
135
    0x20004000, 0x00404010, 0x00400000, 0x20000010,
136
    0x00400010, 0x20004000, 0x20000000, 0x00004010,
137
    0x00000000, 0x00400010, 0x20004010, 0x00004000,
138
    0x00404000, 0x20004010, 0x00000010, 0x20400010,
139
    0x20400010, 0x00000000, 0x00404010, 0x20404000,
140
    0x00004010, 0x00404000, 0x20404000, 0x20000000,
141
    0x20004000, 0x00000010, 0x20400010, 0x00404000,
142
    0x20404010, 0x00400000, 0x00004010, 0x20000010,
143
    0x00400000, 0x20004000, 0x20000000, 0x00004010,
144
    0x20000010, 0x20404010, 0x00404000, 0x20400000,
145
    0x00404010, 0x20404000, 0x00000000, 0x20400010,
146
    0x00000010, 0x00004000, 0x20400000, 0x00404010,
147
    0x00004000, 0x00400010, 0x20004010, 0x00000000,
148
    0x20404000, 0x20000000, 0x00400010, 0x20004010
149
};
150
151
static const uint32_t SB7[64] =
152
{
153
    0x00200000, 0x04200002, 0x04000802, 0x00000000,
154
    0x00000800, 0x04000802, 0x00200802, 0x04200800,
155
    0x04200802, 0x00200000, 0x00000000, 0x04000002,
156
    0x00000002, 0x04000000, 0x04200002, 0x00000802,
157
    0x04000800, 0x00200802, 0x00200002, 0x04000800,
158
    0x04000002, 0x04200000, 0x04200800, 0x00200002,
159
    0x04200000, 0x00000800, 0x00000802, 0x04200802,
160
    0x00200800, 0x00000002, 0x04000000, 0x00200800,
161
    0x04000000, 0x00200800, 0x00200000, 0x04000802,
162
    0x04000802, 0x04200002, 0x04200002, 0x00000002,
163
    0x00200002, 0x04000000, 0x04000800, 0x00200000,
164
    0x04200800, 0x00000802, 0x00200802, 0x04200800,
165
    0x00000802, 0x04000002, 0x04200802, 0x04200000,
166
    0x00200800, 0x00000000, 0x00000002, 0x04200802,
167
    0x00000000, 0x00200802, 0x04200000, 0x00000800,
168
    0x04000002, 0x04000800, 0x00000800, 0x00200002
169
};
170
171
static const uint32_t SB8[64] =
172
{
173
    0x10001040, 0x00001000, 0x00040000, 0x10041040,
174
    0x10000000, 0x10001040, 0x00000040, 0x10000000,
175
    0x00040040, 0x10040000, 0x10041040, 0x00041000,
176
    0x10041000, 0x00041040, 0x00001000, 0x00000040,
177
    0x10040000, 0x10000040, 0x10001000, 0x00001040,
178
    0x00041000, 0x00040040, 0x10040040, 0x10041000,
179
    0x00001040, 0x00000000, 0x00000000, 0x10040040,
180
    0x10000040, 0x10001000, 0x00041040, 0x00040000,
181
    0x00041040, 0x00040000, 0x10041000, 0x00001000,
182
    0x00000040, 0x10040040, 0x00001000, 0x00041040,
183
    0x10001000, 0x00000040, 0x10000040, 0x10040000,
184
    0x10040040, 0x10000000, 0x00040000, 0x10001040,
185
    0x00000000, 0x10041040, 0x00040040, 0x10000040,
186
    0x10040000, 0x10001000, 0x10001040, 0x00000000,
187
    0x10041040, 0x00041000, 0x00041000, 0x00001040,
188
    0x00001040, 0x00040040, 0x10000000, 0x10041000
189
};
190
191
/*
192
 * PC1: left and right halves bit-swap
193
 */
194
static const uint32_t LHs[16] =
195
{
196
    0x00000000, 0x00000001, 0x00000100, 0x00000101,
197
    0x00010000, 0x00010001, 0x00010100, 0x00010101,
198
    0x01000000, 0x01000001, 0x01000100, 0x01000101,
199
    0x01010000, 0x01010001, 0x01010100, 0x01010101
200
};
201
202
static const uint32_t RHs[16] =
203
{
204
    0x00000000, 0x01000000, 0x00010000, 0x01010000,
205
    0x00000100, 0x01000100, 0x00010100, 0x01010100,
206
    0x00000001, 0x01000001, 0x00010001, 0x01010001,
207
    0x00000101, 0x01000101, 0x00010101, 0x01010101,
208
};
209
210
/*
211
 * Initial Permutation macro
212
 */
213
#define DES_IP(X, Y)                                                       \
214
12
    do                                                                    \
215
12
    {                                                                     \
216
12
        T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
217
12
        T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
218
12
        T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
219
12
        T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
220
12
        (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF;                    \
221
12
        T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T;                 \
222
12
        (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF;                    \
223
12
    } while (0)
224
225
/*
226
 * Final Permutation macro
227
 */
228
#define DES_FP(X, Y)                                                       \
229
12
    do                                                                    \
230
12
    {                                                                     \
231
12
        (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF;                    \
