/work/mbedtls-2.28.8/library/des.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * FIPS-46-3 compliant Triple-DES implementation |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
6 | | */ |
7 | | /* |
8 | | * DES, on which TDES is based, was originally designed by Horst Feistel |
9 | | * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). |
10 | | * |
11 | | * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf |
12 | | */ |
13 | | |
14 | | #include "common.h" |
15 | | |
16 | | #if defined(MBEDTLS_DES_C) |
17 | | |
18 | | #include "mbedtls/des.h" |
19 | | #include "mbedtls/error.h" |
20 | | #include "mbedtls/platform_util.h" |
21 | | |
22 | | #include <string.h> |
23 | | |
24 | | #include "mbedtls/platform.h" |
25 | | |
26 | | #if !defined(MBEDTLS_DES_ALT) |
27 | | |
28 | | /* |
29 | | * Expanded DES S-boxes |
30 | | */ |
31 | | static const uint32_t SB1[64] = |
32 | | { |
33 | | 0x01010400, 0x00000000, 0x00010000, 0x01010404, |
34 | | 0x01010004, 0x00010404, 0x00000004, 0x00010000, |
35 | | 0x00000400, 0x01010400, 0x01010404, 0x00000400, |
36 | | 0x01000404, 0x01010004, 0x01000000, 0x00000004, |
37 | | 0x00000404, 0x01000400, 0x01000400, 0x00010400, |
38 | | 0x00010400, 0x01010000, 0x01010000, 0x01000404, |
39 | | 0x00010004, 0x01000004, 0x01000004, 0x00010004, |
40 | | 0x00000000, 0x00000404, 0x00010404, 0x01000000, |
41 | | 0x00010000, 0x01010404, 0x00000004, 0x01010000, |
42 | | 0x01010400, 0x01000000, 0x01000000, 0x00000400, |
43 | | 0x01010004, 0x00010000, 0x00010400, 0x01000004, |
44 | | 0x00000400, 0x00000004, 0x01000404, 0x00010404, |
45 | | 0x01010404, 0x00010004, 0x01010000, 0x01000404, |
46 | | 0x01000004, 0x00000404, 0x00010404, 0x01010400, |
47 | | 0x00000404, 0x01000400, 0x01000400, 0x00000000, |
48 | | 0x00010004, 0x00010400, 0x00000000, 0x01010004 |
49 | | }; |
50 | | |
51 | | static const uint32_t SB2[64] = |
52 | | { |
53 | | 0x80108020, 0x80008000, 0x00008000, 0x00108020, |
54 | | 0x00100000, 0x00000020, 0x80100020, 0x80008020, |
55 | | 0x80000020, 0x80108020, 0x80108000, 0x80000000, |
56 | | 0x80008000, 0x00100000, 0x00000020, 0x80100020, |
57 | | 0x00108000, 0x00100020, 0x80008020, 0x00000000, |
58 | | 0x80000000, 0x00008000, 0x00108020, 0x80100000, |
59 | | 0x00100020, 0x80000020, 0x00000000, 0x00108000, |
60 | | 0x00008020, 0x80108000, 0x80100000, 0x00008020, |
61 | | 0x00000000, 0x00108020, 0x80100020, 0x00100000, |
62 | | 0x80008020, 0x80100000, 0x80108000, 0x00008000, |
63 | | 0x80100000, 0x80008000, 0x00000020, 0x80108020, |
64 | | 0x00108020, 0x00000020, 0x00008000, 0x80000000, |
65 | | 0x00008020, 0x80108000, 0x00100000, 0x80000020, |
66 | | 0x00100020, 0x80008020, 0x80000020, 0x00100020, |
67 | | 0x00108000, 0x00000000, 0x80008000, 0x00008020, |
68 | | 0x80000000, 0x80100020, 0x80108020, 0x00108000 |
69 | | }; |
70 | | |
71 | | static const uint32_t SB3[64] = |
72 | | { |
73 | | 0x00000208, 0x08020200, 0x00000000, 0x08020008, |
74 | | 0x08000200, 0x00000000, 0x00020208, 0x08000200, |
75 | | 0x00020008, 0x08000008, 0x08000008, 0x00020000, |
76 | | 0x08020208, 0x00020008, 0x08020000, 0x00000208, |
77 | | 0x08000000, 0x00000008, 0x08020200, 0x00000200, |
78 | | 0x00020200, 0x08020000, 0x08020008, 0x00020208, |
79 | | 0x08000208, 0x00020200, 0x00020000, 0x08000208, |
80 | | 0x00000008, 0x08020208, 0x00000200, 0x08000000, |
81 | | 0x08020200, 0x08000000, 0x00020008, 0x00000208, |
82 | | 0x00020000, 0x08020200, 0x08000200, 0x00000000, |
83 | | 0x00000200, 0x00020008, 0x08020208, 0x08000200, |
84 | | 0x08000008, 0x00000200, 0x00000000, 0x08020008, |
85 | | 0x08000208, 0x00020000, 0x08000000, 0x08020208, |
86 | | 0x00000008, 0x00020208, 0x00020200, 0x08000008, |
87 | | 0x08020000, 0x08000208, 0x00000208, 0x08020000, |
88 | | 0x00020208, 0x00000008, 0x08020008, 0x00020200 |
89 | | }; |
90 | | |
91 | | static const uint32_t SB4[64] = |
92 | | { |
93 | | 0x00802001, 0x00002081, 0x00002081, 0x00000080, |
94 | | 0x00802080, 0x00800081, 0x00800001, 0x00002001, |
95 | | 0x00000000, 0x00802000, 0x00802000, 0x00802081, |
96 | | 0x00000081, 0x00000000, 0x00800080, 0x00800001, |
97 | | 0x00000001, 0x00002000, 0x00800000, 0x00802001, |
98 | | 0x00000080, 0x00800000, 0x00002001, 0x00002080, |
99 | | 0x00800081, 0x00000001, 0x00002080, 0x00800080, |
100 | | 0x00002000, 0x00802080, 0x00802081, 0x00000081, |
101 | | 0x00800080, 0x00800001, 0x00802000, 0x00802081, |
102 | | 0x00000081, 0x00000000, 0x00000000, 0x00802000, |
103 | | 0x00002080, 0x00800080, 0x00800081, 0x00000001, |
104 | | 0x00802001, 0x00002081, 0x00002081, 0x00000080, |
105 | | 0x00802081, 0x00000081, 0x00000001, 0x00002000, |
