TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / aa584f9edec2b342cbc8354ae8251034dec9e49c / . / lib / libmbedtls / mbedtls / library / des.c
blob: f0032b3b5699789389b289901031779b4f7d0bd3 [file] [log] [blame]
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 */
7/*
8 * DES, on which TDES is based, was originally designed by Horst Feistel
9 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
10 *
11 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
12 */
13
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]14#include "common.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]15
16#if defined(MBEDTLS_DES_C)
17
18#include "mbedtls/des.h"
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]19#include "mbedtls/error.h"
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]20#include "mbedtls/platform_util.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]21
22#include <string.h>
23
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]24#include "mbedtls/platform.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]25
26#if !defined(MBEDTLS_DES_ALT)
27
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]28/*
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]29 * Expanded DES S-boxes
30 */
31static const uint32_t SB1[64] =
32{
33 0x01010400, 0x00000000, 0x00010000, 0x01010404,
34 0x01010004, 0x00010404, 0x00000004, 0x00010000,
35 0x00000400, 0x01010400, 0x01010404, 0x00000400,
36 0x01000404, 0x01010004, 0x01000000, 0x00000004,
37 0x00000404, 0x01000400, 0x01000400, 0x00010400,
38 0x00010400, 0x01010000, 0x01010000, 0x01000404,
39 0x00010004, 0x01000004, 0x01000004, 0x00010004,
40 0x00000000, 0x00000404, 0x00010404, 0x01000000,
41 0x00010000, 0x01010404, 0x00000004, 0x01010000,
42 0x01010400, 0x01000000, 0x01000000, 0x00000400,
43 0x01010004, 0x00010000, 0x00010400, 0x01000004,
44 0x00000400, 0x00000004, 0x01000404, 0x00010404,
45 0x01010404, 0x00010004, 0x01010000, 0x01000404,
46 0x01000004, 0x00000404, 0x00010404, 0x01010400,
47 0x00000404, 0x01000400, 0x01000400, 0x00000000,
48 0x00010004, 0x00010400, 0x00000000, 0x01010004
49};
50
51static const uint32_t SB2[64] =
52{
53 0x80108020, 0x80008000, 0x00008000, 0x00108020,
54 0x00100000, 0x00000020, 0x80100020, 0x80008020,
55 0x80000020, 0x80108020, 0x80108000, 0x80000000,
56 0x80008000, 0x00100000, 0x00000020, 0x80100020,
57 0x00108000, 0x00100020, 0x80008020, 0x00000000,
58 0x80000000, 0x00008000, 0x00108020, 0x80100000,
59 0x00100020, 0x80000020, 0x00000000, 0x00108000,
60 0x00008020, 0x80108000, 0x80100000, 0x00008020,
61 0x00000000, 0x00108020, 0x80100020, 0x00100000,
62 0x80008020, 0x80100000, 0x80108000, 0x00008000,
63 0x80100000, 0x80008000, 0x00000020, 0x80108020,
64 0x00108020, 0x00000020, 0x00008000, 0x80000000,
65 0x00008020, 0x80108000, 0x00100000, 0x80000020,
66 0x00100020, 0x80008020, 0x80000020, 0x00100020,
67 0x00108000, 0x00000000, 0x80008000, 0x00008020,
68 0x80000000, 0x80100020, 0x80108020, 0x00108000
69};
70
71static const uint32_t SB3[64] =
72{
73 0x00000208, 0x08020200, 0x00000000, 0x08020008,
74 0x08000200, 0x00000000, 0x00020208, 0x08000200,
75 0x00020008, 0x08000008, 0x08000008, 0x00020000,
76 0x08020208, 0x00020008, 0x08020000, 0x00000208,
77 0x08000000, 0x00000008, 0x08020200, 0x00000200,
78 0x00020200, 0x08020000, 0x08020008, 0x00020208,
79 0x08000208, 0x00020200, 0x00020000, 0x08000208,
80 0x00000008, 0x08020208, 0x00000200, 0x08000000,
81 0x08020200, 0x08000000, 0x00020008, 0x00000208,
82 0x00020000, 0x08020200, 0x08000200, 0x00000000,
83 0x00000200, 0x00020008, 0x08020208, 0x08000200,
84 0x08000008, 0x00000200, 0x00000000, 0x08020008,
85 0x08000208, 0x00020000, 0x08000000, 0x08020208,
86 0x00000008, 0x00020208, 0x00020200, 0x08000008,
87 0x08020000, 0x08000208, 0x00000208, 0x08020000,
88 0x00020208, 0x00000008, 0x08020008, 0x00020200
89};
90
91static const uint32_t SB4[64] =
92{
93 0x00802001, 0x00002081, 0x00002081, 0x00000080,
94 0x00802080, 0x00800081, 0x00800001, 0x00002001,
95 0x00000000, 0x00802000, 0x00802000, 0x00802081,
96 0x00000081, 0x00000000, 0x00800080, 0x00800001,
97 0x00000001, 0x00002000, 0x00800000, 0x00802001,
98 0x00000080, 0x00800000, 0x00002001, 0x00002080,
99 0x00800081, 0x00000001, 0x00002080, 0x00800080,
100 0x00002000, 0x00802080, 0x00802081, 0x00000081,
101 0x00800080, 0x00800001, 0x00802000, 0x00802081,
102 0x00000081, 0x00000000, 0x00000000, 0x00802000,
103 0x00002080, 0x00800080, 0x00800081, 0x00000001,
104 0x00802001, 0x00002081, 0x00002081, 0x00000080,
105 0x00802081, 0x00000081, 0x00000001, 0x00002000,
106 0x00800001, 0x00002001, 0x00802080, 0x00800081,
107 0x00002001, 0x00002080, 0x00800000, 0x00802001,
108 0x00000080, 0x00800000, 0x00002000, 0x00802080
109};
110
111static const uint32_t SB5[64] =
112{
113 0x00000100, 0x02080100, 0x02080000, 0x42000100,
114 0x00080000, 0x00000100, 0x40000000, 0x02080000,
115 0x40080100, 0x00080000, 0x02000100, 0x40080100,
116 0x42000100, 0x42080000, 0x00080100, 0x40000000,
117 0x02000000, 0x40080000, 0x40080000, 0x00000000,
118 0x40000100, 0x42080100, 0x42080100, 0x02000100,
119 0x42080000, 0x40000100, 0x00000000, 0x42000000,
120 0x02080100, 0x02000000, 0x42000000, 0x00080100,
121 0x00080000, 0x42000100, 0x00000100, 0x02000000,
