The Pedigree Project  0.1
des.c
1 /*
2  * FIPS-46-3 compliant Triple-DES implementation
3  *
4  * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5  *
6  * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
7  *
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * * Redistributions of source code must retain the above copyright
15  * notice, this list of conditions and the following disclaimer.
16  * * Redistributions in binary form must reproduce the above copyright
17  * notice, this list of conditions and the following disclaimer in the
18  * documentation and/or other materials provided with the distribution.
19  * * Neither the names of PolarSSL or XySSL nor the names of its contributors
20  * may be used to endorse or promote products derived from this software
21  * without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 /*
36  * DES, on which TDES is based, was originally designed by Horst Feistel
37  * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
38  *
39  * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
40  */
41 
42 #include "netif/ppp/ppp_opts.h"
43 #if PPP_SUPPORT && LWIP_INCLUDED_POLARSSL_DES
44 
45 #include "netif/ppp/polarssl/des.h"
46 
47 /*
48  * 32-bit integer manipulation macros (big endian)
49  */
50 #ifndef GET_ULONG_BE
51 #define GET_ULONG_BE(n,b,i) \
52 { \
53  (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
54  | ( (unsigned long) (b)[(i) + 1] << 16 ) \
55  | ( (unsigned long) (b)[(i) + 2] << 8 ) \
56  | ( (unsigned long) (b)[(i) + 3] ); \
57 }
58 #endif
59 
60 #ifndef PUT_ULONG_BE
61 #define PUT_ULONG_BE(n,b,i) \
62 { \
63  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
64  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
65  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
66  (b)[(i) + 3] = (unsigned char) ( (n) ); \
67 }
68 #endif
69 
70 /*
71  * Expanded DES S-boxes
72  */
73 static const unsigned long SB1[64] =
74 {
75  0x01010400, 0x00000000, 0x00010000, 0x01010404,
76  0x01010004, 0x00010404, 0x00000004, 0x00010000,
77  0x00000400, 0x01010400, 0x01010404, 0x00000400,
78  0x01000404, 0x01010004, 0x01000000, 0x00000004,
79  0x00000404, 0x01000400, 0x01000400, 0x00010400,
80  0x00010400, 0x01010000, 0x01010000, 0x01000404,
81  0x00010004, 0x01000004, 0x01000004, 0x00010004,
82  0x00000000, 0x00000404, 0x00010404, 0x01000000,
83  0x00010000, 0x01010404, 0x00000004, 0x01010000,
84  0x01010400, 0x01000000, 0x01000000, 0x00000400,
85  0x01010004, 0x00010000, 0x00010400, 0x01000004,
86  0x00000400, 0x00000004, 0x01000404, 0x00010404,
87  0x01010404, 0x00010004, 0x01010000, 0x01000404,
88  0x01000004, 0x00000404, 0x00010404, 0x01010400,
89  0x00000404, 0x01000400, 0x01000400, 0x00000000,
90  0x00010004, 0x00010400, 0x00000000, 0x01010004
91 };
92 
93 static const unsigned long SB2[64] =
94 {
95  0x80108020, 0x80008000, 0x00008000, 0x00108020,
96  0x00100000, 0x00000020, 0x80100020, 0x80008020,
97  0x80000020, 0x80108020, 0x80108000, 0x80000000,
98  0x80008000, 0x00100000, 0x00000020, 0x80100020,
99  0x00108000, 0x00100020, 0x80008020, 0x00000000,
100  0x80000000, 0x00008000, 0x00108020, 0x80100000,
101  0x00100020, 0x80000020, 0x00000000, 0x00108000,
102  0x00008020, 0x80108000, 0x80100000, 0x00008020,
103  0x00000000, 0x00108020, 0x80100020, 0x00100000,
104  0x80008020, 0x80100000, 0x80108000, 0x00008000,
105  0x80100000, 0x80008000, 0x00000020, 0x80108020,
106  0x00108020, 0x00000020, 0x00008000, 0x80000000,
107  0x00008020, 0x80108000, 0x00100000, 0x80000020,
108  0x00100020, 0x80008020, 0x80000020, 0x00100020,
109  0x00108000, 0x00000000, 0x80008000, 0x00008020,
110  0x80000000, 0x80100020, 0x80108020, 0x00108000
111 };
112 
113 static const unsigned long SB3[64] =
114 {
115  0x00000208, 0x08020200, 0x00000000, 0x08020008,