232
12
        T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T;                 \
233
12
        (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF;                    \
234
12
        T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
235
12
        T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
236
12
        T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
237
12
        T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
238
12
    } while (0)
239
240
/*
241
 * DES round macro
242
 */
243
#define DES_ROUND(X, Y)                              \
244
512
    do                                              \
245
512
    {                                               \
246
512
        T = *SK++ ^ (X);                            \
247
512
        (Y) ^= SB8[(T) & 0x3F] ^            \
248
512
               SB6[(T >>  8) & 0x3F] ^            \
249
512
               SB4[(T >> 16) & 0x3F] ^            \
250
512
               SB2[(T >> 24) & 0x3F];             \
251
512
                                                    \
252
512
        T = *SK++ ^ (((X) << 28) | ((X) >> 4));     \
253
512
        (Y) ^= SB7[(T) & 0x3F] ^            \
254
512
               SB5[(T >>  8) & 0x3F] ^            \
255
512
               SB3[(T >> 16) & 0x3F] ^            \
256
512
               SB1[(T >> 24) & 0x3F];             \
257
512
    } while (0)
258
259
#define SWAP(a, b)                                       \
260
112
    do                                                  \
261
112
    {                                                   \
262
112
        uint32_t t = (a); (a) = (b); (b) = t; t = 0;    \
263
112
    } while (0)
264
265
void mbedtls_des_init(mbedtls_des_context *ctx)
266
24
{
267
24
    memset(ctx, 0, sizeof(mbedtls_des_context));
268
24
}
269
270
void mbedtls_des_free(mbedtls_des_context *ctx)
271
24
{
272
24
    if (ctx == NULL) {
273
0
        return;
274
0
    }
275
276
24
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
277
24
}
278
279
void mbedtls_des3_init(mbedtls_des3_context *ctx)
280
41
{
281
41
    memset(ctx, 0, sizeof(mbedtls_des3_context));
282
41
}
283
284
void mbedtls_des3_free(mbedtls_des3_context *ctx)
285
41
{
286
41
    if (ctx == NULL) {
287
0
        return;
288
0
    }
289
290
41
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
291
41
}
292
293
static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
294
                                                     11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
295
                                                     35, 37, 38, 41, 42, 44,
296
                                                     47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
297
                                                     70, 73, 74, 76, 79, 81,
298
                                                     82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
299
                                                     104, 107, 109, 110, 112,
300
                                                     115, 117, 118, 121, 122, 124, 127, 128, 131,
301
                                                     133, 134, 137, 138, 140,
302
                                                     143, 145, 146, 148, 151, 152, 155, 157, 158,
303
                                                     161, 162, 164, 167, 168,
304
                                                     171, 173, 174, 176, 179, 181, 182, 185, 186,
305
                                                     188, 191, 193, 194, 196,
306
                                                     199, 200, 203, 205, 206, 208, 211, 213, 214,
307
                                                     217, 218, 220, 223, 224,
308
                                                     227, 229, 230, 233, 234, 236, 239, 241, 242,
309
                                                     244, 247, 248, 251, 253,
310
                                                     254 };
311
312
void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
313
0
{
314
0
    int i;
315
316
0
    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
317
0
        key[i] = odd_parity_table[key[i] / 2];
318
0
    }
319
0
}
320
321
/*
322
 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
323
 */
324
int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
325
0
{
326
0
    int i;
327
328
0
    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
329
0
        if (key[i] != odd_parity_table[key[i] / 2]) {
330
0
            return 1;
331
0
        }
332
