search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fuck! don't perform ssl handshake for blocked hosts!
[mediator.git] / src / libpolarssl / des.c
blob080e11392ea6d2340e8a6ebc0986a9a743e95c22
1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
5 *
6 * This file is part of mbed TLS (https://tls.mbed.org)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 /*
23 * DES, on which TDES is based, was originally designed by Horst Feistel
24 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
25 *
26 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
27 */
28
29 #if !defined(POLARSSL_CONFIG_FILE)
30 #include "polarssl/config.h"
31 #else
32 #include POLARSSL_CONFIG_FILE
33 #endif
34
35 #if defined(POLARSSL_DES_C)
36
37 #include "polarssl/des.h"
38
39 #include <string.h>
40
41 #if defined(POLARSSL_SELF_TEST)
42 #if defined(POLARSSL_PLATFORM_C)
43 #include "polarssl/platform.h"
44 #else
45 #include <stdio.h>
46 #define polarssl_printf printf
47 #endif /* POLARSSL_PLATFORM_C */
48 #endif /* POLARSSL_SELF_TEST */
49
50 #if !defined(POLARSSL_DES_ALT)
51
52 /* Implementation that should never be optimized out by the compiler */
53 static void polarssl_zeroize( void *v, size_t n ) {
54 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
55 }
56
57 /*
58 * 32-bit integer manipulation macros (big endian)
59 */
60 #ifndef GET_UINT32_BE
61 #define GET_UINT32_BE(n,b,i) \
62 { \
63 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
64 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
65 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
66 | ( (uint32_t) (b)[(i) + 3] ); \
67 }
68 #endif
69
70 #ifndef PUT_UINT32_BE
71 #define PUT_UINT32_BE(n,b,i) \
72 { \
73 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
74 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
75 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
76 (b)[(i) + 3] = (unsigned char) ( (n) ); \
77 }
78 #endif
79
80 /*
81 * Expanded DES S-boxes
82 */
83 static const uint32_t SB1[64] =
84 {
85 0x01010400, 0x00000000, 0x00010000, 0x01010404,
86 0x01010004, 0x00010404, 0x00000004, 0x00010000,
87 0x00000400, 0x01010400, 0x01010404, 0x00000400,
88 0x01000404, 0x01010004, 0x01000000, 0x00000004,
89 0x00000404, 0x01000400, 0x01000400, 0x00010400,
90 0x00010400, 0x01010000, 0x01010000, 0x01000404,
91 0x00010004, 0x01000004, 0x01000004, 0x00010004,
92 0x00000000, 0x00000404, 0x00010404, 0x01000000,
93 0x00010000, 0x01010404, 0x00000004, 0x01010000,
94 0x01010400, 0x01000000, 0x01000000, 0x00000400,
95 0x01010004, 0x00010000, 0x00010400, 0x01000004,
96 0x00000400, 0x00000004, 0x01000404, 0x00010404,
97 0x01010404, 0x00010004, 0x01010000, 0x01000404,
98 0x01000004, 0x00000404, 0x00010404, 0x01010400,
99 0x00000404, 0x01000400, 0x01000400, 0x00000000,
100 0x00010004, 0x00010400, 0x00000000, 0x01010004
101 };
102
103 static const uint32_t SB2[64] =
104 {
105 0x80108020, 0x80008000, 0x00008000, 0x00108020,
106 0x00100000, 0x00000020, 0x80100020, 0x80008020,
107 0x80000020, 0x80108020, 0x80108000, 0x80000000,
108 0x80008000, 0x00100000, 0x00000020, 0x80100020,
109 0x00108000, 0x00100020, 0x80008020, 0x00000000,
110 0x80000000, 0x00008000, 0x00108020, 0x80100000,
111 0x00100020, 0x80000020, 0x00000000, 0x00108000,
112 0x00008020, 0x80108000, 0x80100000, 0x00008020,
113 0x00000000, 0x00108020, 0x80100020, 0x00100000,
114 0x80008020, 0x80100000, 0x80108000, 0x00008000,
115 0x80100000, 0x80008000, 0x00000020, 0x80108020,
116 0x00108020, 0x00000020, 0x00008000, 0x80000000,
117 0x00008020, 0x80108000, 0x00100000, 0x80000020,
118 0x00100020, 0x80008020, 0x80000020, 0x00100020,