116  0x08000200, 0x00000000, 0x00020208, 0x08000200,
117  0x00020008, 0x08000008, 0x08000008, 0x00020000,
118  0x08020208, 0x00020008, 0x08020000, 0x00000208,
119  0x08000000, 0x00000008, 0x08020200, 0x00000200,
120  0x00020200, 0x08020000, 0x08020008, 0x00020208,
121  0x08000208, 0x00020200, 0x00020000, 0x08000208,
122  0x00000008, 0x08020208, 0x00000200, 0x08000000,
123  0x08020200, 0x08000000, 0x00020008, 0x00000208,
124  0x00020000, 0x08020200, 0x08000200, 0x00000000,
125  0x00000200, 0x00020008, 0x08020208, 0x08000200,
126  0x08000008, 0x00000200, 0x00000000, 0x08020008,
127  0x08000208, 0x00020000, 0x08000000, 0x08020208,
128  0x00000008, 0x00020208, 0x00020200, 0x08000008,
129  0x08020000, 0x08000208, 0x00000208, 0x08020000,
130  0x00020208, 0x00000008, 0x08020008, 0x00020200
131 };
132 
133 static const unsigned long SB4[64] =
134 {
135  0x00802001, 0x00002081, 0x00002081, 0x00000080,
136  0x00802080, 0x00800081, 0x00800001, 0x00002001,
137  0x00000000, 0x00802000, 0x00802000, 0x00802081,
138  0x00000081, 0x00000000, 0x00800080, 0x00800001,
139  0x00000001, 0x00002000, 0x00800000, 0x00802001,
140  0x00000080, 0x00800000, 0x00002001, 0x00002080,
141  0x00800081, 0x00000001, 0x00002080, 0x00800080,
142  0x00002000, 0x00802080, 0x00802081, 0x00000081,
143  0x00800080, 0x00800001, 0x00802000, 0x00802081,
144  0x00000081, 0x00000000, 0x00000000, 0x00802000,
145  0x00002080, 0x00800080, 0x00800081, 0x00000001,
146  0x00802001, 0x00002081, 0x00002081, 0x00000080,
147  0x00802081, 0x00000081, 0x00000001, 0x00002000,
148  0x00800001, 0x00002001, 0x00802080, 0x00800081,
149  0x00002001, 0x00002080, 0x00800000, 0x00802001,
150  0x00000080, 0x00800000, 0x00002000, 0x00802080
151 };
152 
153 static const unsigned long SB5[64] =
154 {
155  0x00000100, 0x02080100, 0x02080000, 0x42000100,
156  0x00080000, 0x00000100, 0x40000000, 0x02080000,
157  0x40080100, 0x00080000, 0x02000100, 0x40080100,
158  0x42000100, 0x42080000, 0x00080100, 0x40000000,
159  0x02000000, 0x40080000, 0x40080000, 0x00000000,
160  0x40000100, 0x42080100, 0x42080100, 0x02000100,
161  0x42080000, 0x40000100, 0x00000000, 0x42000000,
162  0x02080100, 0x02000000, 0x42000000, 0x00080100,
163  0x00080000, 0x42000100, 0x00000100, 0x02000000,
164  0x40000000, 0x02080000, 0x42000100, 0x40080100,
165  0x02000100, 0x40000000, 0x42080000, 0x02080100,
166  0x40080100, 0x00000100, 0x02000000, 0x42080000,
167  0x42080100, 0x00080100, 0x42000000, 0x42080100,
168  0x02080000, 0x00000000, 0x40080000, 0x42000000,
169  0x00080100, 0x02000100, 0x40000100, 0x00080000,
170  0x00000000, 0x40080000, 0x02080100, 0x40000100
171 };
172 
173 static const unsigned long SB6[64] =
174 {
175  0x20000010, 0x20400000, 0x00004000, 0x20404010,
176  0x20400000, 0x00000010, 0x20404010, 0x00400000,
177  0x20004000, 0x00404010, 0x00400000, 0x20000010,
178  0x00400010, 0x20004000, 0x20000000, 0x00004010,
179  0x00000000, 0x00400010, 0x20004010, 0x00004000,
180  0x00404000, 0x20004010, 0x00000010, 0x20400010,
181  0x20400010, 0x00000000, 0x00404010, 0x20404000,
182  0x00004010, 0x00404000, 0x20404000, 0x20000000,
183  0x20004000, 0x00000010, 0x20400010, 0x00404000,
184  0x20404010, 0x00400000, 0x00004010, 0x20000010,
185  0x00400000, 0x20004000, 0x20000000, 0x00004010,
186  0x20000010, 0x20404010, 0x00404000, 0x20400000,
187  0x00404010, 0x20404000, 0x00000000, 0x20400010,
188  0x00000010, 0x00004000, 0x20400000, 0x00404010,
189  0x00004000, 0x00400010, 0x20004010, 0x00000000,
190  0x20404000, 0x20000000, 0x00400010, 0x20004010
191 };
192 
193 static const unsigned long SB7[64] =
194 {
195  0x00200000, 0x04200002, 0x04000802, 0x00000000,
196  0x00000800, 0x04000802, 0x00200802, 0x04200800,
197  0x04200802, 0x00200000, 0x00000000, 0x04000002,
198  0x00000002, 0x04000000, 0x04200002, 0x00000802,
