From 5ac03256db0fe4ca7e3ad1117d096c3a76368b76 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 9 Jan 2015 09:46:07 +0100 Subject: backported CyaSSL/OpenSSL support for internal webserver instead of MatrixSSL --- .../src/router/matrixssl/src/crypto/peersec/des3.c | 795 --------------------- 1 file changed, 795 deletions(-) delete mode 100644 release/src/router/matrixssl/src/crypto/peersec/des3.c (limited to 'release/src/router/matrixssl/src/crypto/peersec/des3.c') diff --git a/release/src/router/matrixssl/src/crypto/peersec/des3.c b/release/src/router/matrixssl/src/crypto/peersec/des3.c deleted file mode 100644 index 53cb3472..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/des3.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * des3.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * 3DES block cipher implementation for low memory usage - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_3DES - -#define EN0 0 -#define DE1 1 - -static const ulong32 bytebit[8] = -{ - 0200, 0100, 040, 020, 010, 04, 02, 01 -}; - -static const ulong32 bigbyte[24] = -{ - 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, - 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, - 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, - 0x800UL, 0x400UL, 0x200UL, 0x100UL, - 0x80UL, 0x40UL, 0x20UL, 0x10UL, - 0x8UL, 0x4UL, 0x2UL, 0x1L -}; - -static const unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; - -static const unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; - -static const unsigned char totrot[16] = { - 1, 2, 4, 6, - 8, 10, 12, 14, - 15, 17, 19, 21, - 23, 25, 27, 28 -}; - -static const ulong32 SP1[] = -{ - 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, - 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, - 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, - 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, - 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, - 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, - 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, - 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, - 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, - 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, - 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, - 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, - 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, - 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL -}; - -static const ulong32 SP2[] = -{ - 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, - 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, - 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, - 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, - 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, - 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, - 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, - 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, - 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, - 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, - 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, - 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, - 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, - 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, - 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, - 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL -}; - -static const ulong32 SP3[] = -{ - 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, - 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, - 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, - 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, - 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, - 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, - 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, - 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, - 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, - 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, - 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, - 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, - 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, - 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, - 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, - 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL -}; - -static const ulong32 SP4[] = -{ - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, - 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, - 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, - 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, - 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, - 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, - 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, - 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, - 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL -}; - -static const ulong32 SP5[] = -{ - 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, - 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, - 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, - 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, - 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, - 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, - 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, - 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, - 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, - 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, - 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, - 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, - 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, - 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, - 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, - 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL -}; - -static const ulong32 SP6[] = -{ - 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, - 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, - 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, - 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, - 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, - 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, - 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, - 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, - 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, - 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, - 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, - 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, - 