119 0x00108000, 0x00000000, 0x80008000, 0x00008020,
120 0x80000000, 0x80100020, 0x80108020, 0x00108000
121 };
122
123 static const uint32_t SB3[64] =
124 {
125 0x00000208, 0x08020200, 0x00000000, 0x08020008,
126 0x08000200, 0x00000000, 0x00020208, 0x08000200,
127 0x00020008, 0x08000008, 0x08000008, 0x00020000,
128 0x08020208, 0x00020008, 0x08020000, 0x00000208,
129 0x08000000, 0x00000008, 0x08020200, 0x00000200,
130 0x00020200, 0x08020000, 0x08020008, 0x00020208,
131 0x08000208, 0x00020200, 0x00020000, 0x08000208,
132 0x00000008, 0x08020208, 0x00000200, 0x08000000,
133 0x08020200, 0x08000000, 0x00020008, 0x00000208,
134 0x00020000, 0x08020200, 0x08000200, 0x00000000,
135 0x00000200, 0x00020008, 0x08020208, 0x08000200,
136 0x08000008, 0x00000200, 0x00000000, 0x08020008,
137 0x08000208, 0x00020000, 0x08000000, 0x08020208,
138 0x00000008, 0x00020208, 0x00020200, 0x08000008,
139 0x08020000, 0x08000208, 0x00000208, 0x08020000,
140 0x00020208, 0x00000008, 0x08020008, 0x00020200
141 };
142
143 static const uint32_t SB4[64] =
144 {
145 0x00802001, 0x00002081, 0x00002081, 0x00000080,
146 0x00802080, 0x00800081, 0x00800001, 0x00002001,
147 0x00000000, 0x00802000, 0x00802000, 0x00802081,
148 0x00000081, 0x00000000, 0x00800080, 0x00800001,
149 0x00000001, 0x00002000, 0x00800000, 0x00802001,
150 0x00000080, 0x00800000, 0x00002001, 0x00002080,
151 0x00800081, 0x00000001, 0x00002080, 0x00800080,
152 0x00002000, 0x00802080, 0x00802081, 0x00000081,
153 0x00800080, 0x00800001, 0x00802000, 0x00802081,
154 0x00000081, 0x00000000, 0x00000000, 0x00802000,
155 0x00002080, 0x00800080, 0x00800081, 0x00000001,
156 0x00802001, 0x00002081, 0x00002081, 0x00000080,
157 0x00802081, 0x00000081, 0x00000001, 0x00002000,
158 0x00800001, 0x00002001, 0x00802080, 0x00800081,
159 0x00002001, 0x00002080, 0x00800000, 0x00802001,
160 0x00000080, 0x00800000, 0x00002000, 0x00802080
161 };
162
163 static const uint32_t SB5[64] =
164 {
165 0x00000100, 0x02080100, 0x02080000, 0x42000100,
166 0x00080000, 0x00000100, 0x40000000, 0x02080000,
167 0x40080100, 0x00080000, 0x02000100, 0x40080100,
168 0x42000100, 0x42080000, 0x00080100, 0x40000000,
169 0x02000000, 0x40080000, 0x40080000, 0x00000000,
170 0x40000100, 0x42080100, 0x42080100, 0x02000100,
171 0x42080000, 0x40000100, 0x00000000, 0x42000000,
172 0x02080100, 0x02000000, 0x42000000, 0x00080100,
173 0x00080000, 0x42000100, 0x00000100, 0x02000000,
174 0x40000000, 0x02080000, 0x42000100, 0x40080100,
175 0x02000100, 0x40000000, 0x42080000, 0x02080100,
176 0x40080100, 0x00000100, 0x02000000, 0x42080000,
177 0x42080100, 0x00080100, 0x42000000, 0x42080100,
178 0x02080000, 0x00000000, 0x40080000, 0x42000000,
179 0x00080100, 0x02000100, 0x40000100, 0x00080000,
180 0x00000000, 0x40080000, 0x02080100, 0x40000100
181 };
182
183 static const uint32_t SB6[64] =
184 {
185 0x20000010, 0x20400000, 0x00004000, 0x20404010,
186 0x20400000, 0x00000010, 0x20404010, 0x00400000,
187 0x20004000, 0x00404010, 0x00400000, 0x20000010,
188 0x00400010, 0x20004000, 0x20000000, 0x00004010,
189 0x00000000, 0x00400010, 0x20004010, 0x00004000,
190 0x00404000, 0x20004010, 0x00000010, 0x20400010,
191 0x20400010, 0x00000000, 0x00404010, 0x20404000,
192 0x00004010, 0x00404000, 0x20404000, 0x20000000,
193 0x20004000, 0x00000010, 0x20400010, 0x00404000,
194 0x20404010, 0x00400000, 0x00004010, 0x20000010,
195 0x00400000, 0x20004000, 0x20000000, 0x00004010,
196 0x20000010, 0x20404010, 0x00404000, 0x20400000,
197 0x00404010, 0x20404000, 0x00000000, 0x20400010,
198 0x00000010, 0x00004000, 0x20400000, 0x00404010,
199 0x00004000, 0x00400010, 0x20004010, 0x00000000,