122 0x40000000, 0x02080000, 0x42000100, 0x40080100,
123 0x02000100, 0x40000000, 0x42080000, 0x02080100,
124 0x40080100, 0x00000100, 0x02000000, 0x42080000,
125 0x42080100, 0x00080100, 0x42000000, 0x42080100,
126 0x02080000, 0x00000000, 0x40080000, 0x42000000,
127 0x00080100, 0x02000100, 0x40000100, 0x00080000,
128 0x00000000, 0x40080000, 0x02080100, 0x40000100
129};
130
131static const uint32_t SB6[64] =
132{
133 0x20000010, 0x20400000, 0x00004000, 0x20404010,
134 0x20400000, 0x00000010, 0x20404010, 0x00400000,
135 0x20004000, 0x00404010, 0x00400000, 0x20000010,
136 0x00400010, 0x20004000, 0x20000000, 0x00004010,
137 0x00000000, 0x00400010, 0x20004010, 0x00004000,
138 0x00404000, 0x20004010, 0x00000010, 0x20400010,
139 0x20400010, 0x00000000, 0x00404010, 0x20404000,
140 0x00004010, 0x00404000, 0x20404000, 0x20000000,
141 0x20004000, 0x00000010, 0x20400010, 0x00404000,
142 0x20404010, 0x00400000, 0x00004010, 0x20000010,
143 0x00400000, 0x20004000, 0x20000000, 0x00004010,
144 0x20000010, 0x20404010, 0x00404000, 0x20400000,
145 0x00404010, 0x20404000, 0x00000000, 0x20400010,
146 0x00000010, 0x00004000, 0x20400000, 0x00404010,
147 0x00004000, 0x00400010, 0x20004010, 0x00000000,
148 0x20404000, 0x20000000, 0x00400010, 0x20004010
149};
150
151static const uint32_t SB7[64] =
152{
153 0x00200000, 0x04200002, 0x04000802, 0x00000000,
154 0x00000800, 0x04000802, 0x00200802, 0x04200800,
155 0x04200802, 0x00200000, 0x00000000, 0x04000002,
156 0x00000002, 0x04000000, 0x04200002, 0x00000802,
157 0x04000800, 0x00200802, 0x00200002, 0x04000800,
158 0x04000002, 0x04200000, 0x04200800, 0x00200002,
159 0x04200000, 0x00000800, 0x00000802, 0x04200802,
160 0x00200800, 0x00000002, 0x04000000, 0x00200800,
161 0x04000000, 0x00200800, 0x00200000, 0x04000802,
162 0x04000802, 0x04200002, 0x04200002, 0x00000002,
163 0x00200002, 0x04000000, 0x04000800, 0x00200000,
164 0x04200800, 0x00000802, 0x00200802, 0x04200800,
165 0x00000802, 0x04000002, 0x04200802, 0x04200000,
166 0x00200800, 0x00000000, 0x00000002, 0x04200802,
167 0x00000000, 0x00200802, 0x04200000, 0x00000800,
168 0x04000002, 0x04000800, 0x00000800, 0x00200002
169};
170
171static const uint32_t SB8[64] =
172{
173 0x10001040, 0x00001000, 0x00040000, 0x10041040,
174 0x10000000, 0x10001040, 0x00000040, 0x10000000,
175 0x00040040, 0x10040000, 0x10041040, 0x00041000,
176 0x10041000, 0x00041040, 0x00001000, 0x00000040,
177 0x10040000, 0x10000040, 0x10001000, 0x00001040,
178 0x00041000, 0x00040040, 0x10040040, 0x10041000,
179 0x00001040, 0x00000000, 0x00000000, 0x10040040,
180 0x10000040, 0x10001000, 0x00041040, 0x00040000,
181 0x00041040, 0x00040000, 0x10041000, 0x00001000,
182 0x00000040, 0x10040040, 0x00001000, 0x00041040,
183 0x10001000, 0x00000040, 0x10000040, 0x10040000,
184 0x10040040, 0x10000000, 0x00040000, 0x10001040,
185 0x00000000, 0x10041040, 0x00040040, 0x10000040,
186 0x10040000, 0x10001000, 0x10001040, 0x00000000,
187 0x10041040, 0x00041000, 0x00041000, 0x00001040,
188 0x00001040, 0x00040040, 0x10000000, 0x10041000
189};
190
191/*
192 * PC1: left and right halves bit-swap
193 */
194static const uint32_t LHs[16] =
195{
196 0x00000000, 0x00000001, 0x00000100, 0x00000101,
197 0x00010000, 0x00010001, 0x00010100, 0x00010101,
198 0x01000000, 0x01000001, 0x01000100, 0x01000101,
199 0x01010000, 0x01010001, 0x01010100, 0x01010101
200};
201
202static const uint32_t RHs[16] =
203{
204 0x00000000, 0x01000000, 0x00010000, 0x01010000,
205 0x00000100, 0x01000100, 0x00010100, 0x01010100,
206 0x00000001, 0x01000001, 0x00010001, 0x01010001,
207 0x00000101, 0x01000101, 0x00010101, 0x01010101,
208};
209
210/*
211 * Initial Permutation macro
212 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]213#define DES_IP(X, Y) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]214 do \
215 { \
216 T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
217 T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
218 T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
219 T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
220 (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \
221 T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \
222 (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]223 } while (0)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]224
225/*
226 * Final Permutation macro
227 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]228#define DES_FP(X, Y) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]229 do \
230 { \
231 (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \
232 T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T; \
233 (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF; \
234 T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
235 T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
236 T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
237 T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]238 } while (0)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]239
240/*
241 * DES round macro
242 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]243#define DES_ROUND(X, Y) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]244 do \
245 { \
246 T = *SK++ ^ (X); \
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]247 (Y) ^= SB8[(T) & 0x3F] ^ \