106 | | 0x00800001, 0x00002001, 0x00802080, 0x00800081, |
107 | | 0x00002001, 0x00002080, 0x00800000, 0x00802001, |
108 | | 0x00000080, 0x00800000, 0x00002000, 0x00802080 |
109 | | }; |
110 | | |
111 | | static const uint32_t SB5[64] = |
112 | | { |
113 | | 0x00000100, 0x02080100, 0x02080000, 0x42000100, |
114 | | 0x00080000, 0x00000100, 0x40000000, 0x02080000, |
115 | | 0x40080100, 0x00080000, 0x02000100, 0x40080100, |
116 | | 0x42000100, 0x42080000, 0x00080100, 0x40000000, |
117 | | 0x02000000, 0x40080000, 0x40080000, 0x00000000, |
118 | | 0x40000100, 0x42080100, 0x42080100, 0x02000100, |
119 | | 0x42080000, 0x40000100, 0x00000000, 0x42000000, |
120 | | 0x02080100, 0x02000000, 0x42000000, 0x00080100, |
121 | | 0x00080000, 0x42000100, 0x00000100, 0x02000000, |
122 | | 0x40000000, 0x02080000, 0x42000100, 0x40080100, |
123 | | 0x02000100, 0x40000000, 0x42080000, 0x02080100, |
124 | | 0x40080100, 0x00000100, 0x02000000, 0x42080000, |
125 | | 0x42080100, 0x00080100, 0x42000000, 0x42080100, |
126 | | 0x02080000, 0x00000000, 0x40080000, 0x42000000, |
127 | | 0x00080100, 0x02000100, 0x40000100, 0x00080000, |
128 | | 0x00000000, 0x40080000, 0x02080100, 0x40000100 |
129 | | }; |
130 | | |
131 | | static const uint32_t SB6[64] = |
132 | | { |
133 | | 0x20000010, 0x20400000, 0x00004000, 0x20404010, |
134 | | 0x20400000, 0x00000010, 0x20404010, 0x00400000, |
135 | | 0x20004000, 0x00404010, 0x00400000, 0x20000010, |
136 | | 0x00400010, 0x20004000, 0x20000000, 0x00004010, |
137 | | 0x00000000, 0x00400010, 0x20004010, 0x00004000, |
138 | | 0x00404000, 0x20004010, 0x00000010, 0x20400010, |
139 | | 0x20400010, 0x00000000, 0x00404010, 0x20404000, |
140 | | 0x00004010, 0x00404000, 0x20404000, 0x20000000, |
141 | | 0x20004000, 0x00000010, 0x20400010, 0x00404000, |
142 | | 0x20404010, 0x00400000, 0x00004010, 0x20000010, |
143 | | 0x00400000, 0x20004000, 0x20000000, 0x00004010, |
144 | | 0x20000010, 0x20404010, 0x00404000, 0x20400000, |
145 | | 0x00404010, 0x20404000, 0x00000000, 0x20400010, |
146 | | 0x00000010, 0x00004000, 0x20400000, 0x00404010, |
147 | | 0x00004000, 0x00400010, 0x20004010, 0x00000000, |
148 | | 0x20404000, 0x20000000, 0x00400010, 0x20004010 |
149 | | }; |
150 | | |
151 | | static const uint32_t SB7[64] = |
152 | | { |
153 | | 0x00200000, 0x04200002, 0x04000802, 0x00000000, |
154 | | 0x00000800, 0x04000802, 0x00200802, 0x04200800, |
155 | | 0x04200802, 0x00200000, 0x00000000, 0x04000002, |
156 | | 0x00000002, 0x04000000, 0x04200002, 0x00000802, |
157 | | 0x04000800, 0x00200802, 0x00200002, 0x04000800, |
158 | | 0x04000002, 0x04200000, 0x04200800, 0x00200002, |
159 | | 0x04200000, 0x00000800, 0x00000802, 0x04200802, |
160 | | 0x00200800, 0x00000002, 0x04000000, 0x00200800, |
161 | | 0x04000000, 0x00200800, 0x00200000, 0x04000802, |
162 | | 0x04000802, 0x04200002, 0x04200002, 0x00000002, |
163 | | 0x00200002, 0x04000000, 0x04000800, 0x00200000, |
164 | | 0x04200800, 0x00000802, 0x00200802, 0x04200800, |
165 | | 0x00000802, 0x04000002, 0x04200802, 0x04200000, |
166 | | 0x00200800, 0x00000000, 0x00000002, 0x04200802, |
167 | | 0x00000000, 0x00200802, 0x04200000, 0x00000800, |
168 | | 0x04000002, 0x04000800, 0x00000800, 0x00200002 |
169 | | }; |
170 | | |
171 | | static const uint32_t SB8[64] = |
172 | | { |
173 | | 0x10001040, 0x00001000, 0x00040000, 0x10041040, |
174 | | 0x10000000, 0x10001040, 0x00000040, 0x10000000, |
175 | | 0x00040040, 0x10040000, 0x10041040, 0x00041000, |
176 | | 0x10041000, 0x00041040, 0x00001000, 0x00000040, |
177 | | 0x10040000, 0x10000040, 0x10001000, 0x00001040, |
178 | | 0x00041000, 0x00040040, 0x10040040, 0x10041000, |
179 | | 0x00001040, 0x00000000, 0x00000000, 0x10040040, |
180 | | 0x10000040, 0x10001000, 0x00041040, 0x00040000, |
181 | | 0x00041040, 0x00040000, 0x10041000, 0x00001000, |
182 | | 0x00000040, 0x10040040, 0x00001000, 0x00041040, |
183 | | 0x10001000, 0x00000040, 0x10000040, 0x10040000, |
184 | | 0x10040040, 0x10000000, 0x00040000, 0x10001040, |
185 | | 0x00000000, 0x10041040, 0x00040040, 0x10000040, |
186 | | 0x10040000, 0x10001000, 0x10001040, 0x00000000, |
187 | | 0x10041040, 0x00041000, 0x00041000, 0x00001040, |
188 | | 0x00001040, 0x00040040, 0x10000000, 0x10041000 |
189 | | }; |
190 | | |
191 | | /* |
192 | | * PC1: left and right halves bit-swap |
193 | | */ |
194 | | static const uint32_t LHs[16] = |
195 | | { |
196 | | 0x00000000, 0x00000001, 0x00000100, 0x00000101, |
197 | | 0x00010000, 0x00010001, 0x00010100, 0x00010101, |
198 | | 0x01000000, 0x01000001, 0x01000100, 0x01000101, |
199 | | 0x01010000, 0x01010001, 0x01010100, 0x01010101 |
200 | | }; |
201 | | |
202 | | static const uint32_t RHs[16] = |
