cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
ctx_3des.c
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Triple DES Encryption Routines *
4 * Copyright Peter Gutmann 1994-2005 *
5 * *
6 ****************************************************************************/
7 
8 #if defined( INC_ALL )
9  #include "crypt.h"
10  #include "context.h"
11  #include "des.h"
12 #else
13  #include "crypt.h"
14  #include "context/context.h"
15  #include "crypt/des.h"
16 #endif /* Compiler-specific includes */
17 
18 /* The DES block size */
19 
20 #define DES_BLOCKSIZE 8
21 
22 #if defined( INC_ALL )
23  #include "testdes.h"
24 #else
25  #include "crypt/testdes.h"
26 #endif /* Compiler-specific includes */
27 
28 /* A structure to hold the keyscheduled DES keys */
29 
30 typedef struct {
31  Key_schedule desKey1; /* The first DES key */
32  Key_schedule desKey2; /* The second DES key */
33  Key_schedule desKey3; /* The third DES key */
34  } DES3_KEY;
35 
36 /* The size of the keyscheduled DES and 3DES keys */
37 
38 #define DES_KEYSIZE sizeof( Key_schedule )
39 #define DES3_KEYSIZE sizeof( DES3_KEY )
40 
41 /****************************************************************************
42 * *
43 * 3DES Self-test Routines *
44 * *
45 ****************************************************************************/
46 
47 #ifndef CONFIG_NO_SELFTEST
48 
49 /* Test the DES implementation against the test vectors given in NBS Special
50  Publication 800-20, 1999 (which are actually the same as 500-20, 1980,
51  since they require that K1 = K2 = K3, but we do it anyway so we can claim
52  compliance) */
53 
54 static int testLoop( const DES_TEST *testDES, int iterations )
55  {
56  const CAPABILITY_INFO *capabilityInfo = get3DESCapability();
57  BYTE keyData[ DES3_KEYSIZE + 8 ];
58  int i, status;
59 
60  for( i = 0; i < iterations; i++ )
61  {
62  BYTE desKeyData[ ( DES_BLOCKSIZE * 3 ) + 8 ];
63 
64  memcpy( desKeyData, testDES[ i ].key, DES_BLOCKSIZE );
65  memcpy( desKeyData + DES_BLOCKSIZE, testDES[ i ].key,
66  DES_BLOCKSIZE );
67  memcpy( desKeyData + ( DES_BLOCKSIZE * 2 ), testDES[ i ].key,
68  DES_BLOCKSIZE );
69 
70  /* The self-test uses weak keys, which means they'll be rejected by
71  the key-load function if it checks for these. For the OpenSSL
72  DES implementation we can kludge around this by temporarily
73  clearing the global des_check_key value, but for other
74  implementations some alternative workaround will be necessary */
75  des_check_key = FALSE;
76  status = testCipher( capabilityInfo, keyData, desKeyData,
77  DES_BLOCKSIZE * 3, testDES[ i ].plaintext,
78  testDES[ i ].ciphertext );
79  des_check_key = TRUE;
80  if( cryptStatusError( status ) )
81  return( status );
82  }
83 
84  return( CRYPT_OK );
85  }
86 
87 static int selfTest( void )
88  {
89  /* Check the 3DES test vectors. Note that we don't perform the RS test,
90  since it's valid only for single DES */
91  if( ( testLoop( testIP, sizeof( testIP ) / sizeof( DES_TEST ) ) != CRYPT_OK ) || \
92  ( testLoop( testVP, sizeof( testVP ) / sizeof( DES_TEST ) ) != CRYPT_OK ) || \
93  ( testLoop( testKP, sizeof( testKP ) / sizeof( DES_TEST ) ) != CRYPT_OK ) || \
94  ( testLoop( testDP, sizeof( testDP ) / sizeof( DES_TEST ) ) != CRYPT_OK ) || \
95  ( testLoop( testSB, sizeof( testSB ) / sizeof( DES_TEST ) ) != CRYPT_OK ) )
96  return( CRYPT_ERROR_FAILED );
97 
98  return( CRYPT_OK );
99  }
100 #else
101  #define selfTest NULL
102 #endif /* !CONFIG_NO_SELFTEST */
103 
104 /****************************************************************************
105 * *
106 * Control Routines *
107 * *
108 ****************************************************************************/
109 
110 /* Return context subtype-specific information */
111 
112 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
113 static int getInfo( IN_ENUM( CAPABILITY_INFO ) const CAPABILITY_INFO_TYPE type,
114  INOUT_OPT CONTEXT_INFO *contextInfoPtr,
115  OUT void *data,
116  IN_INT_Z const int length )
117  {
118  assert( contextInfoPtr == NULL || \
119  isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
120  assert( ( length == 0 && isWritePtr( data, sizeof( int ) ) ) || \
121  ( length > 0 && isWritePtr( data, length ) ) );
122 
123  REQUIRES( type > CAPABILITY_INFO_NONE && type < CAPABILITY_INFO_LAST );
124 
125  if( type == CAPABILITY_INFO_STATESIZE )
126  {
127  int *valuePtr = ( int * ) data;
128 
129  *valuePtr = DES3_KEYSIZE;
130 
131  return( CRYPT_OK );
132  }
133 
134  return( getDefaultInfo( type, contextInfoPtr, data, length ) );