200 0x20404000, 0x20000000, 0x00400010, 0x20004010
201 };
202
203 static const uint32_t SB7[64] =
204 {
205 0x00200000, 0x04200002, 0x04000802, 0x00000000,
206 0x00000800, 0x04000802, 0x00200802, 0x04200800,
207 0x04200802, 0x00200000, 0x00000000, 0x04000002,
208 0x00000002, 0x04000000, 0x04200002, 0x00000802,
209 0x04000800, 0x00200802, 0x00200002, 0x04000800,
210 0x04000002, 0x04200000, 0x04200800, 0x00200002,
211 0x04200000, 0x00000800, 0x00000802, 0x04200802,
212 0x00200800, 0x00000002, 0x04000000, 0x00200800,
213 0x04000000, 0x00200800, 0x00200000, 0x04000802,
214 0x04000802, 0x04200002, 0x04200002, 0x00000002,
215 0x00200002, 0x04000000, 0x04000800, 0x00200000,
216 0x04200800, 0x00000802, 0x00200802, 0x04200800,
217 0x00000802, 0x04000002, 0x04200802, 0x04200000,
218 0x00200800, 0x00000000, 0x00000002, 0x04200802,
219 0x00000000, 0x00200802, 0x04200000, 0x00000800,
220 0x04000002, 0x04000800, 0x00000800, 0x00200002
221 };
222
223 static const uint32_t SB8[64] =
224 {
225 0x10001040, 0x00001000, 0x00040000, 0x10041040,
226 0x10000000, 0x10001040, 0x00000040, 0x10000000,
227 0x00040040, 0x10040000, 0x10041040, 0x00041000,
228 0x10041000, 0x00041040, 0x00001000, 0x00000040,
229 0x10040000, 0x10000040, 0x10001000, 0x00001040,
230 0x00041000, 0x00040040, 0x10040040, 0x10041000,
231 0x00001040, 0x00000000, 0x00000000, 0x10040040,
232 0x10000040, 0x10001000, 0x00041040, 0x00040000,
233 0x00041040, 0x00040000, 0x10041000, 0x00001000,
234 0x00000040, 0x10040040, 0x00001000, 0x00041040,
235 0x10001000, 0x00000040, 0x10000040, 0x10040000,
236 0x10040040, 0x10000000, 0x00040000, 0x10001040,
237 0x00000000, 0x10041040, 0x00040040, 0x10000040,
238 0x10040000, 0x10001000, 0x10001040, 0x00000000,
239 0x10041040, 0x00041000, 0x00041000, 0x00001040,
240 0x00001040, 0x00040040, 0x10000000, 0x10041000
241 };
242
243 /*
244 * PC1: left and right halves bit-swap
245 */
246 static const uint32_t LHs[16] =
247 {
248 0x00000000, 0x00000001, 0x00000100, 0x00000101,
249 0x00010000, 0x00010001, 0x00010100, 0x00010101,
250 0x01000000, 0x01000001, 0x01000100, 0x01000101,
251 0x01010000, 0x01010001, 0x01010100, 0x01010101
252 };
253
254 static const uint32_t RHs[16] =
255 {
256 0x00000000, 0x01000000, 0x00010000, 0x01010000,
257 0x00000100, 0x01000100, 0x00010100, 0x01010100,
258 0x00000001, 0x01000001, 0x00010001, 0x01010001,
259 0x00000101, 0x01000101, 0x00010101, 0x01010101,
260 };
261
262 /*
263 * Initial Permutation macro
264 */
265 #define DES_IP(X,Y) \
266 { \
267 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
268 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
269 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
270 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
271 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
272 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
273 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
274 }
275
276 /*
277 * Final Permutation macro
278 */
279 #define DES_FP(X,Y) \
280 { \
281 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
282 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
283 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
284 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
285 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
286 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
287 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
288 }
289
290 /*
291 * DES round macro
292 */
293 #define DES_ROUND(X,Y) \
294 { \
295 T = *SK++ ^ X; \
296 Y ^= SB8[ (T ) & 0x3F ] ^ \
297 SB6[ (T >> 8) & 0x3F ] ^ \
298 SB4[ (T >> 16) & 0x3F ] ^ \
299 SB2[ (T >> 24) & 0x3F ]; \