248 SB6[(T >> 8) & 0x3F] ^ \
249 SB4[(T >> 16) & 0x3F] ^ \
250 SB2[(T >> 24) & 0x3F]; \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]251 \
252 T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]253 (Y) ^= SB7[(T) & 0x3F] ^ \
254 SB5[(T >> 8) & 0x3F] ^ \
255 SB3[(T >> 16) & 0x3F] ^ \
256 SB1[(T >> 24) & 0x3F]; \
257 } while (0)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]258
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]259#define SWAP(a, b) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]260 do \
261 { \
262 uint32_t t = (a); (a) = (b); (b) = t; t = 0; \
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]263 } while (0)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]264
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]265void mbedtls_des_init(mbedtls_des_context *ctx)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]266{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]267 memset(ctx, 0, sizeof(mbedtls_des_context));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]268}
269
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]270void mbedtls_des_free(mbedtls_des_context *ctx)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]271{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]272 if (ctx == NULL) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]273 return;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]274 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]275
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]276 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]277}
278
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]279void mbedtls_des3_init(mbedtls_des3_context *ctx)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]280{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]281 memset(ctx, 0, sizeof(mbedtls_des3_context));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]282}
283
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]284void mbedtls_des3_free(mbedtls_des3_context *ctx)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]285{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]286 if (ctx == NULL) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]287 return;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]288 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]289
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]290 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]291}
292
293static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]294 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
295 35, 37, 38, 41, 42, 44,
296 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
297 70, 73, 74, 76, 79, 81,
298 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
299 104, 107, 109, 110, 112,
300 115, 117, 118, 121, 122, 124, 127, 128, 131,
301 133, 134, 137, 138, 140,
302 143, 145, 146, 148, 151, 152, 155, 157, 158,
303 161, 162, 164, 167, 168,
304 171, 173, 174, 176, 179, 181, 182, 185, 186,
305 188, 191, 193, 194, 196,
306 199, 200, 203, 205, 206, 208, 211, 213, 214,
307 217, 218, 220, 223, 224,
308 227, 229, 230, 233, 234, 236, 239, 241, 242,
309 244, 247, 248, 251, 253,
310 254 };
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]311
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]312void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]313{
314 int i;
315
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]316 for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]317 key[i] = odd_parity_table[key[i] / 2];
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]318 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]319}
320
321/*
322 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
323 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]324int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]325{
326 int i;
327
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]328 for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
329 if (key[i] != odd_parity_table[key[i] / 2]) {
330 return 1;
331 }
332 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]333
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]334 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]335}
336
337/*
338 * Table of weak and semi-weak keys
339 *
340 * Source: http://en.wikipedia.org/wiki/Weak_key
341 *
342 * Weak:
343 * Alternating ones + zeros (0x0101010101010101)
344 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
345 * '0xE0E0E0E0F1F1F1F1'
346 * '0x1F1F1F1F0E0E0E0E'
347 *
348 * Semi-weak:
349 * 0x011F011F010E010E and 0x1F011F010E010E01
350 * 0x01E001E001F101F1 and 0xE001E001F101F101
351 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
352 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
353 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
354 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
355 *
356 */
357
358#define WEAK_KEY_COUNT 16
359
360static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
361{
362 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
363 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
364 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
365 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
366