0
    }
333
334
0
    return 0;
335
0
}
336
337
/*
338
 * Table of weak and semi-weak keys
339
 *
340
 * Source: http://en.wikipedia.org/wiki/Weak_key
341
 *
342
 * Weak:
343
 * Alternating ones + zeros (0x0101010101010101)
344
 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
345
 * '0xE0E0E0E0F1F1F1F1'
346
 * '0x1F1F1F1F0E0E0E0E'
347
 *
348
 * Semi-weak:
349
 * 0x011F011F010E010E and 0x1F011F010E010E01
350
 * 0x01E001E001F101F1 and 0xE001E001F101F101
351
 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
352
 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
353
 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
354
 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
355
 *
356
 */
357
358
0
#define WEAK_KEY_COUNT 16
359
360
static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
361
{
362
    { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
363
    { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
364
    { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
365
    { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
366
367
    { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
368
    { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
369
    { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
370
    { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
371
    { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
372
    { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
373
    { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
374
    { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
375
    { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
376
    { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
377
    { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
378
    { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
379
};
380
381
int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
382
0
{
383
0
    int i;
384
385
0
    for (i = 0; i < WEAK_KEY_COUNT; i++) {
386
0
        if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
387
0
            return 1;
388
0
        }
389
0
    }
390
391
0
    return 0;
392
0
}
393
394
#if !defined(MBEDTLS_DES_SETKEY_ALT)
395
void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE])
396
74
{
397
74
    int i;
398
74
    uint32_t X, Y, T;
399
400
74
    X = MBEDTLS_GET_UINT32_BE(key, 0);
401
74
    Y = MBEDTLS_GET_UINT32_BE(key, 4);
402
403
    /*
404
     * Permuted Choice 1
405
     */
406
74
    T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
407
74
    T =  ((Y) ^ X) & 0x10101010;  X ^= T; Y ^= (T);
408
409
74
    X =   (LHs[(X) & 0xF] << 3) | (LHs[(X >>  8) & 0xF] << 2)
410
74
        | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF])
411
74
        | (LHs[(X >>  5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6)
412
74
        | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4);
413
414
74
    Y =   (RHs[(Y >>  1) & 0xF] << 3) | (RHs[(Y >>  9) & 0xF] << 2)
415
74
        | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF])
416
74
        | (RHs[(Y >>  4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6)
417
74
        | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4);
418
419
74
    X &= 0x0FFFFFFF;
420
74
    Y &= 0x0FFFFFFF;
421
422
    /*
423
     * calculate subkeys
424
     */
425
1.25k
    for (i = 0; i < 16; i++) {
426
1.18k
        if (i < 2 || i == 8 || i == 15) {
427
296
            X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
428
296
            Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
429
888
        } else {
430
888
            X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
431
888
            Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
432
888
        }
433
434
1.18k
        *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
435
1.18k
                | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
436
1.18k
                | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
437
1.18k
                | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
438
1.18k
                | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
439
1.18k
                | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
440
1.18k
                | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
441
1.18k
                | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100)
442
1.18k
                | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
443
1.18k
                | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
