Crypt-MatrixSSL
view release on metacpan or search on metacpan
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL,
0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL,
0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL,
0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL,
0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL,
0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL,
0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL,
0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL,
0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL,
0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL,
0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL,
0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL
};
static const ulong32 SP7[] =
{
0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL,
0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL,
0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL,
0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL,
0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL,
0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL,
0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL,
0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL,
0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL,
0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL,
0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL,
0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL,
0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL,
0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL,
0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL,
0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL
};
static const ulong32 SP8[] =
{
0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL,
0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL,
0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL,
0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL,
0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL,
0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL,
0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL,
0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL,
0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL,
0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL,
0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL,
0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL,
0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL,
0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL,
0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL,
0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL,
0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL
};
static void cookey(const ulong32 *raw1, ulong32 *keyout);
static void deskey(const unsigned char *key, short edf, ulong32 *keyout);
/******************************************************************************/
/*
Init the 3DES block cipher context for CBC-EDE mode.
IV should point to 8 bytes of initialization vector
Key should point to 24 bytes of data
*/
int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV,
unsigned char *key, int32 keylen)
{
int32 x, err;
if (IV == NULL || key == NULL || ctx == NULL || keylen != SSL_DES3_KEY_LEN){
return -1;
}
/*
setup cipher
*/
if ((err = des3_setup(key, keylen, 0, &ctx->des3)) != CRYPT_OK) {
return -1;
}
/*
copy IV
*/
ctx->des3.blocklen = SSL_DES3_IV_LEN;
for (x = 0; x < ctx->des3.blocklen; x++) {
ctx->des3.IV[x] = IV[x];
}
ctx->des3.explicitIV = 0;
return 0;
}
/******************************************************************************/
/*
Encrypt a buffer using 3DES-EDE-CBC
(Encrypt Decrypt Encrypt and Cipher Block Chaining)
len must be a multiple of blockLen (8 bytes)
*/
int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt,
unsigned char *ct, int32 len)
{
int32 x, i;
unsigned char tmp[MAXBLOCKSIZE];
if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) {
return -1;
}
/* is blocklen valid? */
if (ctx->des3.blocklen < 0 || ctx->des3.blocklen >
(int32)sizeof(ctx->des3.IV)) {
return -1;
}
for (i = 0; i < len; i += ctx->des3.blocklen) {
/* xor IV against plaintext */
for (x = 0; x < ctx->des3.blocklen; x++) {
tmp[x] = pt[x] ^ ctx->des3.IV[x];
}
/* encrypt */
des3_ecb_encrypt(tmp, (unsigned char*)ct, &ctx->des3);
/* store IV [ciphertext] for a future block */
for (x = 0; x < ctx->des3.blocklen; x++) {
ctx->des3.IV[x] = ct[x];
}
ct += ctx->des3.blocklen;
pt += ctx->des3.blocklen;
}
#ifdef CLEAN_STACK
psZeromem(tmp, sizeof(tmp));
#endif /* CLEAN STACK */
return len;
}
/******************************************************************************/
/*
Decrypt a buffer using 3DES-EDE-CBC
(Encrypt Decrypt Encrypt and Cipher Block Chaining)
len must be a multiple of blockLen (8 bytes)
*/
int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct,
unsigned char *pt, int32 len)
{
int32 x, i;
unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE];
if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) {
return -1;
}
/* is blocklen valid? */
if (ctx->des3.blocklen < 0 || ctx->des3.blocklen >
(int32)sizeof(ctx->des3.IV)) {
return -1;
}
for (i = 0; i < len; i += ctx->des3.blocklen) {
/* decrypt the block from ct into tmp */
des3_ecb_decrypt(ct, tmp, &ctx->des3);
/* xor IV against the plaintext of the previous step */
for (x = 0; x < ctx->des3.blocklen; x++) {
/* copy CT in case ct == pt */
tmp2[x] = ct[x];
/* actually decrypt the byte */
pt[x] = tmp[x] ^ ctx->des3.IV[x];
}
/* replace IV with this current ciphertext */
for (x = 0; x < ctx->des3.blocklen; x++) {
ctx->des3.IV[x] = tmp2[x];
}
ct += ctx->des3.blocklen;
if (ctx->des3.explicitIV) {
/*
An explict IV mode has an additional block of random data that
we dismiss here. It is not part of the MAC. The TLS 1.1 spec
isn't explicit about this, but it only makes sense since the
extra block is used to derive the IV for the remainder of the
message. In theory (DTLS for example) the actual decrypted block
could have been received out of order and the first block would
not decrypt to the plaintext it originally was anyway.
It is easiest to simply remove the first block in this cipher
code here. If we wait until we get back into matrixSslDecode
we have to deal with a bunch of sslBuf_t manipulations which is
ugly.
*/
if (i != 0) {
pt += ctx->des3.blocklen;
}
} else {
pt += ctx->des3.blocklen;
}
}
#ifdef CLEAN_STACK
psZeromem(tmp, sizeof(tmp));
psZeromem(tmp2, sizeof(tmp2));
#endif /* CLEAN_STACK */
return len;
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
}
#ifdef SMALL_CODE
right = RORc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = RORc(leftt, 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
#else /* SMALL CODE */
{
ulong64 tmp;
tmp = des_fp[0][byte(leftt, 0)] ^
des_fp[1][byte(leftt, 1)] ^
des_fp[2][byte(leftt, 2)] ^
des_fp[3][byte(leftt, 3)] ^
des_fp[4][byte(right, 0)] ^
des_fp[5][byte(right, 1)] ^
des_fp[6][byte(right, 2)] ^
des_fp[7][byte(right, 3)];
leftt = (ulong32)(tmp >> 32);
right = (ulong32)(tmp & 0xFFFFFFFFUL);
}
#endif /* SMALL CODE */
block[0] = right;
block[1] = leftt;
psBurnStack(sizeof(ulong32) * 4 + sizeof(int32));
}
/*
We don't validate DES keys against the following known weak keys.