367 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
368 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
369 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
370 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
371 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
372 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
373 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
374 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
375 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
376 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
377 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
378 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
379};
380
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]381int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]382{
383 int i;
384
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]385 for (i = 0; i < WEAK_KEY_COUNT; i++) {
386 if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
387 return 1;
388 }
389 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]390
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]391 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]392}
393
394#if !defined(MBEDTLS_DES_SETKEY_ALT)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]395void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]396{
397 int i;
398 uint32_t X, Y, T;
399
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]400 X = MBEDTLS_GET_UINT32_BE(key, 0);
401 Y = MBEDTLS_GET_UINT32_BE(key, 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]402
403 /*
404 * Permuted Choice 1
405 */
406 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]407 T = ((Y) ^ X) & 0x10101010; X ^= T; Y ^= (T);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]408
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]409 X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF] << 2)
410 | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF])
411 | (LHs[(X >> 5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6)
412 | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]413
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]414 Y = (RHs[(Y >> 1) & 0xF] << 3) | (RHs[(Y >> 9) & 0xF] << 2)
415 | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF])
416 | (RHs[(Y >> 4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6)
417 | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]418
419 X &= 0x0FFFFFFF;
420 Y &= 0x0FFFFFFF;
421
422 /*
423 * calculate subkeys
424 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]425 for (i = 0; i < 16; i++) {
426 if (i < 2 || i == 8 || i == 15) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]427 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
428 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]429 } else {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]430 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
431 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
432 }
433
434 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
435 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
436 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
437 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
438 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
439 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
440 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]441 | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]442 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
443 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
444 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
445
446 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
447 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
448 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
449 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
450 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
451 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
452 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
453 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]454 | ((Y) & 0x00000200) | ((Y << 7) & 0x00000100)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]455 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
456 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
457 }
458}
459#endif /* !MBEDTLS_DES_SETKEY_ALT */
460
461/*
462 * DES key schedule (56-bit, encryption)
463 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]464int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]465{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]466 mbedtls_des_setkey(ctx->sk, key);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]467
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]468 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]469}
470
471/*
472 * DES key schedule (56-bit, decryption)
473 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]474int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]475{
476 int i;
477
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]478 mbedtls_des_setkey(ctx->sk, key);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]479
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]480 for (i = 0; i < 16; i += 2) {