135  }
136 
137 /****************************************************************************
138 * *
139 * 3DES En/Decryption Routines *
140 * *
141 ****************************************************************************/
142 
143 /* Encrypt/decrypt data in ECB mode */
144 
145 static int encryptECB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
146  int noBytes )
147  {
148  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
149  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
150  int blockCount = noBytes / DES_BLOCKSIZE;
151 
152  while( blockCount-- > 0 )
153  {
154  /* Encrypt a block of data */
155  des_ecb3_encrypt( ( C_Block * ) buffer, ( C_Block * ) buffer,
156  des3Key->desKey1, des3Key->desKey2,
157  des3Key->desKey3, DES_ENCRYPT );
158 
159  /* Move on to next block of data */
160  buffer += DES_BLOCKSIZE;
161  }
162 
163  return( CRYPT_OK );
164  }
165 
166 static int decryptECB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
167  int noBytes )
168  {
169  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
170  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
171  int blockCount = noBytes / DES_BLOCKSIZE;
172 
173  while( blockCount-- > 0 )
174  {
175  /* Decrypt a block of data */
176  des_ecb3_encrypt( ( C_Block * ) buffer, ( C_Block * ) buffer,
177  des3Key->desKey1, des3Key->desKey2,
178  des3Key->desKey3, DES_DECRYPT );
179 
180  /* Move on to next block of data */
181  buffer += DES_BLOCKSIZE;
182  }
183 
184  return( CRYPT_OK );
185  }
186 
187 /* Encrypt/decrypt data in CBC mode */
188 
189 static int encryptCBC( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
190  int noBytes )
191  {
192  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
193  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
194 
195  des_ede3_cbc_encrypt( buffer, buffer, noBytes,
196  des3Key->desKey1, des3Key->desKey2, des3Key->desKey3,
197  ( C_Block * ) convInfo->currentIV, DES_ENCRYPT );
198 
199  return( CRYPT_OK );
200  }
201 
202 static int decryptCBC( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
203  int noBytes )
204  {
205  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
206  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
207 
208  des_ede3_cbc_encrypt( buffer, buffer, noBytes,
209  des3Key->desKey1, des3Key->desKey2, des3Key->desKey3,
210  ( C_Block * ) convInfo->currentIV, DES_DECRYPT );
211 
212  return( CRYPT_OK );
213  }
214 
215 /* Encrypt/decrypt data in CFB mode */
216 
217 static int encryptCFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
218  int noBytes )
219  {
220  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
221  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
222  int i, ivCount = convInfo->ivCount;
223 
224  /* If there's any encrypted material left in the IV, use it now */
225  if( ivCount > 0 )
226  {
227  int bytesToUse;
228 
229  /* Find out how much material left in the encrypted IV we can use */
230  bytesToUse = DES_BLOCKSIZE - ivCount;
231  if( noBytes < bytesToUse )
232  bytesToUse = noBytes;
233 
234  /* Encrypt the data */
235  for( i = 0; i < bytesToUse; i++ )
236  buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
237  memcpy( convInfo->currentIV + ivCount, buffer, bytesToUse );
238 
239  /* Adjust the byte count and buffer position */
240  noBytes -= bytesToUse;
241  buffer += bytesToUse;
242  ivCount += bytesToUse;
243  }
244 
245  while( noBytes > 0 )
246  {
247  ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
248 
249  /* Encrypt the IV */
250  des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
251  ( C_Block * ) convInfo->currentIV,
252  des3Key->desKey1, des3Key->desKey2,
253  des3Key->desKey3, DES_ENCRYPT );
254 
255  /* XOR the buffer contents with the encrypted IV */
256  for( i = 0; i < ivCount; i++ )
257  buffer[ i ] ^= convInfo->currentIV[ i ];
258 
259  /* Shift the ciphertext into the IV */
260  memcpy( convInfo->currentIV, buffer, ivCount );
261 
262  /* Move on to next block of data */
263  noBytes -= ivCount;
264  buffer += ivCount;
265  }
266 
267  /* Remember how much of the IV is still available for use */
268  convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
269 
270  return( CRYPT_OK );
271  }
272 
273 /* Decrypt data in CFB mode. Note that the transformation can be made
274  faster (but less clear) with temp = buffer, buffer ^= iv, iv = temp
275  all in one loop */
276 
277 static int decryptCFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
278  int noBytes )