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, - 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL -}; - -static const ulong32 SP7[] = -{ - 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, - 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, - 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, - 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, - 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, - 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, - 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, - 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, - 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, - 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, - 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, - 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, - 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, - 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, - 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, - 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL -}; - -static const ulong32 SP8[] = -{ - 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, - 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, - 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, - 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, - 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, - 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, - 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, - 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, - 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, - 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, - 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, - 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, - 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, - 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, - 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, - 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL, - 0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL -}; - -static void cookey(const ulong32 *raw1, ulong32 *keyout); -static void deskey(const unsigned char *key, short edf, ulong32 *keyout); - -/******************************************************************************/ -/* - Init the 3DES block cipher context for CBC-EDE mode. - IV should point to 8 bytes of initialization vector - Key should point to 24 bytes of data -*/ -int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, int32 keylen) -{ - int32 x, err; - - if (IV == NULL || key == NULL || ctx == NULL || keylen != SSL_DES3_KEY_LEN){ - return -1; - } -/* - setup cipher - */ - if ((err = des3_setup(key, keylen, 0, &ctx->des3)) != CRYPT_OK) { - return -1; - } -/* - copy IV - */ - ctx->des3.blocklen = SSL_DES3_IV_LEN; - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = IV[x]; - } - ctx->des3.explicitIV = 0; - return 0; -} - -/******************************************************************************/ -/* - Encrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* xor IV against plaintext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - tmp[x] = pt[x] ^ ctx->des3.IV[x]; - } - /* encrypt */ - des3_ecb_encrypt(tmp, (unsigned char*)ct, &ctx->des3); - - /* store IV [ciphertext] for a future block */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = ct[x]; - } - ct += ctx->des3.blocklen; - pt += ctx->des3.blocklen; - } - -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); -#endif /* CLEAN STACK */ - return len; -} - -/******************************************************************************/ -/* - Decrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* decrypt the block from ct into tmp */ - des3_ecb_decrypt(ct, tmp, &ctx->des3); - /* xor IV against the plaintext of the previous step */ - for (x = 0; x < ctx->des3.blocklen; x++) { - /* copy CT in case ct == pt */ - tmp2[x] = ct[x]; - /* actually decrypt the byte */ - pt[x] = tmp[x] ^ ctx->des3.IV[x]; - } - /* replace IV with this current ciphertext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = tmp2[x]; - } - ct += ctx->des3.blocklen; - if (ctx->des3.explicitIV) { -/* - An explict IV mode has an additional block of random data that - we dismiss here. It is not part of the MAC. The TLS 1.1 spec - isn't explicit about this, but it only makes sense since the - extra block is used to derive the IV for the remainder of the - message. In theory (DTLS for example) the actual decrypted block - could have been received out of order and the first block would - not decrypt to the plaintext it originally was anyway. - - It is easiest to simply remove the first block in this cipher - code here. If we wait until we get back into matrixSslDecode - we have to deal with a bunch of sslBuf_t manipulations which is - ugly. -*/ - if (i != 0) { - pt += ctx->des3.blocklen; - } - } else { - pt += ctx->des3.blocklen; - } - } -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); - psZeromem(tmp2, sizeof(tmp2)); -#endif /* CLEAN_STACK */ - return len; -} - -/******************************************************************************/ -/* - 3DES implementation below -*/ -static void cookey(const ulong32 *raw1, ulong32 *keyout) -{ - ulong32 *cook; - const ulong32 *raw0; - ulong32 dough[32]; - int32 i; - - cook = dough; - for(i=0; i < 16; i++, raw1++) { - raw0 = raw1++; - *cook = (*raw0 & 0x00fc0000L) << 6; - *cook |= (*raw0 & 0x00000fc0L) << 10; - *cook |= (*raw1 & 0x00fc0000L) >> 10; - *cook++ |= (*raw1 & 0x00000fc0L) >> 6; - *cook = (*raw0 & 0x0003f000L) << 12; - *cook |= (*raw0 & 0x0000003fL) << 16; - *cook |= (*raw1 & 0x0003f000L) >> 4; - *cook++ |= (*raw1 & 0x0000003fL); - } - - psMemcpy(keyout, dough, sizeof dough); - psBurnStack(sizeof(ulong32 *) * 2 + sizeof(ulong32)*32 + sizeof(int32)); -} - - -static void deskey(const unsigned char *key, short edf, ulong32 *keyout) -{ - ulong32 i, j, l, m, n, kn[32]; - unsigned char pc1m[56], pcr[56]; - - for (j=0; j < 56; j++) { - l = (ulong32)pc1[j]; - m = l & 7; - pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == - bytebit[m] ? 