300 \
301 T = *SK++ ^ ((X << 28) | (X >> 4)); \
302 Y ^= SB7[ (T ) & 0x3F ] ^ \
303 SB5[ (T >> 8) & 0x3F ] ^ \
304 SB3[ (T >> 16) & 0x3F ] ^ \
305 SB1[ (T >> 24) & 0x3F ]; \
306 }
307
308 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
309
310 void des_init( des_context *ctx )
311 {
312 memset( ctx, 0, sizeof( des_context ) );
313 }
314
315 void des_free( des_context *ctx )
316 {
317 if( ctx == NULL )
318 return;
319
320 polarssl_zeroize( ctx, sizeof( des_context ) );
321 }
322
323 void des3_init( des3_context *ctx )
324 {
325 memset( ctx, 0, sizeof( des3_context ) );
326 }
327
328 void des3_free( des3_context *ctx )
329 {
330 if( ctx == NULL )
331 return;
332
333 polarssl_zeroize( ctx, sizeof( des3_context ) );
334 }
335
336 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
337 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
338 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
339 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
340 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
341 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
342 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
343 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
344 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
345 254 };
346
347 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
348 {
349 int i;
350
351 for( i = 0; i < DES_KEY_SIZE; i++ )
352 key[i] = odd_parity_table[key[i] / 2];
353 }
354
355 /*
356 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
357 */
358 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
359 {
360 int i;
361
362 for( i = 0; i < DES_KEY_SIZE; i++ )
363 if( key[i] != odd_parity_table[key[i] / 2] )
364 return( 1 );
365
366 return( 0 );
367 }
368
369 /*
370 * Table of weak and semi-weak keys
371 *
372 * Source: http://en.wikipedia.org/wiki/Weak_key
373 *
374 * Weak:
375 * Alternating ones + zeros (0x0101010101010101)
376 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
377 * '0xE0E0E0E0F1F1F1F1'
378 * '0x1F1F1F1F0E0E0E0E'
379 *
380 * Semi-weak:
381 * 0x011F011F010E010E and 0x1F011F010E010E01
382 * 0x01E001E001F101F1 and 0xE001E001F101F101
383 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
384 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
385 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
386 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
387 *
388 */
389
390 #define WEAK_KEY_COUNT 16
391
392 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
393 {
394 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
395 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
396 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
397 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
398
399 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
400 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
401 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
402 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
403 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
404 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
405 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
406 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
407 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
408 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
409 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
410 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
411 };
412
413 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
414 {
415 int i;
416
417 for( i = 0; i < WEAK_KEY_COUNT; i++ )
418 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0 )