279  {
280  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
281  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
282  BYTE temp[ DES_BLOCKSIZE + 8 ];
283  int i, ivCount = convInfo->ivCount;
284 
285  /* If there's any encrypted material left in the IV, use it now */
286  if( ivCount > 0 )
287  {
288  int bytesToUse;
289 
290  /* Find out how much material left in the encrypted IV we can use */
291  bytesToUse = DES_BLOCKSIZE - ivCount;
292  if( noBytes < bytesToUse )
293  bytesToUse = noBytes;
294 
295  /* Decrypt the data */
296  memcpy( temp, buffer, bytesToUse );
297  for( i = 0; i < bytesToUse; i++ )
298  buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
299  memcpy( convInfo->currentIV + ivCount, temp,
300  bytesToUse );
301 
302  /* Adjust the byte count and buffer position */
303  noBytes -= bytesToUse;
304  buffer += bytesToUse;
305  ivCount += bytesToUse;
306  }
307 
308  while( noBytes > 0 )
309  {
310  ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
311 
312  /* Encrypt the IV */
313  des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
314  ( C_Block * ) convInfo->currentIV,
315  des3Key->desKey1, des3Key->desKey2,
316  des3Key->desKey3, DES_ENCRYPT );
317 
318  /* Save the ciphertext */
319  memcpy( temp, buffer, ivCount );
320 
321  /* XOR the buffer contents with the encrypted IV */
322  for( i = 0; i < ivCount; i++ )
323  buffer[ i ] ^= convInfo->currentIV[ i ];
324 
325  /* Shift the ciphertext into the IV */
326  memcpy( convInfo->currentIV, temp, ivCount );
327 
328  /* Move on to next block of data */
329  noBytes -= ivCount;
330  buffer += ivCount;
331  }
332 
333  /* Remember how much of the IV is still available for use */
334  convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
335 
336  /* Clear the temporary buffer */
337  zeroise( temp, DES_BLOCKSIZE );
338 
339  return( CRYPT_OK );
340  }
341 
342 /* Encrypt/decrypt data in OFB mode */
343 
344 static int encryptOFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
345  int noBytes )
346  {
347  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
348  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
349  int i, ivCount = convInfo->ivCount;
350 
351  /* If there's any encrypted material left in the IV, use it now */
352  if( ivCount > 0 )
353  {
354  int bytesToUse;
355 
356  /* Find out how much material left in the encrypted IV we can use */
357  bytesToUse = DES_BLOCKSIZE - ivCount;
358  if( noBytes < bytesToUse )
359  bytesToUse = noBytes;
360 
361  /* Encrypt the data */
362  for( i = 0; i < bytesToUse; i++ )
363  buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
364 
365  /* Adjust the byte count and buffer position */
366  noBytes -= bytesToUse;
367  buffer += bytesToUse;
368  ivCount += bytesToUse;
369  }
370 
371  while( noBytes > 0 )
372  {
373  ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
374 
375  /* Encrypt the IV */
376  des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
377  ( C_Block * ) convInfo->currentIV,
378  des3Key->desKey1, des3Key->desKey2,
379  des3Key->desKey3, DES_ENCRYPT );
380 
381  /* XOR the buffer contents with the encrypted IV */
382  for( i = 0; i < ivCount; i++ )
383  buffer[ i ] ^= convInfo->currentIV[ i ];
384 
385  /* Move on to next block of data */
386  noBytes -= ivCount;
387  buffer += ivCount;
388  }
389 
390  /* Remember how much of the IV is still available for use */
391  convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
392 
393  return( CRYPT_OK );
394  }
395 
396 /* Decrypt data in OFB mode */
397 
398 static int decryptOFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
399  int noBytes )
400  {
401  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
402  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
403  int i, ivCount = convInfo->ivCount;
404 
405  /* If there's any encrypted material left in the IV, use it now */
406  if( ivCount > 0 )
407  {
408  int bytesToUse;
409 
410  /* Find out how much material left in the encrypted IV we can use */
411  bytesToUse = DES_BLOCKSIZE - ivCount;
412  if( noBytes < bytesToUse )
413  bytesToUse = noBytes;
414 
415  /* Decrypt the data */
416  for( i = 0; i < bytesToUse; i++ )
417  buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
418 
419  /* Adjust the byte count and buffer position */
420  noBytes -= bytesToUse;
421  buffer += bytesToUse;
422  ivCount += bytesToUse;
423  }
424 
425  while( noBytes > 0 )
426  {
427  ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
428 
429  /* Encrypt the IV */