203 | | { |
204 | | 0x00000000, 0x01000000, 0x00010000, 0x01010000, |
205 | | 0x00000100, 0x01000100, 0x00010100, 0x01010100, |
206 | | 0x00000001, 0x01000001, 0x00010001, 0x01010001, |
207 | | 0x00000101, 0x01000101, 0x00010101, 0x01010101, |
208 | | }; |
209 | | |
210 | | /* |
211 | | * Initial Permutation macro |
212 | | */ |
213 | | #define DES_IP(X, Y) \ |
214 | 0 | do \ |
215 | 0 | { \ |
216 | 0 | T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ |
217 | 0 | T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \ |
218 | 0 | T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \ |
219 | 0 | T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \ |
220 | 0 | (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \ |
221 | 0 | T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \ |
222 | 0 | (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \ |
223 | 0 | } while (0) |
224 | | |
225 | | /* |
226 | | * Final Permutation macro |
227 | | */ |
228 | | #define DES_FP(X, Y) \ |
229 | 0 | do \ |
230 | 0 | { \ |
231 | 0 | (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \ |
232 | 0 | T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T; \ |
233 | 0 | (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF; \ |
234 | 0 | T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \ |
235 | 0 | T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \ |
236 | 0 | T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \ |
237 | 0 | T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \ |
238 | 0 | } while (0) |
239 | | |
240 | | /* |
241 | | * DES round macro |
242 | | */ |
243 | | #define DES_ROUND(X, Y) \ |
244 | 0 | do \ |
245 | 0 | { \ |
246 | 0 | T = *SK++ ^ (X); \ |
247 | 0 | (Y) ^= SB8[(T) & 0x3F] ^ \ |
248 | 0 | SB6[(T >> 8) & 0x3F] ^ \ |
249 | 0 | SB4[(T >> 16) & 0x3F] ^ \ |
250 | 0 | SB2[(T >> 24) & 0x3F]; \ |
251 | 0 | \ |
252 | 0 | T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \ |
253 | 0 | (Y) ^= SB7[(T) & 0x3F] ^ \ |
254 | 0 | SB5[(T >> 8) & 0x3F] ^ \ |
255 | 0 | SB3[(T >> 16) & 0x3F] ^ \ |
256 | 0 | SB1[(T >> 24) & 0x3F]; \ |
257 | 0 | } while (0) |
258 | | |
259 | | #define SWAP(a, b) \ |
260 | 0 | do \ |
261 | 0 | { \ |
262 | 0 | uint32_t t = (a); (a) = (b); (b) = t; t = 0; \ |
263 | 0 | } while (0) |
264 | | |
265 | | void mbedtls_des_init(mbedtls_des_context *ctx) |
266 | 0 | { |
267 | 0 | memset(ctx, 0, sizeof(mbedtls_des_context)); |
268 | 0 | } |
269 | | |
270 | | void mbedtls_des_free(mbedtls_des_context *ctx) |
271 | 0 | { |
272 | 0 | if (ctx == NULL) { |
273 | 0 | return; |
274 | 0 | } |
275 | | |
276 | 0 | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context)); |
277 | 0 | } |
278 | | |
279 | | void mbedtls_des3_init(mbedtls_des3_context *ctx) |
280 | 0 | { |
281 | 0 | memset(ctx, 0, sizeof(mbedtls_des3_context)); |
282 | 0 | } |
283 | | |
284 | | void mbedtls_des3_free(mbedtls_des3_context *ctx) |
285 | 0 | { |
286 | 0 | if (ctx == NULL) { |
287 | 0 | return; |
288 | 0 | } |
289 | | |
290 | 0 | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context)); |
291 | 0 | } |
292 | | |
293 | | static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, |
294 | | 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, |
295 | | 35, 37, 38, 41, 42, 44, |
296 | | 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, |
297 | | 70, 73, 74, 76, 79, 81, |
298 | | 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, |
299 | | 104, 107, 109, 110, 112, |
300 | | 115, 117, 118, 121, 122, 124, 127, 128, 131, |
301 | | 133, 134, 137, 138, 140, |
302 | | 143, 145, 146, 148, 151, 152, 155, 157, 158, |
303 | | 161, 162, 164, 167, 168, |
304 | | 171, 173, 174, 176, 179, 181, 182, 185, 186, |
305 | | 188, 191, 193, 194, 196, |
306 | | 199, 200, 203, 205, 206, 208, 211, 213, 214, |
307 | | 217, 218, 220, 223, 224, |
308 | | 227, 229, 230, 233, 234, 236, 239, 241, 242, |
309 | | 244, 247, 248, 251, 253, |
310 | | 254 }; |
311 | | |
312 | | void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
313 | 0 | { |
314 | 0 | int i; |
315 | |
|
316 | 0 | for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) { |
317 | 0 | key[i] = odd_parity_table[key[i] / 2]; |
318 | 0 | } |
319 | 0 | } |
320 | | |
321 | | /* |
322 | | * Check the given key's parity, returns 1 on failure, 0 on SUCCESS |
323 | | */ |
324 | | int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
325 | 0 | { |
326 | 0 | int i; |
327 | |
|
328 | 0 | for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) { |
329 | 0 | if (key[i] != odd_parity_table[key[i] / 2]) { |
330 | 0 | return 1; |
331 | 0 | } |
332 | 0 | } |
333 | | |
334 | 0 | return 0; |