Astronomically small chances of randomly getting a weak key
with 3DES. http://www.rsasecurity.com/rsalabs/faq/3-2-4.html
http://www.itl.nist.gov/fipspubs/fip74.htm
1. E001E00lFl0lFl0l 01E001E00lFl0lFl
2. FElFFElFFEOEFEOE 1FFElFFEOEFEOEFE
3. E01FE01FF10EF10E 1FE01FEOOEF10EF1
4. 01FE01FE01FE01FE FE01FE01FE01FE01
5. 011F011F0l0E010E 1F011F0l0E0l0E01
6. E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1
7. 0101010101010101
8. FEFEFEFEFEFEFEFE
9. E0E0E0E0FlFlFlFl
10. lFlFlFlF0E0E0E0E
*/
int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey)
{
if (key == NULL || skey == NULL) {
return -1;
}
if( num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
if (keylen != 24) {
return CRYPT_INVALID_KEYSIZE;
}
deskey(key, EN0, skey->key.ek[0]);
deskey(key+8, DE1, skey->key.ek[1]);
deskey(key+16, EN0, skey->key.ek[2]);
deskey(key, DE1, skey->key.dk[2]);
deskey(key+8, EN0, skey->key.dk[1]);
deskey(key+16, DE1, skey->key.dk[0]);
return CRYPT_OK;
}
int des_setup(const unsigned char *key, int keylen, int num_rounds,
des3_CBC *skey)
{
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
if (keylen != 8) {
return CRYPT_INVALID_KEYSIZE;
}
deskey(key, EN0, skey->key.ek[0]);
deskey(key, DE1, skey->key.dk[0]);
return CRYPT_OK;
}
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->key.ek[0]);
desfunc(work, key->key.ek[1]);
desfunc(work, key->key.ek[2]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->key.ek[0]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->key.dk[0]);
desfunc(work, key->key.dk[1]);
desfunc(work, key->key.dk[2]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->key.dk[0]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
int32 des3_keysize(int32 *desired_keysize)
{
if(*desired_keysize < 24) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 24;
return CRYPT_OK;
}
/******************************************************************************/
/*
Generate a 3DES key given a password and salt value.
We use PKCS#5 2.0 PBKDF1 key derivation format with MD5 and count == 1 per:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html
This key is compatible with the algorithm used by OpenSSL to encrypt keys
generated with 'openssl genrsa'. If other encryption formats are used
(for example PBKDF2), or an iteration count > 0 is used, they are not
compatible with this simple implementation. OpenSSL provides many options
for converting key formats to the one used here.
A 3DES key is 24 bytes long, to generate it with this algorithm,
we md5 hash the password and salt for the first 16 bytes. We then
hash these first 16 bytes with the password and salt again, generating
another 16 bytes. We take the first 16 bytes and 8 of the second 16 to
form the 24 byte key.
salt is assumed to point to 8 bytes of data
key is assumed to point to 24 bytes of data
*/
void generate3DESKey(unsigned char *pass, int32 passlen, unsigned char *salt,
unsigned char *key)
{
sslMd5Context_t state;
unsigned char md5[SSL_MD5_HASH_SIZE];
matrixMd5Init(&state);
matrixMd5Update(&state, pass, passlen);
matrixMd5Update(&state, salt, SSL_DES3_IV_LEN);
matrixMd5Final(&state, md5);
memcpy(key, md5, SSL_MD5_HASH_SIZE);
matrixMd5Init(&state);
matrixMd5Update(&state, md5, SSL_MD5_HASH_SIZE);
matrixMd5Update(&state, pass, passlen);
matrixMd5Update(&state, salt, SSL_DES3_IV_LEN);
matrixMd5Final(&state, md5);
memcpy(key + SSL_MD5_HASH_SIZE, md5, SSL_DES3_KEY_LEN - SSL_MD5_HASH_SIZE);
}
#ifdef PEERSEC_TEST
int32 matrixDes3Test()
{
unsigned char key[24], pt[8], ct[8], tmp[8];
des3_CBC skey;
int32 x, err;
for (x = 0; x < 8; x++) {
pt[x] = x;
}
for (x = 0; x < 24; x++) {
key[x] = x;
}
if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) {
return err;
}
des3_ecb_encrypt(pt, ct, &skey);
des3_ecb_decrypt(ct, tmp, &skey);
if (memcmp(pt, tmp, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
return CRYPT_OK;
}
int32 matrixDesTest()
{
unsigned char key[8], pt[8], ct[8], tmp[8];
des3_CBC skey;
int32 x, err;
for (x = 0; x < 8; x++) {
pt[x] = x;
}
for (x = 0; x < 8; x++) {
key[x] = x;
}
if ((err = des_setup(key, 8, 0, &skey)) != CRYPT_OK) {
return err;
}
des_ecb_encrypt(pt, ct, &skey);
des_ecb_decrypt(ct, tmp, &skey);
if (memcmp(pt, tmp, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
return CRYPT_OK;
}
#endif /* PEERSEC_TEST */
#endif /* USE_3DES */
/******************************************************************************/
( run in 0.776 second using v1.01-cache-2.11-cpan-e1769b4cff6 )