430  des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
431  ( C_Block * ) convInfo->currentIV,
432  des3Key->desKey1, des3Key->desKey2,
433  des3Key->desKey3, DES_ENCRYPT );
434 
435  /* XOR the buffer contents with the encrypted IV */
436  for( i = 0; i < ivCount; i++ )
437  buffer[ i ] ^= convInfo->currentIV[ i ];
438 
439  /* Move on to next block of data */
440  noBytes -= ivCount;
441  buffer += ivCount;
442  }
443 
444  /* Remember how much of the IV is still available for use */
445  convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
446 
447  return( CRYPT_OK );
448  }
449 
450 /****************************************************************************
451 * *
452 * 3DES Key Management Routines *
453 * *
454 ****************************************************************************/
455 
456 /* Key schedule two/three DES keys */
457 
458 static int initKey( CONTEXT_INFO *contextInfoPtr, const void *key,
459  const int keyLength )
460  {
461  CONV_INFO *convInfo = contextInfoPtr->ctxConv;
462  DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
463  BOOLEAN useEDE = FALSE;
464 
465  REQUIRES( keyLength >= MIN_KEYSIZE && keyLength <= DES_BLOCKSIZE * 3 );
466 
467  /* Copy the key to internal storage */
468  if( convInfo->userKey != key )
469  memcpy( convInfo->userKey, key, keyLength );
470  convInfo->userKeyLength = keyLength;
471 
472  /* Check the key size. This gets a bit complicated because although we
473  follow X9.52 and default to three-key triple DES, we'll often be
474  passed a 128 (112)-bit key which was common in older designs. If this
475  happens we take the 112-bit key and repeat the first 56 bits to create
476  a 168-bit key. X9.52 says that if the caller wants EDE behaviour they
477  have to set it up themselves using a full 168-bit key, but this will
478  cause problems for people using the high-level functions which don't
479  allow this level of control, so if we're passed a 112-bit key we just
480  expand it out to 168 bits to get two-key EDE */
481  if( keyLength <= bitsToBytes( 64 * 2 ) )
482  useEDE = TRUE; /* Only 112 bits of key, force EDE mode */
483 
484  /* Call the libdes key schedule code. Returns with -1 if the key parity
485  is wrong (which never occurs since we force the correct parity) or -2
486  if a weak key is used. In theory this could leave us open to timing
487  attacks (a memcmp() implemented as a bytewise operation will exit on
488  the first mis-matching byte), but in practice the trip through the
489  kernel adds enough skew to make the one or two clock cycle difference
490  undetectable */
491  des_set_odd_parity( ( C_Block * ) convInfo->userKey );
492  if( des_key_sched( ( des_cblock * ) convInfo->userKey, des3Key->desKey1 ) )
493  return( CRYPT_ARGERROR_STR1 );
494  des_set_odd_parity( ( C_Block * ) \
495  ( ( BYTE * ) convInfo->userKey + bitsToBytes( 64 ) ) );
496  if( des_key_sched( ( des_cblock * ) \
497  ( ( BYTE * ) convInfo->userKey + bitsToBytes( 64 ) ),
498  des3Key->desKey2 ) )
499  return( CRYPT_ARGERROR_STR1 );
500  if( useEDE )
501  {
502  /* Rather than performing another key schedule, we just copy the first
503  scheduled key into the third one */
504  memcpy( des3Key->desKey3, des3Key->desKey1, DES_KEYSIZE );
505  }
506  else
507  {
508  des_set_odd_parity( ( C_Block * ) \
509  ( ( BYTE * ) convInfo->userKey + bitsToBytes( 128 ) ) );
510  if( des_key_sched( ( des_cblock * ) \
511  ( ( BYTE * ) convInfo->userKey + bitsToBytes( 128 ) ),
512  des3Key->desKey3 ) )
513  return( CRYPT_ARGERROR_STR1 );
514  }
515 
516  return( CRYPT_OK );
517  }
518 
519 /****************************************************************************
520 * *
521 * Capability Access Routines *
522 * *
523 ****************************************************************************/
524 
525 static const CAPABILITY_INFO FAR_BSS capabilityInfo = {
526  /* We give the default key size as 192 bits instead of 128 to make sure
527  that anyone using a key of the default size ends up with three-key
528  3DES rather than two-key 3DES */
529  CRYPT_ALGO_3DES, bitsToBytes( 64 ), "3DES", 4,
530  bitsToBytes( 128 ), bitsToBytes( 192 ), bitsToBytes( 192 ),
531  selfTest, getInfo, NULL, initGenericParams, initKey, NULL,
532  encryptECB, decryptECB, encryptCBC, decryptCBC,
533  encryptCFB, decryptCFB, encryptOFB, decryptOFB
534  };
535 
536 const CAPABILITY_INFO *get3DESCapability( void )
537  {
538  return( &capabilityInfo );
539  }
Generated on Thu Jan 10 2013 10:00:45 for cryptlib by   doxygen 1.8.2