335 | 0 | } |
336 | | |
337 | | /* |
338 | | * Table of weak and semi-weak keys |
339 | | * |
340 | | * Source: http://en.wikipedia.org/wiki/Weak_key |
341 | | * |
342 | | * Weak: |
343 | | * Alternating ones + zeros (0x0101010101010101) |
344 | | * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) |
345 | | * '0xE0E0E0E0F1F1F1F1' |
346 | | * '0x1F1F1F1F0E0E0E0E' |
347 | | * |
348 | | * Semi-weak: |
349 | | * 0x011F011F010E010E and 0x1F011F010E010E01 |
350 | | * 0x01E001E001F101F1 and 0xE001E001F101F101 |
351 | | * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 |
352 | | * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E |
353 | | * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E |
354 | | * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 |
355 | | * |
356 | | */ |
357 | | |
358 | 0 | #define WEAK_KEY_COUNT 16 |
359 | | |
360 | | static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = |
361 | | { |
362 | | { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, |
363 | | { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, |
364 | | { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, |
365 | | { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, |
366 | | |
367 | | { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, |
368 | | { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, |
369 | | { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, |
370 | | { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, |
371 | | { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, |
372 | | { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, |
373 | | { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, |
374 | | { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, |
375 | | { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, |
376 | | { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, |
377 | | { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, |
378 | | { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } |
379 | | }; |
380 | | |
381 | | int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
382 | 0 | { |
383 | 0 | int i; |
384 | |
|
385 | 0 | for (i = 0; i < WEAK_KEY_COUNT; i++) { |
386 | 0 | if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) { |
387 | 0 | return 1; |
388 | 0 | } |
389 | 0 | } |
390 | | |
391 | 0 | return 0; |
392 | 0 | } |
393 | | |
394 | | #if !defined(MBEDTLS_DES_SETKEY_ALT) |
395 | | void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
396 | 0 | { |
397 | 0 | int i; |
398 | 0 | uint32_t X, Y, T; |
399 | |
|
400 | 0 | X = MBEDTLS_GET_UINT32_BE(key, 0); |
401 | 0 | Y = MBEDTLS_GET_UINT32_BE(key, 4); |
402 | | |
403 | | /* |
404 | | * Permuted Choice 1 |
405 | | */ |
406 | 0 | T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); |
407 | 0 | T = ((Y) ^ X) & 0x10101010; X ^= T; Y ^= (T); |
408 | |
|
409 | 0 | X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF] << 2) |
410 | 0 | | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF]) |
411 | 0 | | (LHs[(X >> 5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6) |
412 | 0 | | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4); |
413 | |
|
414 | 0 | Y = (RHs[(Y >> 1) & 0xF] << 3) | (RHs[(Y >> 9) & 0xF] << 2) |
415 | 0 | | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF]) |
416 | 0 | | (RHs[(Y >> 4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6) |
417 | 0 | | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4); |
418 | |
|
419 | 0 | X &= 0x0FFFFFFF; |
420 | 0 | Y &= 0x0FFFFFFF; |
421 | | |
422 | | /* |
423 | | * calculate subkeys |
424 | | */ |
425 | 0 | for (i = 0; i < 16; i++) { |
426 | 0 | if (i < 2 || i == 8 || i == 15) { |
427 | 0 | X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; |
428 | 0 | Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; |
429 | 0 | } else { |
430 | 0 | X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; |
431 | 0 | Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; |
432 | 0 | } |
433 | |
|
434 | 0 | *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) |
435 | 0 | | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) |
436 | 0 | | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) |
437 | 0 | | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) |
438 | 0 | | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) |
439 | 0 | | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) |
440 | 0 | | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) |
441 | 0 | | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100) |
442 | 0 | | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) |