444
1.18k
                | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
445
446
1.18k
        *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
447
1.18k
                | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
448
1.18k
                | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
449
1.18k
                | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
450
1.18k
                | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
451
1.18k
                | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
452
1.18k
                | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
453
1.18k
                | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
454
1.18k
                | ((Y) & 0x00000200) | ((Y <<  7) & 0x00000100)
455
1.18k
                | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
456
1.18k
                | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
457
1.18k
    }
458
74
}
459
#endif /* !MBEDTLS_DES_SETKEY_ALT */
460
461
/*
462
 * DES key schedule (56-bit, encryption)
463
 */
464
int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
465
2
{
466
2
    mbedtls_des_setkey(ctx->sk, key);
467
468
2
    return 0;
469
2
}
470
471
/*
472
 * DES key schedule (56-bit, decryption)
473
 */
474
int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
475
7
{
476
7
    int i;
477
478
7
    mbedtls_des_setkey(ctx->sk, key);
479
480
63
    for (i = 0; i < 16; i += 2) {
481
56
        SWAP(ctx->sk[i], ctx->sk[30 - i]);
482
56
        SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
483
56
    }
484
485
7
    return 0;
486
7
}
487
488
static void des3_set2key(uint32_t esk[96],
489
                         uint32_t dsk[96],
490
                         const unsigned char key[MBEDTLS_DES_KEY_SIZE*2])
491
19
{
492
19
    int i;
493
494
19
    mbedtls_des_setkey(esk, key);
495
19
    mbedtls_des_setkey(dsk + 32, key + 8);
496
497
323
    for (i = 0; i < 32; i += 2) {
498
304
        dsk[i] = esk[30 - i];
499
304
        dsk[i +  1] = esk[31 - i];
500
501
304
        esk[i + 32] = dsk[62 - i];
502
304
        esk[i + 33] = dsk[63 - i];
503
504
304
        esk[i + 64] = esk[i];
505
304
        esk[i + 65] = esk[i + 1];
506
507
304
        dsk[i + 64] = dsk[i];
508
304
        dsk[i + 65] = dsk[i + 1];
509
304
    }
510
19
}
511
512
/*
513
 * Triple-DES key schedule (112-bit, encryption)
514
 */
515
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
516
                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
517
13
{
518
13
    uint32_t sk[96];
519
520
13
    des3_set2key(ctx->sk, sk, key);
521
13
    mbedtls_platform_zeroize(sk,  sizeof(sk));
522
523
13
    return 0;
524
13
}
525
526
/*
527
 * Triple-DES key schedule (112-bit, decryption)
528
 */
529
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
530
                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
531
6
{
532
6
    uint32_t sk[96];
533
534
6
    des3_set2key(sk, ctx->sk, key);
535
6
    mbedtls_platform_zeroize(sk,  sizeof(sk));
536
537
6
    return 0;
538
6
}
539
540
static void des3_set3key(uint32_t esk[96],
541
                         uint32_t dsk[96],
542
                         const unsigned char key[24])
543
9
{
544
9
    int i;
545
546
9
    mbedtls_des_setkey(esk, key);
547
9
    mbedtls_des_setkey(dsk + 32, key +  8);
548
9
    mbedtls_des_setkey(esk + 64, key + 16);
549
550
153
    for (i = 0; i < 32; i += 2) {
551
144
        dsk[i] = esk[94 - i];
552
144
        dsk[i +  1] = esk[95 - i];
553
554
144
        esk[i + 32] = dsk[62 - i];
555
144
        esk[i + 33] = dsk[63 - i];
556
557
144
        dsk[i + 64] = esk[30 - i];
558
144
        dsk[i + 65] = esk[31 - i];
559
144
    }
560
9
}
561
562
/*
563
 * Triple-DES key schedule (168-bit, encryption)
564
 */
565
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
566
                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
567
3
{
568
3
    uint32_t sk[96];
569
570
3
    des3_set3key(ctx->sk, sk, key);
571
3
    mbedtls_platform_zeroize(sk,  sizeof(sk));
572
573
3
    return 0;
574
3
}
575
576
/*
577
 * Triple-DES key schedule (168-bit, decryption)
578
 */
579
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
580
                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
581
6
{
582
6
    uint32_t sk[96];
583
584
6
    des3_set3key(sk, ctx->sk, key);
585
6
    mbedtls_platform_zeroize(sk,  sizeof(sk));
586
587
6
    return 0;
588
6
}
589
590
/*
591
 * DES-ECB block encryption/decryption
592
 */
593