419 return( 1 );
420
421 return( 0 );
422 }
423
424 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
425 {
426 int i;
427 uint32_t X, Y, T;
428
429 GET_UINT32_BE( X, key, 0 );
430 GET_UINT32_BE( Y, key, 4 );
431
432 /*
433 * Permuted Choice 1
434 */
435 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
436 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
437
438 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
439 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
440 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
441 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
442
443 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
444 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
445 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
446 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
447
448 X &= 0x0FFFFFFF;
449 Y &= 0x0FFFFFFF;
450
451 /*
452 * calculate subkeys
453 */
454 for( i = 0; i < 16; i++ )
455 {
456 if( i < 2 || i == 8 || i == 15 )
457 {
458 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
459 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
460 }
461 else
462 {
463 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
464 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
465 }
466
467 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
468 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
469 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
470 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
471 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
472 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
473 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
474 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
475 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
476 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
477 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
478
479 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
480 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
481 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
482 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
483 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
484 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
485 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
486 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
487 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
488 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
489 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
490 }
491 }
492
493 /*
494 * DES key schedule (56-bit, encryption)
495 */
496 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
497 {
498 des_setkey( ctx->sk, key );
499
500 return( 0 );
501 }
502
503 /*
504 * DES key schedule (56-bit, decryption)
505 */
506 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
507 {
508 int i;
509
510 des_setkey( ctx->sk, key );
511
512 for( i = 0; i < 16; i += 2 )
513 {
514 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
515 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
516 }
517
518 return( 0 );
519 }
520
521 static void des3_set2key( uint32_t esk[96],
522 uint32_t dsk[96],
523 const unsigned char key[DES_KEY_SIZE*2] )
524 {
525 int i;
526
527 des_setkey( esk, key );
528 des_setkey( dsk + 32, key + 8 );
529
530 for( i = 0; i < 32; i += 2 )
531 {
532 dsk[i ] = esk[30 - i];
533 dsk[i + 1] = esk[31 - i];
534
535 esk[i + 32] = dsk[62 - i];
536 esk[i + 33] = dsk[63 - i];
537
538 esk[i + 64] = esk[i ];
539 esk[i + 65] = esk[i + 1];
540
541 dsk[i + 64] = dsk[i ];