199  0x04000800, 0x00200802, 0x00200002, 0x04000800,
200  0x04000002, 0x04200000, 0x04200800, 0x00200002,
201  0x04200000, 0x00000800, 0x00000802, 0x04200802,
202  0x00200800, 0x00000002, 0x04000000, 0x00200800,
203  0x04000000, 0x00200800, 0x00200000, 0x04000802,
204  0x04000802, 0x04200002, 0x04200002, 0x00000002,
205  0x00200002, 0x04000000, 0x04000800, 0x00200000,
206  0x04200800, 0x00000802, 0x00200802, 0x04200800,
207  0x00000802, 0x04000002, 0x04200802, 0x04200000,
208  0x00200800, 0x00000000, 0x00000002, 0x04200802,
209  0x00000000, 0x00200802, 0x04200000, 0x00000800,
210  0x04000002, 0x04000800, 0x00000800, 0x00200002
211 };
212 
213 static const unsigned long SB8[64] =
214 {
215  0x10001040, 0x00001000, 0x00040000, 0x10041040,
216  0x10000000, 0x10001040, 0x00000040, 0x10000000,
217  0x00040040, 0x10040000, 0x10041040, 0x00041000,
218  0x10041000, 0x00041040, 0x00001000, 0x00000040,
219  0x10040000, 0x10000040, 0x10001000, 0x00001040,
220  0x00041000, 0x00040040, 0x10040040, 0x10041000,
221  0x00001040, 0x00000000, 0x00000000, 0x10040040,
222  0x10000040, 0x10001000, 0x00041040, 0x00040000,
223  0x00041040, 0x00040000, 0x10041000, 0x00001000,
224  0x00000040, 0x10040040, 0x00001000, 0x00041040,
225  0x10001000, 0x00000040, 0x10000040, 0x10040000,
226  0x10040040, 0x10000000, 0x00040000, 0x10001040,
227  0x00000000, 0x10041040, 0x00040040, 0x10000040,
228  0x10040000, 0x10001000, 0x10001040, 0x00000000,
229  0x10041040, 0x00041000, 0x00041000, 0x00001040,
230  0x00001040, 0x00040040, 0x10000000, 0x10041000
231 };
232 
233 /*
234  * PC1: left and right halves bit-swap
235  */
236 static const unsigned long LHs[16] =
237 {
238  0x00000000, 0x00000001, 0x00000100, 0x00000101,
239  0x00010000, 0x00010001, 0x00010100, 0x00010101,
240  0x01000000, 0x01000001, 0x01000100, 0x01000101,
241  0x01010000, 0x01010001, 0x01010100, 0x01010101
242 };
243 
244 static const unsigned long RHs[16] =
245 {
246  0x00000000, 0x01000000, 0x00010000, 0x01010000,
247  0x00000100, 0x01000100, 0x00010100, 0x01010100,
248  0x00000001, 0x01000001, 0x00010001, 0x01010001,
249  0x00000101, 0x01000101, 0x00010101, 0x01010101,
250 };
251 
252 /*
253  * Initial Permutation macro
254  */
255 #define DES_IP(X,Y) \
256 { \
257  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
258  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
259  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
260  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
261  Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
262  T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
263  X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
264 }
265 
266 /*
267  * Final Permutation macro
268  */
269 #define DES_FP(X,Y) \
270 { \
271  X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
272  T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
273  Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
274  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
275  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
276  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
277  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
278 }
279 
280 /*
281  * DES round macro
282  */
283 #define DES_ROUND(X,Y) \
284 { \
285  T = *SK++ ^ X; \
286  Y ^= SB8[ (T ) & 0x3F ] ^ \
287  SB6[ (T >> 8) & 0x3F ] ^ \
288  SB4[ (T >> 16) & 0x3F ] ^ \
289  SB2[ (T >> 24) & 0x3F ]; \
290  \
291  T = *SK++ ^ ((X << 28) | (X >> 4)); \
292  Y ^= SB7[ (T ) & 0x3F ] ^ \
293  SB5[ (T >> 8) & 0x3F ] ^ \
294  SB3[ (T >> 16) & 0x3F ] ^ \
295  SB1[ (T >> 24) & 0x3F ]; \
296 }
297 
298 #define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
299 
300 static void des_setkey( unsigned long SK[32], unsigned char key[8] )
301 {
302  int i;