#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
594
int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
595
                          const unsigned char input[8],
596
                          unsigned char output[8])
597
2
{
598
2
    int i;
599
2
    uint32_t X, Y, T, *SK;
600
601
2
    SK = ctx->sk;
602
603
2
    X = MBEDTLS_GET_UINT32_BE(input, 0);
604
2
    Y = MBEDTLS_GET_UINT32_BE(input, 4);
605
606
2
    DES_IP(X, Y);
607
608
18
    for (i = 0; i < 8; i++) {
609
16
        DES_ROUND(Y, X);
610
16
        DES_ROUND(X, Y);
611
16
    }
612
613
2
    DES_FP(Y, X);
614
615
2
    MBEDTLS_PUT_UINT32_BE(Y, output, 0);
616
2
    MBEDTLS_PUT_UINT32_BE(X, output, 4);
617
618
2
    return 0;
619
2
}
620
#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
621
622
#if defined(MBEDTLS_CIPHER_MODE_CBC)
623
/*
624
 * DES-CBC buffer encryption/decryption
625
 */
626
int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
627
                          int mode,
628
                          size_t length,
629
                          unsigned char iv[8],
630
                          const unsigned char *input,
631
                          unsigned char *output)
632
2
{
633
2
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
634
2
    unsigned char temp[8];
635
636
2
    if (length % 8) {
637
0
        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
638
0
    }
639
640
2
    if (mode == MBEDTLS_DES_ENCRYPT) {
641
0
        while (length > 0) {
642
0
            mbedtls_xor(output, input, iv, 8);
643
644
0
            ret = mbedtls_des_crypt_ecb(ctx, output, output);
645
0
            if (ret != 0) {
646
0
                goto exit;
647
0
            }
648
0
            memcpy(iv, output, 8);
649
650
0
            input  += 8;
651
0
            output += 8;
652
0
            length -= 8;
653
0
        }
654
2
    } else { /* MBEDTLS_DES_DECRYPT */
655
4
        while (length > 0) {
656
2
            memcpy(temp, input, 8);
657
2
            ret = mbedtls_des_crypt_ecb(ctx, input, output);
658
2
            if (ret != 0) {
659
0
                goto exit;
660
0
            }
661
662
2
            mbedtls_xor(output, output, iv, 8);
663
664
2
            memcpy(iv, temp, 8);
665
666
2
            input  += 8;
667
2
            output += 8;
668
2
            length -= 8;
669
2
        }
670
2
    }
671
2
    ret = 0;
672
673
2
exit:
674
2
    return ret;
675
2
}
676
#endif /* MBEDTLS_CIPHER_MODE_CBC */
677
678
/*
679
 * 3DES-ECB block encryption/decryption
680
 */
681
#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
682
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
683
                           const unsigned char input[8],
684
                           unsigned char output[8])
685
10
{
686
10
    int i;
687
10
    uint32_t X, Y, T, *SK;
688
689
10
    SK = ctx->sk;
690
691
10
    X = MBEDTLS_GET_UINT32_BE(input, 0);
692
10
    Y = MBEDTLS_GET_UINT32_BE(input, 4);
693
694
10
    DES_IP(X, Y);
695
696
90
    for (i = 0; i < 8; i++) {
697
80
        DES_ROUND(Y, X);
698
80
        DES_ROUND(X, Y);
699
80
    }
700
701
90
    for (i = 0; i < 8; i++) {
702
80
        DES_ROUND(X, Y);
703
80
        DES_ROUND(Y, X);
704
80
    }
705
706
90
    for (i = 0; i < 8; i++) {
707
80
        DES_ROUND(Y, X);
708
80
        DES_ROUND(X, Y);
709
80
    }
710
711
10
    DES_FP(Y, X);
712
713
10
    MBEDTLS_PUT_UINT32_BE(Y, output, 0);
714
10
    MBEDTLS_PUT_UINT32_BE(X, output, 4);
715
716
10
    return 0;
717
10
}
718
#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
719
720
#if defined(MBEDTLS_CIPHER_MODE_CBC)
721
/*
722
 * 3DES-CBC buffer encryption/decryption
723
 */
724
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
725
                           int mode,
726
                           size_t length,
727
                           unsigned char iv[8],
728
                           const unsigned char *input,
729
                           unsigned char *output)
730
6
{
731
6
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
732
6
    unsigned char temp[8];
733
734
6
    if (length % 8) {
735
0
        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
736
0
    }
737
738
6
    if (mode == MBEDTLS_DES_ENCRYPT) {
739
0
        while (length > 0) {
740
0
            mbedtls_xor(output, input, iv, 8);
741
742
0
            ret = mbedtls_des3_crypt_ecb(ctx, output, output);
743
0
            if (ret != 0) {
744
0
                goto exit;
745
0
            }
746
0
            memcpy(iv, output, 8);
747
748
0
            input  += 8;
749
0