481 SWAP(ctx->sk[i], ctx->sk[30 - i]);
482 SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]483 }
484
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]485 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]486}
487
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]488static void des3_set2key(uint32_t esk[96],
489 uint32_t dsk[96],
490 const unsigned char key[MBEDTLS_DES_KEY_SIZE*2])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]491{
492 int i;
493
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]494 mbedtls_des_setkey(esk, key);
495 mbedtls_des_setkey(dsk + 32, key + 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]496
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]497 for (i = 0; i < 32; i += 2) {
498 dsk[i] = esk[30 - i];
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]499 dsk[i + 1] = esk[31 - i];
500
501 esk[i + 32] = dsk[62 - i];
502 esk[i + 33] = dsk[63 - i];
503
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]504 esk[i + 64] = esk[i];
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]505 esk[i + 65] = esk[i + 1];
506
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]507 dsk[i + 64] = dsk[i];
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]508 dsk[i + 65] = dsk[i + 1];
509 }
510}
511
512/*
513 * Triple-DES key schedule (112-bit, encryption)
514 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]515int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
516 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]517{
518 uint32_t sk[96];
519
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]520 des3_set2key(ctx->sk, sk, key);
521 mbedtls_platform_zeroize(sk, sizeof(sk));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]522
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]523 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]524}
525
526/*
527 * Triple-DES key schedule (112-bit, decryption)
528 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]529int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
530 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]531{
532 uint32_t sk[96];
533
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]534 des3_set2key(sk, ctx->sk, key);
535 mbedtls_platform_zeroize(sk, sizeof(sk));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]536
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]537 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]538}
539
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]540static void des3_set3key(uint32_t esk[96],
541 uint32_t dsk[96],
542 const unsigned char key[24])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]543{
544 int i;
545
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]546 mbedtls_des_setkey(esk, key);
547 mbedtls_des_setkey(dsk + 32, key + 8);
548 mbedtls_des_setkey(esk + 64, key + 16);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]549
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]550 for (i = 0; i < 32; i += 2) {
551 dsk[i] = esk[94 - i];
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]552 dsk[i + 1] = esk[95 - i];
553
554 esk[i + 32] = dsk[62 - i];
555 esk[i + 33] = dsk[63 - i];
556
557 dsk[i + 64] = esk[30 - i];
558 dsk[i + 65] = esk[31 - i];
559 }
560}
561
562/*
563 * Triple-DES key schedule (168-bit, encryption)
564 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]565int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
566 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]567{
568 uint32_t sk[96];
569
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]570 des3_set3key(ctx->sk, sk, key);
571 mbedtls_platform_zeroize(sk, sizeof(sk));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]572
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]573 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]574}
575
576/*
577 * Triple-DES key schedule (168-bit, decryption)
578 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]579int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
580 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]581{
582 uint32_t sk[96];
583
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]584 des3_set3key(sk, ctx->sk, key);
585 mbedtls_platform_zeroize(sk, sizeof(sk));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]586
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]587 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]588}
589
590/*
591 * DES-ECB block encryption/decryption
592 */
593#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]594int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
595 const unsigned char input[8],
596 unsigned char output[8])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]597{
598 int i;
599 uint32_t X, Y, T, *SK;
600
601 SK = ctx->sk;
602
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]603 X = MBEDTLS_GET_UINT32_BE(input, 0);
604 Y = MBEDTLS_GET_UINT32_BE(input, 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]605
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]606 DES_IP(X, Y);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]607
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]608 for (i = 0; i < 8; i++) {
609 DES_ROUND(Y, X);