542 dsk[i + 65] = dsk[i + 1];
543 }
544 }
545
546 /*
547 * Triple-DES key schedule (112-bit, encryption)
548 */
549 int des3_set2key_enc( des3_context *ctx,
550 const unsigned char key[DES_KEY_SIZE * 2] )
551 {
552 uint32_t sk[96];
553
554 des3_set2key( ctx->sk, sk, key );
555 polarssl_zeroize( sk, sizeof( sk ) );
556
557 return( 0 );
558 }
559
560 /*
561 * Triple-DES key schedule (112-bit, decryption)
562 */
563 int des3_set2key_dec( des3_context *ctx,
564 const unsigned char key[DES_KEY_SIZE * 2] )
565 {
566 uint32_t sk[96];
567
568 des3_set2key( sk, ctx->sk, key );
569 polarssl_zeroize( sk, sizeof( sk ) );
570
571 return( 0 );
572 }
573
574 static void des3_set3key( uint32_t esk[96],
575 uint32_t dsk[96],
576 const unsigned char key[24] )
577 {
578 int i;
579
580 des_setkey( esk, key );
581 des_setkey( dsk + 32, key + 8 );
582 des_setkey( esk + 64, key + 16 );
583
584 for( i = 0; i < 32; i += 2 )
585 {
586 dsk[i ] = esk[94 - i];
587 dsk[i + 1] = esk[95 - i];
588
589 esk[i + 32] = dsk[62 - i];
590 esk[i + 33] = dsk[63 - i];
591
592 dsk[i + 64] = esk[30 - i];
593 dsk[i + 65] = esk[31 - i];
594 }
595 }
596
597 /*
598 * Triple-DES key schedule (168-bit, encryption)
599 */
600 int des3_set3key_enc( des3_context *ctx,
601 const unsigned char key[DES_KEY_SIZE * 3] )
602 {
603 uint32_t sk[96];
604
605 des3_set3key( ctx->sk, sk, key );
606 polarssl_zeroize( sk, sizeof( sk ) );
607
608 return( 0 );
609 }
610
611 /*
612 * Triple-DES key schedule (168-bit, decryption)
613 */
614 int des3_set3key_dec( des3_context *ctx,
615 const unsigned char key[DES_KEY_SIZE * 3] )
616 {
617 uint32_t sk[96];
618
619 des3_set3key( sk, ctx->sk, key );
620 polarssl_zeroize( sk, sizeof( sk ) );
621
622 return( 0 );
623 }
624
625 /*
626 * DES-ECB block encryption/decryption
627 */
628 int des_crypt_ecb( des_context *ctx,
629 const unsigned char input[8],
630 unsigned char output[8] )
631 {
632 int i;
633 uint32_t X, Y, T, *SK;
634
635 SK = ctx->sk;
636
637 GET_UINT32_BE( X, input, 0 );
638 GET_UINT32_BE( Y, input, 4 );
639
640 DES_IP( X, Y );
641
642 for( i = 0; i < 8; i++ )
643 {
644 DES_ROUND( Y, X );
645 DES_ROUND( X, Y );
646 }
647
648 DES_FP( Y, X );
649
650 PUT_UINT32_BE( Y, output, 0 );
651 PUT_UINT32_BE( X, output, 4 );
652
653 return( 0 );
654 }
655
656 #if defined(POLARSSL_CIPHER_MODE_CBC)
657 /*
658 * DES-CBC buffer encryption/decryption
659 */
660 int des_crypt_cbc( des_context *ctx,
661 int mode,
662 size_t length,
663 unsigned char iv[8],
664 const unsigned char *input,
665 unsigned char *output )
666 {
667 int i;
668 unsigned char temp[8];
669
670 if( length % 8 )
671 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
672
673 if( mode == DES_ENCRYPT )
674 {
675 while( length > 0 )
676 {
677 for( i = 0; i < 8; i++ )
678 output[i] = (unsigned char)( input[i] ^ iv[i] );
679
680 des_crypt_ecb( ctx, output, output );
681 memcpy( iv, output, 8 );
682
683 input += 8;
684 output += 8;
685 length -= 8;
686 }
687 }
688 else /* DES_DECRYPT */
689 {
690 while( length > 0 )
691 {
692 memcpy( temp, input, 8 );
693 des_crypt_ecb( ctx, input, output );
694
695 for( i = 0; i < 8; i++ )
696 output[i] = (unsigned char)( output[i] ^ iv[i] );
697
698 memcpy( iv, temp, 8 );
699
700 input += 8;
701 output += 8;
702 length -= 8;
703 }
704 }
705
706 return( 0 );
707 }
708 #endif /* POLARSSL_CIPHER_MODE_CBC */
709
710 /*
711 * 3DES-ECB block encryption/decryption
712 */
713 int des3_crypt_ecb( des3_context *ctx,
714 const unsigned char input[8],
715 unsigned char output[8] )
716 {
717 int i;
718 uint32_t X, Y, T, *SK;
719
720 SK = ctx->sk;
721
722 GET_UINT32_BE( X, input, 0 );