443 | 0 | | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) |
444 | 0 | | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); |
445 | |
|
446 | 0 | *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) |
447 | 0 | | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) |
448 | 0 | | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) |
449 | 0 | | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) |
450 | 0 | | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) |
451 | 0 | | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) |
452 | 0 | | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) |
453 | 0 | | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) |
454 | 0 | | ((Y) & 0x00000200) | ((Y << 7) & 0x00000100) |
455 | 0 | | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) |
456 | 0 | | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); |
457 | 0 | } |
458 | 0 | } |
459 | | #endif /* !MBEDTLS_DES_SETKEY_ALT */ |
460 | | |
461 | | /* |
462 | | * DES key schedule (56-bit, encryption) |
463 | | */ |
464 | | int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
465 | 0 | { |
466 | 0 | mbedtls_des_setkey(ctx->sk, key); |
467 | |
|
468 | 0 | return 0; |
469 | 0 | } |
470 | | |
471 | | /* |
472 | | * DES key schedule (56-bit, decryption) |
473 | | */ |
474 | | int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) |
475 | 0 | { |
476 | 0 | int i; |
477 | |
|
478 | 0 | mbedtls_des_setkey(ctx->sk, key); |
479 | |
|
480 | 0 | for (i = 0; i < 16; i += 2) { |
481 | 0 | SWAP(ctx->sk[i], ctx->sk[30 - i]); |
482 | 0 | SWAP(ctx->sk[i + 1], ctx->sk[31 - i]); |
483 | 0 | } |
484 | |
|
485 | 0 | return 0; |
486 | 0 | } |
487 | | |
488 | | static void des3_set2key(uint32_t esk[96], |
489 | | uint32_t dsk[96], |
490 | | const unsigned char key[MBEDTLS_DES_KEY_SIZE*2]) |
491 | 0 | { |
492 | 0 | int i; |
493 | |
|
494 | 0 | mbedtls_des_setkey(esk, key); |
495 | 0 | mbedtls_des_setkey(dsk + 32, key + 8); |
496 | |
|
497 | 0 | for (i = 0; i < 32; i += 2) { |
498 | 0 | dsk[i] = esk[30 - i]; |
499 | 0 | dsk[i + 1] = esk[31 - i]; |
500 | |
|
501 | 0 | esk[i + 32] = dsk[62 - i]; |
502 | 0 | esk[i + 33] = dsk[63 - i]; |
503 | |
|
504 | 0 | esk[i + 64] = esk[i]; |
505 | 0 | esk[i + 65] = esk[i + 1]; |
506 | |
|
507 | 0 | dsk[i + 64] = dsk[i]; |
508 | 0 | dsk[i + 65] = dsk[i + 1]; |
509 | 0 | } |
510 | 0 | } |
511 | | |
512 | | /* |
513 | | * Triple-DES key schedule (112-bit, encryption) |
514 | | */ |
515 | | int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, |
516 | | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) |
517 | 0 | { |
518 | 0 | uint32_t sk[96]; |
519 | |
|
520 | 0 | des3_set2key(ctx->sk, sk, key); |
521 | 0 | mbedtls_platform_zeroize(sk, sizeof(sk)); |
522 | |
|
523 | 0 | return 0; |
524 | 0 | } |
525 | | |
526 | | /* |
527 | | * Triple-DES key schedule (112-bit, decryption) |
528 | | */ |
529 | | int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, |
530 | | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) |
531 | 0 | { |
532 | 0 | uint32_t sk[96]; |
533 | |
|
534 | 0 | des3_set2key(sk, ctx->sk, key); |
535 | 0 | mbedtls_platform_zeroize(sk, sizeof(sk)); |
536 | |
|
537 | 0 | return 0; |
538 | 0 | } |
539 | | |
540 | | static void des3_set3key(uint32_t esk[96], |
541 | | uint32_t dsk[96], |
542 | | const unsigned char key[24]) |
543 | 0 | { |
544 | 0 | int i; |
545 | |
|
546 | 0 | mbedtls_des_setkey(esk, key); |
547 | 0 | mbedtls_des_setkey(dsk + 32, key + 8); |
548 | 0 | mbedtls_des_setkey(esk + 64, key + 16); |
549 | |
|
550 | 0 | for (i = 0; i < 32; i += 2) { |
551 | 0 | dsk[i] = esk[94 - i]; |
552 | 0 | dsk[i + 1] = esk[95 - i]; |
553 | |
|
554 | 0 | esk[i + 32] = dsk[62 - i]; |
555 | 0 | esk[i + 33] = dsk[63 - i]; |
556 | |
|
557 | 0 | dsk[i + 64] = esk[30 - i]; |
558 | 0 | dsk[i + 65] = esk[31 - i]; |
559 | 0 | } |
560 | 0 | } |
561 | | |
562 | | /* |
563 | | * Triple-DES key schedule (168-bit, encryption) |
564 | | */ |
565 | | int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, |
566 | | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) |
567 | 0 | { |
568 | 0 | uint32_t sk[96]; |
569 | |
|
570 | 0 | des3_set3key(ctx->sk, sk, key); |
571 | 0 | mbedtls_platform_zeroize(sk, sizeof(sk)); |
572 | |
|
573 | 0 | return 0; |
574 | 0 | } |
575 | | |
576 | | /* |
577 | | * Triple-DES key schedule (168-bit, decryption) |
578 | | */ |
579 | | int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, |
580 | | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) |
581 | 0 | { |
582 | 0 | uint32_t sk[96]; |
583 | |
|
584 | 0 | des3_set3key(sk, ctx->sk, key); |