610 DES_ROUND(X, Y);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]611 }
612
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]613 DES_FP(Y, X);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]614
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]615 MBEDTLS_PUT_UINT32_BE(Y, output, 0);
616 MBEDTLS_PUT_UINT32_BE(X, output, 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]617
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]618 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]619}
620#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
621
622#if defined(MBEDTLS_CIPHER_MODE_CBC)
623/*
624 * DES-CBC buffer encryption/decryption
625 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]626int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
627 int mode,
628 size_t length,
629 unsigned char iv[8],
630 const unsigned char *input,
631 unsigned char *output)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]632{
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]633 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]634 unsigned char temp[8];
635
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]636 if (length % 8) {
637 return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
638 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]639
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]640 if (mode == MBEDTLS_DES_ENCRYPT) {
641 while (length > 0) {
642 mbedtls_xor(output, input, iv, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]643
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]644 ret = mbedtls_des_crypt_ecb(ctx, output, output);
645 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]646 goto exit;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]647 }
648 memcpy(iv, output, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]649
650 input += 8;
651 output += 8;
652 length -= 8;
653 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]654 } else { /* MBEDTLS_DES_DECRYPT */
655 while (length > 0) {
656 memcpy(temp, input, 8);
657 ret = mbedtls_des_crypt_ecb(ctx, input, output);
658 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]659 goto exit;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]660 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]661
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]662 mbedtls_xor(output, output, iv, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]663
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]664 memcpy(iv, temp, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]665
666 input += 8;
667 output += 8;
668 length -= 8;
669 }
670 }
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]671 ret = 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]672
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]673exit:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]674 return ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]675}
676#endif /* MBEDTLS_CIPHER_MODE_CBC */
677
678/*
679 * 3DES-ECB block encryption/decryption
680 */
681#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]682int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
683 const unsigned char input[8],
684 unsigned char output[8])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]685{
686 int i;
687 uint32_t X, Y, T, *SK;
688
689 SK = ctx->sk;
690
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]691 X = MBEDTLS_GET_UINT32_BE(input, 0);
692 Y = MBEDTLS_GET_UINT32_BE(input, 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]693
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]694 DES_IP(X, Y);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]695
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]696 for (i = 0; i < 8; i++) {
697 DES_ROUND(Y, X);
698 DES_ROUND(X, Y);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]699 }
700
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]701 for (i = 0; i < 8; i++) {
702 DES_ROUND(X, Y);
703 DES_ROUND(Y, X);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]704 }
705
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]706 for (i = 0; i < 8; i++) {
707 DES_ROUND(Y, X);
708 DES_ROUND(X, Y);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]709 }
710
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]711 DES_FP(Y, X);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]712
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]713 MBEDTLS_PUT_UINT32_BE(Y, output, 0);
714 MBEDTLS_PUT_UINT32_BE(X, output, 4);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]715
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]716 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]717}
718#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
719
720#if defined(MBEDTLS_CIPHER_MODE_CBC)
721/*
722 * 3DES-CBC buffer encryption/decryption
723 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]724int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
725 int mode,
726 size_t length,
727 unsigned char iv[8],
728 const unsigned char *input,
729 unsigned char *output)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]730{
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]731 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]732 unsigned char temp[8];
733