723 GET_UINT32_BE( Y, input, 4 );
724
725 DES_IP( X, Y );
726
727 for( i = 0; i < 8; i++ )
728 {
729 DES_ROUND( Y, X );
730 DES_ROUND( X, Y );
731 }
732
733 for( i = 0; i < 8; i++ )
734 {
735 DES_ROUND( X, Y );
736 DES_ROUND( Y, X );
737 }
738
739 for( i = 0; i < 8; i++ )
740 {
741 DES_ROUND( Y, X );
742 DES_ROUND( X, Y );
743 }
744
745 DES_FP( Y, X );
746
747 PUT_UINT32_BE( Y, output, 0 );
748 PUT_UINT32_BE( X, output, 4 );
749
750 return( 0 );
751 }
752
753 #if defined(POLARSSL_CIPHER_MODE_CBC)
754 /*
755 * 3DES-CBC buffer encryption/decryption
756 */
757 int des3_crypt_cbc( des3_context *ctx,
758 int mode,
759 size_t length,
760 unsigned char iv[8],
761 const unsigned char *input,
762 unsigned char *output )
763 {
764 int i;
765 unsigned char temp[8];
766
767 if( length % 8 )
768 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
769
770 if( mode == DES_ENCRYPT )
771 {
772 while( length > 0 )
773 {
774 for( i = 0; i < 8; i++ )
775 output[i] = (unsigned char)( input[i] ^ iv[i] );
776
777 des3_crypt_ecb( ctx, output, output );
778 memcpy( iv, output, 8 );
779
780 input += 8;
781 output += 8;
782 length -= 8;
783 }
784 }
785 else /* DES_DECRYPT */
786 {
787 while( length > 0 )
788 {
789 memcpy( temp, input, 8 );
790 des3_crypt_ecb( ctx, input, output );
791
792 for( i = 0; i < 8; i++ )
793 output[i] = (unsigned char)( output[i] ^ iv[i] );
794
795 memcpy( iv, temp, 8 );
796
797 input += 8;
798 output += 8;
799 length -= 8;
800 }
801 }
802
803 return( 0 );
804 }
805 #endif /* POLARSSL_CIPHER_MODE_CBC */
806
807 #endif /* !POLARSSL_DES_ALT */
808
809 #if defined(POLARSSL_SELF_TEST)
810 /*
811 * DES and 3DES test vectors from:
812 *
813 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
814 */
815 static const unsigned char des3_test_keys[24] =
816 {
817 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
818 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
819 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
820 };
821
822 static const unsigned char des3_test_buf[8] =
823 {
824 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
825 };
826
827 static const unsigned char des3_test_ecb_dec[3][8] =
828 {
829 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
830 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
831 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
832 };
833
834 static const unsigned char des3_test_ecb_enc[3][8] =
835 {
836 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
837 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
838 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
839 };
840
841 #if defined(POLARSSL_CIPHER_MODE_CBC)
842 static const unsigned char des3_test_iv[8] =
843 {
844 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
845 };
846
847 static const unsigned char des3_test_cbc_dec[3][8] =
848 {
849 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
850 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
851 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
852 };
853
854 static const unsigned char des3_test_cbc_enc[3][8] =
855 {
856 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
857 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
858 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
859 };
860 #endif /* POLARSSL_CIPHER_MODE_CBC */
861
862 /*
863 * Checkup routine
864 */
865 int des_self_test( int verbose )
866 {
867 int i, j, u, v, ret = 0;
868 des_context ctx;
869 des3_context ctx3;
870 unsigned char buf[8];
871 #if defined(POLARSSL_CIPHER_MODE_CBC)
872 unsigned char prv[8];
873 unsigned char iv[8];
874 #endif
875
876 des_init( &ctx );