585 | 0 | mbedtls_platform_zeroize(sk, sizeof(sk)); |
586 | |
|
587 | 0 | return 0; |
588 | 0 | } |
589 | | |
590 | | /* |
591 | | * DES-ECB block encryption/decryption |
592 | | */ |
593 | | #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) |
594 | | int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, |
595 | | const unsigned char input[8], |
596 | | unsigned char output[8]) |
597 | 0 | { |
598 | 0 | int i; |
599 | 0 | uint32_t X, Y, T, *SK; |
600 | |
|
601 | 0 | SK = ctx->sk; |
602 | |
|
603 | 0 | X = MBEDTLS_GET_UINT32_BE(input, 0); |
604 | 0 | Y = MBEDTLS_GET_UINT32_BE(input, 4); |
605 | |
|
606 | 0 | DES_IP(X, Y); |
607 | |
|
608 | 0 | for (i = 0; i < 8; i++) { |
609 | 0 | DES_ROUND(Y, X); |
610 | 0 | DES_ROUND(X, Y); |
611 | 0 | } |
612 | |
|
613 | 0 | DES_FP(Y, X); |
614 | |
|
615 | 0 | MBEDTLS_PUT_UINT32_BE(Y, output, 0); |
616 | 0 | MBEDTLS_PUT_UINT32_BE(X, output, 4); |
617 | |
|
618 | 0 | return 0; |
619 | 0 | } |
620 | | #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ |
621 | | |
622 | | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
623 | | /* |
624 | | * DES-CBC buffer encryption/decryption |
625 | | */ |
626 | | int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, |
627 | | int mode, |
628 | | size_t length, |
629 | | unsigned char iv[8], |
630 | | const unsigned char *input, |
631 | | unsigned char *output) |
632 | 0 | { |
633 | 0 | int i; |
634 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
635 | 0 | unsigned char temp[8]; |
636 | |
|
637 | 0 | if (length % 8) { |
638 | 0 | return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH; |
639 | 0 | } |
640 | | |
641 | 0 | if (mode == MBEDTLS_DES_ENCRYPT) { |
642 | 0 | while (length > 0) { |
643 | 0 | for (i = 0; i < 8; i++) { |
644 | 0 | output[i] = (unsigned char) (input[i] ^ iv[i]); |
645 | 0 | } |
646 | |
|
647 | 0 | ret = mbedtls_des_crypt_ecb(ctx, output, output); |
648 | 0 | if (ret != 0) { |
649 | 0 | goto exit; |
650 | 0 | } |
651 | 0 | memcpy(iv, output, 8); |
652 | |
|
653 | 0 | input += 8; |
654 | 0 | output += 8; |
655 | 0 | length -= 8; |
656 | 0 | } |
657 | 0 | } else { /* MBEDTLS_DES_DECRYPT */ |
658 | 0 | while (length > 0) { |
659 | 0 | memcpy(temp, input, 8); |
660 | 0 | ret = mbedtls_des_crypt_ecb(ctx, input, output); |
661 | 0 | if (ret != 0) { |
662 | 0 | goto exit; |
663 | 0 | } |
664 | | |
665 | 0 | for (i = 0; i < 8; i++) { |
666 | 0 | output[i] = (unsigned char) (output[i] ^ iv[i]); |
667 | 0 | } |
668 | |
|
669 | 0 | memcpy(iv, temp, 8); |
670 | |
|
671 | 0 | input += 8; |
672 | 0 | output += 8; |
673 | 0 | length -= 8; |
674 | 0 | } |
675 | 0 | } |
676 | 0 | ret = 0; |
677 | |
|
678 | 0 | exit: |
679 | 0 | return ret; |
680 | 0 | } |
681 | | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
682 | | |
683 | | /* |
684 | | * 3DES-ECB block encryption/decryption |
685 | | */ |
686 | | #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) |
687 | | int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, |
688 | | const unsigned char input[8], |
689 | | unsigned char output[8]) |
690 | 0 | { |
691 | 0 | int i; |
692 | 0 | uint32_t X, Y, T, *SK; |
693 | |
|
694 | 0 | SK = ctx->sk; |
695 | |
|
696 | 0 | X = MBEDTLS_GET_UINT32_BE(input, 0); |
697 | 0 | Y = MBEDTLS_GET_UINT32_BE(input, 4); |
698 | |
|
699 | 0 | DES_IP(X, Y); |
700 | |
|
701 | 0 | for (i = 0; i < 8; i++) { |
702 | 0 | DES_ROUND(Y, X); |
703 | 0 | DES_ROUND(X, Y); |
704 | 0 | } |
705 | |
|
706 | 0 | for (i = 0; i < 8; i++) { |
707 | 0 | DES_ROUND(X, Y); |
708 | 0 | DES_ROUND(Y, X); |
709 | 0 | } |
710 | |
|
711 | 0 | for (i = 0; i < 8; i++) { |
712 | 0 | DES_ROUND(Y, X); |
713 | 0 | DES_ROUND(X, Y); |
714 | 0 | } |
715 | |
|
716 | 0 | DES_FP(Y, X); |
717 | |
|
718 | 0 | MBEDTLS_PUT_UINT32_BE(Y, output, 0); |
719 | 0 | MBEDTLS_PUT_UINT32_BE(X, output, 4); |
720 | |
|
721 | 0 | return 0; |
722 | 0 | } |
723 | | #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ |
724 | | |
725 | | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
726 | | /* |
727 | | * 3DES-CBC buffer encryption/decryption |
728 | | */ |
729 | | int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, |
730 | | int mode, |
731 | | size_t length, |
732 | | unsigned char iv[8], |
733 | | const unsigned char *input, |
734 | | unsigned char *output) |
735 | 0 | { |
736 | 0 | int i; |
737 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
738 | 0 | unsigned char temp[8]; |
739 | |
|
740 | 0 | if (length % 8) { |
741 | 0 | return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH; |
742 | 0 | } |
743 | | |
744 | 0 | if (mode == MBEDTLS_DES_ENCRYPT) { |
745 | 0 | while (length > 0) { |