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]734 if (length % 8) {
735 return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
736 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]737
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]738 if (mode == MBEDTLS_DES_ENCRYPT) {
739 while (length > 0) {
740 mbedtls_xor(output, input, iv, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]741
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]742 ret = mbedtls_des3_crypt_ecb(ctx, output, output);
743 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]744 goto exit;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]745 }
746 memcpy(iv, output, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]747
748 input += 8;
749 output += 8;
750 length -= 8;
751 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]752 } else { /* MBEDTLS_DES_DECRYPT */
753 while (length > 0) {
754 memcpy(temp, input, 8);
755 ret = mbedtls_des3_crypt_ecb(ctx, input, output);
756 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]757 goto exit;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]758 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]759
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]760 mbedtls_xor(output, output, iv, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]761
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]762 memcpy(iv, temp, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]763
764 input += 8;
765 output += 8;
766 length -= 8;
767 }
768 }
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]769 ret = 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]770
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]771exit:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]772 return ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]773}
774#endif /* MBEDTLS_CIPHER_MODE_CBC */
775
776#endif /* !MBEDTLS_DES_ALT */
777
778#if defined(MBEDTLS_SELF_TEST)
779/*
780 * DES and 3DES test vectors from:
781 *
782 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
783 */
784static const unsigned char des3_test_keys[24] =
785{
786 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
787 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
788 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
789};
790
791static const unsigned char des3_test_buf[8] =
792{
793 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
794};
795
796static const unsigned char des3_test_ecb_dec[3][8] =
797{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]798 { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 },
799 { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 },
800 { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]801};
802
803static const unsigned char des3_test_ecb_enc[3][8] =
804{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]805 { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB },
806 { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 },
807 { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]808};
809
810#if defined(MBEDTLS_CIPHER_MODE_CBC)
811static const unsigned char des3_test_iv[8] =
812{
813 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
814};
815
816static const unsigned char des3_test_cbc_dec[3][8] =
817{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]818 { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A },
819 { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 },
820 { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]821};
822
823static const unsigned char des3_test_cbc_enc[3][8] =
824{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]825 { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D },
826 { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 },
827 { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]828};
829#endif /* MBEDTLS_CIPHER_MODE_CBC */
830
831/*
832 * Checkup routine
833 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]834int mbedtls_des_self_test(int verbose)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]835{
836 int i, j, u, v, ret = 0;
837 mbedtls_des_context ctx;
838 mbedtls_des3_context ctx3;
839 unsigned char buf[8];
840#if defined(MBEDTLS_CIPHER_MODE_CBC)
841 unsigned char prv[8];
842 unsigned char iv[8];
843#endif
844
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]845 mbedtls_des_init(&ctx);
846 mbedtls_des3_init(&ctx3);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]847 /*
848 * ECB mode
849 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]850 for (i = 0; i < 6; i++) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]851 u = i >> 1;
852 v = i & 1;
853
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]854 if (verbose != 0) {
855 mbedtls_printf(" DES%c-ECB-%3d (%s): ",
856 (u == 0) ? ' ' : '3', 56 + u * 56,
857 (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]858 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]859
860 memcpy(buf, des3_test_buf, 8);
861
862 switch (i) {
863 case 0:
864 ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
865 break;
866
867 case 1:
868 ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
869 break;
870
871 case 2:
872 ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
873 break;
874
875 case 3:
876 ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
877 break;
878
879 case 4:
880 ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
881 break;
882
883 case 5:
884 ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
885 break;
886
887 default:
888 return 1;
889 }
890 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]891 goto exit;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]892 }
893
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]894 for (j = 0; j < 100; j++) {
895 if (u == 0) {
896 ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
897 } else {
898 ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
899 }
900 if (ret != 0) {
901 goto exit;
902 }
903 }
904
905 if ((v == MBEDTLS_DES_DECRYPT &&
906 memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
907 (v != MBEDTLS_DES_DECRYPT &&
908 memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
909 if (verbose != 0) {
910 mbedtls_printf("failed\n");
911 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]912
913 ret = 1;
914 goto exit;
915 }
916
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]917 if (verbose != 0) {
918 mbedtls_printf("passed\n");
919 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]920 }
921
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]922 if (verbose != 0) {
923 mbedtls_printf("\n");
924 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]925
926#if defined(MBEDTLS_CIPHER_MODE_CBC)
927 /*
928 * CBC mode
929 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]930 for (i = 0; i < 6; i++) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]931 u = i >> 1;
932 v = i & 1;
933
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]934 if (verbose != 0) {
935 mbedtls_printf(" DES%c-CBC-%3d (%s): ",
936 (u == 0) ? ' ' : '3', 56 + u * 56,
937 (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]938 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]939
940 memcpy(iv, des3_test_iv, 8);
941 memcpy(prv, des3_test_iv, 8);
942 memcpy(buf, des3_test_buf, 8);
943
944 switch (i) {
945 case 0:
946 ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
947 break;
948
949 case 1:
950 ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
951 break;
952
953 case 2:
954 ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
955 break;
956
957 case 3:
958 ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
959 break;
960
961 case 4:
962 ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
963 break;
964
965 case 5:
966 ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
967 break;
968
969 default:
970 return 1;
971 }
972 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]973 goto exit;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]974 }
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]975
976 if (v == MBEDTLS_DES_DECRYPT) {
977 for (j = 0; j < 100; j++) {
978 if (u == 0) {
979 ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
980 } else {
981 ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
982 }
983 if (ret != 0) {
984 goto exit;
985 }
986 }
987 } else {
988 for (j = 0; j < 100; j++) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]989 unsigned char tmp[8];
990
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]991 if (u == 0) {
992 ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
993 } else {
994 ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
995 }
996 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]997 goto exit;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]998 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]999
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1000 memcpy(tmp, prv, 8);
1001 memcpy(prv, buf, 8);
1002 memcpy(buf, tmp, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1003 }
1004
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1005 memcpy(buf, prv, 8);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1006 }
1007
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1008 if ((v == MBEDTLS_DES_DECRYPT &&
1009 memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
1010 (v != MBEDTLS_DES_DECRYPT &&
1011 memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
1012 if (verbose != 0) {
1013 mbedtls_printf("failed\n");
1014 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1015
1016 ret = 1;
1017 goto exit;
1018 }
1019
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1020 if (verbose != 0) {
1021 mbedtls_printf("passed\n");
1022 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1023 }
1024#endif /* MBEDTLS_CIPHER_MODE_CBC */
1025
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1026 if (verbose != 0) {
1027 mbedtls_printf("\n");
1028 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1029
1030exit:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1031 mbedtls_des_free(&ctx);
1032 mbedtls_des3_free(&ctx3);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1033
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1034 if (ret != 0) {
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]1035 ret = 1;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1036 }
1037 return ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1038}
1039
1040#endif /* MBEDTLS_SELF_TEST */
1041
1042#endif /* MBEDTLS_DES_C */