            output += 8;
750
0
            length -= 8;
751
0
        }
752
6
    } else { /* MBEDTLS_DES_DECRYPT */
753
12
        while (length > 0) {
754
6
            memcpy(temp, input, 8);
755
6
            ret = mbedtls_des3_crypt_ecb(ctx, input, output);
756
6
            if (ret != 0) {
757
0
                goto exit;
758
0
            }
759
760
6
            mbedtls_xor(output, output, iv, 8);
761
762
6
            memcpy(iv, temp, 8);
763
764
6
            input  += 8;
765
6
            output += 8;
766
6
            length -= 8;
767
6
        }
768
6
    }
769
6
    ret = 0;
770
771
6
exit:
772
6
    return ret;
773
6
}
774
#endif /* MBEDTLS_CIPHER_MODE_CBC */
775
776
#endif /* !MBEDTLS_DES_ALT */
777
778
#if defined(MBEDTLS_SELF_TEST)
779
/*
780
 * DES and 3DES test vectors from:
781
 *
782
 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
783
 */
784
static const unsigned char des3_test_keys[24] =
785
{
786
    0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
787
    0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
788
    0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
789
};
790
791
static const unsigned char des3_test_buf[8] =
792
{
793
    0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
794
};
795
796
static const unsigned char des3_test_ecb_dec[3][8] =
797
{
798
    { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 },
799
    { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 },
800
    { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D }
801
};
802
803
static const unsigned char des3_test_ecb_enc[3][8] =
804
{
805
    { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB },
806
    { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 },
807
    { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F }
808
};
809
810
#if defined(MBEDTLS_CIPHER_MODE_CBC)
811
static const unsigned char des3_test_iv[8] =
812
{
813
    0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
814
};
815
816
static const unsigned char des3_test_cbc_dec[3][8] =
817
{
818
    { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A },
819
    { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 },
820
    { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF }
821
};
822
823
static const unsigned char des3_test_cbc_enc[3][8] =
824
{
825
    { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D },
826
    { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 },
827
    { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 }
828
};
829
#endif /* MBEDTLS_CIPHER_MODE_CBC */
830
831
/*
832
 * Checkup routine
833
 */
834
int mbedtls_des_self_test(int verbose)
835
0
{
836
0
    int i, j, u, v, ret = 0;
837
0
    mbedtls_des_context ctx;
838
0
    mbedtls_des3_context ctx3;
839
0
    unsigned char buf[8];
840
0
#if defined(MBEDTLS_CIPHER_MODE_CBC)
841
0
    unsigned char prv[8];
842
0
    unsigned char iv[8];
843
0
#endif
844
845
0
    mbedtls_des_init(&ctx);
846
0
    mbedtls_des3_init(&ctx3);
847
    /*
848
     * ECB mode
849
     */
850
0
    for (i = 0; i < 6; i++) {
851
0
        u = i >> 1;
852
0
        v = i  & 1;
853
854
0
        if (verbose != 0) {
855
0
            mbedtls_printf("  DES%c-ECB-%3d (%s): ",
856
0
                           (u == 0) ? ' ' : '3', 56 + u * 56,
857
0
                           (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
858
0
        }
859
860
0
        memcpy(buf, des3_test_buf, 8);
861
862
0
        switch (i) {
863
0
            case 0:
864
0
                ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
865
0
                break;
866
867
0
            case 1:
868
0
                ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
869
0
                break;
870
871
0
            case 2:
872
0
                ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
873
0
                break;
874
875
0
            case 3:
876
0
                ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
877
0
                break;
878
879
0
            case 4:
880
0
                ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
881
0
                break;
882
883
0
            case 5:
884
0
                ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
885
0
                break;
886
887
0
            default:
888
0
                return 1;
889
0
        }
890
0
        if (ret != 0) {
891
0
            goto exit;
892
0
        }
893
894
0
        for (j = 0; j < 100; j++) {
895
0
            if (u == 0) {
896
0
                ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