746 | 0 | for (i = 0; i < 8; i++) { |
747 | 0 | output[i] = (unsigned char) (input[i] ^ iv[i]); |
748 | 0 | } |
749 | |
|
750 | 0 | ret = mbedtls_des3_crypt_ecb(ctx, output, output); |
751 | 0 | if (ret != 0) { |
752 | 0 | goto exit; |
753 | 0 | } |
754 | 0 | memcpy(iv, output, 8); |
755 | |
|
756 | 0 | input += 8; |
757 | 0 | output += 8; |
758 | 0 | length -= 8; |
759 | 0 | } |
760 | 0 | } else { /* MBEDTLS_DES_DECRYPT */ |
761 | 0 | while (length > 0) { |
762 | 0 | memcpy(temp, input, 8); |
763 | 0 | ret = mbedtls_des3_crypt_ecb(ctx, input, output); |
764 | 0 | if (ret != 0) { |
765 | 0 | goto exit; |
766 | 0 | } |
767 | | |
768 | 0 | for (i = 0; i < 8; i++) { |
769 | 0 | output[i] = (unsigned char) (output[i] ^ iv[i]); |
770 | 0 | } |
771 | |
|
772 | 0 | memcpy(iv, temp, 8); |
773 | |
|
774 | 0 | input += 8; |
775 | 0 | output += 8; |
776 | 0 | length -= 8; |
777 | 0 | } |
778 | 0 | } |
779 | 0 | ret = 0; |
780 | |
|
781 | 0 | exit: |
782 | 0 | return ret; |
783 | 0 | } |
784 | | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
785 | | |
786 | | #endif /* !MBEDTLS_DES_ALT */ |
787 | | |
788 | | #if defined(MBEDTLS_SELF_TEST) |
789 | | /* |
790 | | * DES and 3DES test vectors from: |
791 | | * |
792 | | * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip |
793 | | */ |
794 | | static const unsigned char des3_test_keys[24] = |
795 | | { |
796 | | 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, |
797 | | 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, |
798 | | 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 |
799 | | }; |
800 | | |
801 | | static const unsigned char des3_test_buf[8] = |
802 | | { |
803 | | 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 |
804 | | }; |
805 | | |
806 | | static const unsigned char des3_test_ecb_dec[3][8] = |
807 | | { |
808 | | { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 }, |
809 | | { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 }, |
810 | | { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D } |
811 | | }; |
812 | | |
813 | | static const unsigned char des3_test_ecb_enc[3][8] = |
814 | | { |
815 | | { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB }, |
816 | | { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 }, |
817 | | { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F } |
818 | | }; |
819 | | |
820 | | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
821 | | static const unsigned char des3_test_iv[8] = |
822 | | { |
823 | | 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, |
824 | | }; |
825 | | |
826 | | static const unsigned char des3_test_cbc_dec[3][8] = |
827 | | { |
828 | | { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A }, |
829 | | { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 }, |
830 | | { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF } |
831 | | }; |
832 | | |
833 | | static const unsigned char des3_test_cbc_enc[3][8] = |
834 | | { |
835 | | { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D }, |
836 | | { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 }, |
837 | | { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 } |
838 | | }; |
839 | | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
840 | | |
841 | | /* |
842 | | * Checkup routine |
843 | | */ |
844 | | int mbedtls_des_self_test(int verbose) |
845 | 0 | { |
846 | 0 | int i, j, u, v, ret = 0; |
847 | 0 | mbedtls_des_context ctx; |
848 | 0 | mbedtls_des3_context ctx3; |
849 | 0 | unsigned char buf[8]; |
850 | 0 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
851 | 0 | unsigned char prv[8]; |
852 | 0 | unsigned char iv[8]; |
853 | 0 | #endif |
854 | |
|
855 | 0 | mbedtls_des_init(&ctx); |
856 | 0 | mbedtls_des3_init(&ctx3); |
857 | | /* |
858 | | * ECB mode |
859 | | */ |
860 | 0 | for (i = 0; i < 6; i++) { |
861 | 0 | u = i >> 1; |
862 | 0 | v = i & 1; |
863 | |
|
864 | 0 | if (verbose != 0) { |
865 | 0 | mbedtls_printf(" DES%c-ECB-%3d (%s): ", |
866 | 0 | (u == 0) ? ' ' : '3', 56 + u * 56, |
867 | 0 | (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); |
868 | 0 | } |
869 | |
|
870 | 0 | memcpy(buf, des3_test_buf, 8); |
871 | |
|
872 | 0 | switch (i) { |
873 | 0 | case 0: |
874 | 0 | ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); |
875 | 0 | break; |
876 | | |
877 | 0 | case 1: |
878 | 0 | ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); |
879 | 0 | break; |
880 | | |
881 | 0 | case 2: |
882 | 0 | ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); |
883 | 0 | break; |
884 | | |
885 | 0 | case 3: |
886 | 0 | ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); |
887 | 0 | break; |