1 : 0); - } - - for (i=0; i < 16; i++) { - if (edf == DE1) { - m = (15 - i) << 1; - } else { - m = i << 1; - } - n = m + 1; - kn[m] = kn[n] = 0L; - for (j=0; j < 28; j++) { - l = j + (ulong32)totrot[i]; - if (l < 28) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (/*j = 28*/; j < 56; j++) { - l = j + (ulong32)totrot[i]; - if (l < 56) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (j=0; j < 24; j++) { - if ((int32)pcr[(int32)pc2[j]] != 0) { - kn[m] |= bigbyte[j]; - } - if ((int32)pcr[(int32)pc2[j+24]] != 0) { - kn[n] |= bigbyte[j]; - } - } - } - cookey(kn, keyout); - psBurnStack(sizeof(int32)*5 + sizeof(ulong32)*32 + - sizeof(unsigned char)*112); -} - -static void desfunc(ulong32 *block, const ulong32 *keys) -{ - ulong32 work, right, leftt; - int32 cur_round; - - leftt = block[0]; - right = block[1]; - -#ifdef SMALL_CODE - work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; - right ^= work; - leftt ^= (work << 4); - - work = ((leftt >> 16) ^ right) & 0x0000ffffL; - right ^= work; - leftt ^= (work << 16); - - work = ((right >> 2) ^ leftt) & 0x33333333L; - leftt ^= work; - right ^= (work << 2); - - work = ((right >> 8) ^ leftt) & 0x00ff00ffL; - leftt ^= work; - right ^= (work << 8); - - right = ROLc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - - leftt ^= work; - right ^= work; - leftt = ROLc(leftt, 1); -#else /* SMALL_CODE */ -{ - ulong64 tmp; - tmp = des_ip[0][byte(leftt, 0)] ^ - des_ip[1][byte(leftt, 1)] ^ - des_ip[2][byte(leftt, 2)] ^ - des_ip[3][byte(leftt, 3)] ^ - des_ip[4][byte(right, 0)] ^ - des_ip[5][byte(right, 1)] ^ - des_ip[6][byte(right, 2)] ^ - des_ip[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); -} -#endif /* SMALL CODE */ - - for (cur_round = 0; cur_round < 8; cur_round++) { - work = RORc(right, 4) ^ *keys++; - leftt ^= SP7[work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - leftt ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - - work = RORc(leftt, 4) ^ *keys++; - right ^= SP7[ work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = leftt ^ *keys++; - right ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - } - -#ifdef SMALL_CODE - right = RORc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - leftt ^= work; - right ^= work; - leftt = RORc(leftt, 1); - work = ((leftt >> 8) ^ right) & 0x00ff00ffL; - right ^= work; - leftt ^= (work << 8); - - work = ((leftt >> 2) ^ right) & 0x33333333L; - right ^= work; - leftt ^= (work << 2); - work = ((right >> 16) ^ leftt) & 0x0000ffffL; - leftt ^= work; - right ^= (work << 16); - work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; - leftt ^= work; - right ^= (work << 4); -#else /* SMALL CODE */ - { - ulong64 tmp; - tmp = des_fp[0][byte(leftt, 0)] ^ - des_fp[1][byte(leftt, 1)] ^ - des_fp[2][byte(leftt, 2)] ^ - des_fp[3][byte(leftt, 3)] ^ - des_fp[4][byte(right, 0)] ^ - des_fp[5][byte(right, 1)] ^ - des_fp[6][byte(right, 2)] ^ - des_fp[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); - } -#endif /* SMALL CODE */ - - block[0] = right; - block[1] = leftt; - psBurnStack(sizeof(ulong32) * 4 + sizeof(int32)); -} - -/* - We don't validate DES keys against the following known weak keys. - Astronomically small chances of randomly getting a weak key - with 3DES. http://www.rsasecurity.com/rsalabs/faq/3-2-4.html - - http://www.itl.nist.gov/fipspubs/fip74.htm - 1. E001E00lFl0lFl0l 01E001E00lFl0lFl - 2. FElFFElFFEOEFEOE 1FFElFFEOEFEOEFE - 3. E01FE01FF10EF10E 1FE01FEOOEF10EF1 - 4. 01FE01FE01FE01FE FE01FE01FE01FE01 - 5. 011F011F0l0E010E 1F011F0l0E0l0E01 - 6. E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1 - 7. 0101010101010101 - 8. FEFEFEFEFEFEFEFE - 9. E0E0E0E0FlFlFlFl - 10. lFlFlFlF0E0E0E0E -*/ -int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey) -{ - if (key == NULL || skey == NULL) { - return -1; - } - - if( num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 24) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key+8, DE1, skey->key.ek[1]); - deskey(key+16, EN0, skey->key.ek[2]); - - deskey(key, DE1, skey->key.dk[2]); - deskey(key+8, EN0, skey->key.dk[1]); - deskey(key+16, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -int des_setup(const unsigned char *key, int keylen, int num_rounds, - des3_CBC *skey) -{ - - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 8) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - desfunc(work, key->key.ek[1]); - desfunc(work, key->key.ek[2]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - desfunc(work, key->key.dk[1]); - desfunc(work, key->key.dk[2]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -int32 des3_keysize(int32 *desired_keysize) -{ - if(*desired_keysize < 24) { - return CRYPT_INVALID_KEYSIZE; - } - *desired_keysize = 24; - return CRYPT_OK; -} - -/******************************************************************************/ -/* - Generate a 3DES key given a password and salt value. - We use PKCS#5 2.0 PBKDF1 key derivation format with MD5 and count == 1 per: - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html - - This key is compatible with the algorithm used by OpenSSL to encrypt keys - generated with 'openssl genrsa'. If other encryption formats are used - (for example PBKDF2), or an iteration count > 0 is used, they are not - compatible with this simple implementation. OpenSSL provides many options - for converting key formats to the one used here. - - A 3DES key is 24 bytes long, to generate it with this algorithm, - we md5 hash the password and salt for the first 16 bytes. We then - hash these first 16 bytes with the password and salt again, generating - another 16 bytes. We take the first 16 bytes and 8 of the second 16 to - form the 24 byte key. - - salt is assumed to point to 8 bytes of data - key is assumed to point to 24 bytes of data -*/ -void generate3DESKey(unsigned char *pass, int32 passlen, unsigned char *salt, - unsigned char *key) -{ - sslMd5Context_t state; - unsigned char md5[SSL_MD5_HASH_SIZE]; - - matrixMd5Init(&state); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key, md5, SSL_MD5_HASH_SIZE); - - matrixMd5Init(&state); - matrixMd5Update(&state, md5, SSL_MD5_HASH_SIZE); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key + SSL_MD5_HASH_SIZE, md5, SSL_DES3_KEY_LEN - SSL_MD5_HASH_SIZE); -} - - -#ifdef PEERSEC_TEST - -int32 matrixDes3Test() -{ - unsigned char key[24], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 24; x++) { - key[x] = x; - } - - if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { - return err; - } - - des3_ecb_encrypt(pt, ct, &skey); - des3_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -int32 matrixDesTest() -{ - unsigned char key[8], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 8; x++) { - key[x] = x; - } - - if ((err = des_setup(key, 8, 0, &skey)) != CRYPT_OK) { - return err; - } - - des_ecb_encrypt(pt, ct, &skey); - des_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -#endif /* PEERSEC_TEST */ - -#endif /* USE_3DES */ - -/******************************************************************************/ - -- cgit v1.2.3-54-g00ecf