303  unsigned long X, Y, T;
304 
305  GET_ULONG_BE( X, key, 0 );
306  GET_ULONG_BE( Y, key, 4 );
307 
308  /*
309  * Permuted Choice 1
310  */
311  T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
312  T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
313 
314  X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
315  | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
316  | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
317  | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
318 
319  Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
320  | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
321  | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
322  | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
323 
324  X &= 0x0FFFFFFF;
325  Y &= 0x0FFFFFFF;
326 
327  /*
328  * calculate subkeys
329  */
330  for( i = 0; i < 16; i++ )
331  {
332  if( i < 2 || i == 8 || i == 15 )
333  {
334  X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
335  Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
336  }
337  else
338  {
339  X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
340  Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
341  }
342 
343  *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
344  | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
345  | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
346  | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
347  | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
348  | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
349  | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
350  | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
351  | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
352  | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
353  | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
354 
355  *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
356  | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
357  | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
358  | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
359  | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
360  | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
361  | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
362  | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
363  | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
364  | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
365  | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
366  }
367 }
368 
369 /*
370  * DES key schedule (56-bit, encryption)
371  */
372 void des_setkey_enc( des_context *ctx, unsigned char key[8] )
373 {
374  des_setkey( ctx->sk, key );
375 }
376 
377 /*
378  * DES key schedule (56-bit, decryption)
379  */
380 void des_setkey_dec( des_context *ctx, unsigned char key[8] )
381 {
382  int i;
383 
384  des_setkey( ctx->sk, key );
385 
386  for( i = 0; i < 16; i += 2 )
387  {
388  SWAP( ctx->sk[i ], ctx->sk[30 - i] );
389  SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
390  }
391 }
392 
393 /*
394  * DES-ECB block encryption/decryption
395  */
396 void des_crypt_ecb( des_context *ctx,
397  const unsigned char input[8],
398  unsigned char output[8] )
399 {
400  int i;
401  unsigned long X, Y, T, *SK;
402 
403  SK = ctx->sk;
404 
405  GET_ULONG_BE( X, input, 0 );
406  GET_ULONG_BE( Y, input, 4 );
407 
408  DES_IP( X, Y );
409 
410  for( i = 0; i < 8; i++ )
411  {
412  DES_ROUND( Y, X );
413  DES_ROUND( X, Y );
414  }
415 
416  DES_FP( Y, X );
417 
418  PUT_ULONG_BE( Y, output, 0 );
419  PUT_ULONG_BE( X, output, 4 );
420 }
421 
422 #endif /* PPP_SUPPORT && LWIP_INCLUDED_POLARSSL_DES */
Generated on Fri Jan 24 2020 06:46:12 for The Pedigree Project by   doxygen 1.8.11