888 | | |
889 | 0 | case 4: |
890 | 0 | ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); |
891 | 0 | break; |
892 | | |
893 | 0 | case 5: |
894 | 0 | ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); |
895 | 0 | break; |
896 | | |
897 | 0 | default: |
898 | 0 | return 1; |
899 | 0 | } |
900 | 0 | if (ret != 0) { |
901 | 0 | goto exit; |
902 | 0 | } |
903 | | |
904 | 0 | for (j = 0; j < 100; j++) { |
905 | 0 | if (u == 0) { |
906 | 0 | ret = mbedtls_des_crypt_ecb(&ctx, buf, buf); |
907 | 0 | } else { |
908 | 0 | ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf); |
909 | 0 | } |
910 | 0 | if (ret != 0) { |
911 | 0 | goto exit; |
912 | 0 | } |
913 | 0 | } |
914 | | |
915 | 0 | if ((v == MBEDTLS_DES_DECRYPT && |
916 | 0 | memcmp(buf, des3_test_ecb_dec[u], 8) != 0) || |
917 | 0 | (v != MBEDTLS_DES_DECRYPT && |
918 | 0 | memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) { |
919 | 0 | if (verbose != 0) { |
920 | 0 | mbedtls_printf("failed\n"); |
921 | 0 | } |
922 | |
|
923 | 0 | ret = 1; |
924 | 0 | goto exit; |
925 | 0 | } |
926 | | |
927 | 0 | if (verbose != 0) { |
928 | 0 | mbedtls_printf("passed\n"); |
929 | 0 | } |
930 | 0 | } |
931 | | |
932 | 0 | if (verbose != 0) { |
933 | 0 | mbedtls_printf("\n"); |
934 | 0 | } |
935 | |
|
936 | 0 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
937 | | /* |
938 | | * CBC mode |
939 | | */ |
940 | 0 | for (i = 0; i < 6; i++) { |
941 | 0 | u = i >> 1; |
942 | 0 | v = i & 1; |
943 | |
|
944 | 0 | if (verbose != 0) { |
945 | 0 | mbedtls_printf(" DES%c-CBC-%3d (%s): ", |
946 | 0 | (u == 0) ? ' ' : '3', 56 + u * 56, |
947 | 0 | (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); |
948 | 0 | } |
949 | |
|
950 | 0 | memcpy(iv, des3_test_iv, 8); |
951 | 0 | memcpy(prv, des3_test_iv, 8); |
952 | 0 | memcpy(buf, des3_test_buf, 8); |
953 | |
|
954 | 0 | switch (i) { |
955 | 0 | case 0: |
956 | 0 | ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); |
957 | 0 | break; |
958 | | |
959 | 0 | case 1: |
960 | 0 | ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); |
961 | 0 | break; |
962 | | |
963 | 0 | case 2: |
964 | 0 | ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); |
965 | 0 | break; |
966 | | |
967 | 0 | case 3: |
968 | 0 | ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); |
969 | 0 | break; |
970 | | |
971 | 0 | case 4: |
972 | 0 | ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); |
973 | 0 | break; |
974 | | |
975 | 0 | case 5: |
976 | 0 | ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); |
977 | 0 | break; |
978 | | |
979 | 0 | default: |
980 | 0 | return 1; |
981 | 0 | } |
982 | 0 | if (ret != 0) { |
983 | 0 | goto exit; |
984 | 0 | } |
985 | | |
986 | 0 | if (v == MBEDTLS_DES_DECRYPT) { |
987 | 0 | for (j = 0; j < 100; j++) { |
988 | 0 | if (u == 0) { |
989 | 0 | ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); |
990 | 0 | } else { |
991 | 0 | ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); |
992 | 0 | } |
993 | 0 | if (ret != 0) { |
994 | 0 | goto exit; |
995 | 0 | } |
996 | 0 | } |
997 | 0 | } else { |
998 | 0 | for (j = 0; j < 100; j++) { |
999 | 0 | unsigned char tmp[8]; |
1000 | |
|
1001 | 0 | if (u == 0) { |
1002 | 0 | ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); |
1003 | 0 | } else { |
1004 | 0 | ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); |
1005 | 0 | } |
1006 | 0 | if (ret != 0) { |
1007 | 0 | goto exit; |
1008 | 0 | } |
1009 | | |
1010 | 0 | memcpy(tmp, prv, 8); |
1011 | 0 | memcpy(prv, buf, 8); |
1012 | 0 | memcpy(buf, tmp, 8); |
1013 | 0 | } |
1014 | | |
1015 | 0 | memcpy(buf, prv, 8); |
1016 | 0 | } |
1017 | | |
1018 | 0 | if ((v == MBEDTLS_DES_DECRYPT && |
1019 | 0 | memcmp(buf, des3_test_cbc_dec[u], 8) != 0) || |
1020 | 0 | (v != MBEDTLS_DES_DECRYPT && |
1021 | 0 | memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) { |
1022 | 0 | if (verbose != 0) { |
1023 | 0 | mbedtls_printf("failed\n"); |
1024 | 0 | } |
1025 | |
|
1026 | 0 | ret = 1; |
1027 | 0 | goto exit; |
1028 | 0 | } |
1029 | | |
1030 | 0 | if (verbose != 0) { |
1031 | 0 | mbedtls_printf("passed\n"); |
1032 | 0 | } |
1033 | 0 | } |
1034 | 0 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
1035 | | |
1036 | 0 | if (verbose != 0) { |
1037 | 0 | mbedtls_printf("\n"); |
1038 | 0 | } |
1039 | |
|
1040 | 0 | exit: |
1041 | 0 | mbedtls_des_free(&ctx); |
1042 | 0 | mbedtls_des3_free(&ctx3); |
1043 | |
|
1044 | 0 | if (ret != 0) { |
1045 | 0 | ret = 1; |
1046 | 0 | } |
1047 | 0 | return ret; |
1048 | 0 | } |
1049 | | |
1050 | | #endif /* MBEDTLS_SELF_TEST */ |
1051 | | |
1052 | | #endif /* MBEDTLS_DES_C */ |