877 des3_init( &ctx3 );
878 /*
879 * ECB mode
880 */
881 for( i = 0; i < 6; i++ )
882 {
883 u = i >> 1;
884 v = i & 1;
885
886 if( verbose != 0 )
887 polarssl_printf( " DES%c-ECB-%3d (%s): ",
888 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
889 ( v == DES_DECRYPT ) ? "dec" : "enc" );
890
891 memcpy( buf, des3_test_buf, 8 );
892
893 switch( i )
894 {
895 case 0:
896 des_setkey_dec( &ctx, des3_test_keys );
897 break;
898
899 case 1:
900 des_setkey_enc( &ctx, des3_test_keys );
901 break;
902
903 case 2:
904 des3_set2key_dec( &ctx3, des3_test_keys );
905 break;
906
907 case 3:
908 des3_set2key_enc( &ctx3, des3_test_keys );
909 break;
910
911 case 4:
912 des3_set3key_dec( &ctx3, des3_test_keys );
913 break;
914
915 case 5:
916 des3_set3key_enc( &ctx3, des3_test_keys );
917 break;
918
919 default:
920 return( 1 );
921 }
922
923 for( j = 0; j < 10000; j++ )
924 {
925 if( u == 0 )
926 des_crypt_ecb( &ctx, buf, buf );
927 else
928 des3_crypt_ecb( &ctx3, buf, buf );
929 }
930
931 if( ( v == DES_DECRYPT &&
932 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
933 ( v != DES_DECRYPT &&
934 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
935 {
936 if( verbose != 0 )
937 polarssl_printf( "failed\n" );
938
939 ret = 1;
940 goto exit;
941 }
942
943 if( verbose != 0 )
944 polarssl_printf( "passed\n" );
945 }
946
947 if( verbose != 0 )
948 polarssl_printf( "\n" );
949
950 #if defined(POLARSSL_CIPHER_MODE_CBC)
951 /*
952 * CBC mode
953 */
954 for( i = 0; i < 6; i++ )
955 {
956 u = i >> 1;
957 v = i & 1;
958
959 if( verbose != 0 )
960 polarssl_printf( " DES%c-CBC-%3d (%s): ",
961 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
962 ( v == DES_DECRYPT ) ? "dec" : "enc" );
963
964 memcpy( iv, des3_test_iv, 8 );
965 memcpy( prv, des3_test_iv, 8 );
966 memcpy( buf, des3_test_buf, 8 );
967
968 switch( i )
969 {
970 case 0:
971 des_setkey_dec( &ctx, des3_test_keys );
972 break;
973
974 case 1:
975 des_setkey_enc( &ctx, des3_test_keys );
976 break;
977
978 case 2:
979 des3_set2key_dec( &ctx3, des3_test_keys );
980 break;
981
982 case 3:
983 des3_set2key_enc( &ctx3, des3_test_keys );
984 break;
985
986 case 4:
987 des3_set3key_dec( &ctx3, des3_test_keys );
988 break;
989
990 case 5:
991 des3_set3key_enc( &ctx3, des3_test_keys );
992 break;
993
994 default:
995 return( 1 );
996 }
997
998 if( v == DES_DECRYPT )
999 {
1000 for( j = 0; j < 10000; j++ )
1001 {
1002 if( u == 0 )
1003 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1004 else
1005 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1006 }
1007 }
1008 else
1009 {
1010 for( j = 0; j < 10000; j++ )
1011 {
1012 unsigned char tmp[8];
1013
1014 if( u == 0 )
1015 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1016 else
1017 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1018
1019 memcpy( tmp, prv, 8 );
1020 memcpy( prv, buf, 8 );
1021 memcpy( buf, tmp, 8 );
1022 }
1023
1024 memcpy( buf, prv, 8 );
1025 }
1026
1027 if( ( v == DES_DECRYPT &&
1028 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
1029 ( v != DES_DECRYPT &&
1030 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
1031 {
1032 if( verbose != 0 )
1033 polarssl_printf( "failed\n" );
1034
1035 ret = 1;
1036 goto exit;
1037 }
1038
1039 if( verbose != 0 )
1040 polarssl_printf( "passed\n" );
1041 }
1042 #endif /* POLARSSL_CIPHER_MODE_CBC */
1043
1044 if( verbose != 0 )
1045 polarssl_printf( "\n" );
1046
1047 exit:
1048 des_free( &ctx );
1049 des3_free( &ctx3 );
1050
1051 return( ret );
1052 }
1053
1054 #endif /* POLARSSL_SELF_TEST */
1055
1056 #endif /* POLARSSL_DES_C */
simple coroutine-based http/https proxy server