897
0
            } else {
898
0
                ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
899
0
            }
900
0
            if (ret != 0) {
901
0
                goto exit;
902
0
            }
903
0
        }
904
905
0
        if ((v == MBEDTLS_DES_DECRYPT &&
906
0
             memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
907
0
            (v != MBEDTLS_DES_DECRYPT &&
908
0
             memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
909
0
            if (verbose != 0) {
910
0
                mbedtls_printf("failed\n");
911
0
            }
912
913
0
            ret = 1;
914
0
            goto exit;
915
0
        }
916
917
0
        if (verbose != 0) {
918
0
            mbedtls_printf("passed\n");
919
0
        }
920
0
    }
921
922
0
    if (verbose != 0) {
923
0
        mbedtls_printf("\n");
924
0
    }
925
926
0
#if defined(MBEDTLS_CIPHER_MODE_CBC)
927
    /*
928
     * CBC mode
929
     */
930
0
    for (i = 0; i < 6; i++) {
931
0
        u = i >> 1;
932
0
        v = i  & 1;
933
934
0
        if (verbose != 0) {
935
0
            mbedtls_printf("  DES%c-CBC-%3d (%s): ",
936
0
                           (u == 0) ? ' ' : '3', 56 + u * 56,
937
0
                           (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
938
0
        }
939
940
0
        memcpy(iv,  des3_test_iv,  8);
941
0
        memcpy(prv, des3_test_iv,  8);
942
0
        memcpy(buf, des3_test_buf, 8);
943
944
0
        switch (i) {
945
0
            case 0:
946
0
                ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
947
0
                break;
948
949
0
            case 1:
950
0
                ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
951
0
                break;
952
953
0
            case 2:
954
0
                ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
955
0
                break;
956
957
0
            case 3:
958
0
                ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
959
0
                break;
960
961
0
            case 4:
962
0
                ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
963
0
                break;
964
965
0
            case 5:
966
0
                ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
967
0
                break;
968
969
0
            default:
970
0
                return 1;
971
0
        }
972
0
        if (ret != 0) {
973
0
            goto exit;
974
0
        }
975
976
0
        if (v == MBEDTLS_DES_DECRYPT) {
977
0
            for (j = 0; j < 100; j++) {
978
0
                if (u == 0) {
979
0
                    ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
980
0
                } else {
981
0
                    ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
982
0
                }
983
0
                if (ret != 0) {
984
0
                    goto exit;
985
0
                }
986
0
            }
987
0
        } else {
988
0
            for (j = 0; j < 100; j++) {
989
0
                unsigned char tmp[8];
990
991
0
                if (u == 0) {
992
0
                    ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
993
0
                } else {
994
0
                    ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
995
0
                }
996
0
                if (ret != 0) {
997
0
                    goto exit;
998
0
                }
999
1000
0
                memcpy(tmp, prv, 8);
1001
0
                memcpy(prv, buf, 8);
1002
0
                memcpy(buf, tmp, 8);
1003
0
            }
1004
1005
0
            memcpy(buf, prv, 8);
1006
0
        }
1007
1008
0
        if ((v == MBEDTLS_DES_DECRYPT &&
1009
0
             memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
1010
0
            (v != MBEDTLS_DES_DECRYPT &&
1011
0
             memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
1012
0
            if (verbose != 0) {
1013
0
                mbedtls_printf("failed\n");
1014
0
            }
1015
1016
0
            ret = 1;
1017
0
            goto exit;
1018
0
        }
1019
1020
0
        if (verbose != 0) {
1021
0
            mbedtls_printf("passed\n");
1022
0
        }
1023
0
    }
1024
0
#endif /* MBEDTLS_CIPHER_MODE_CBC */
1025
1026
0
    if (verbose != 0) {
1027
0
        mbedtls_printf("\n");
1028
0
    }
1029
1030
0
exit:
1031
0
    mbedtls_des_free(&ctx);
1032
0
    mbedtls_des3_free(&ctx3);
1033
1034
0
    if (ret != 0) {
1035
0
        ret = 1;
1036
0
    }
1037
0
    return ret;
1038
0
}
1039
1040
#endif /* MBEDTLS_SELF_TEST */
1041
1042
#endif /* MBEDTLS_DES_C */