📄 ctx_3des.c
字号:
/* Decrypt data in CFB mode. Note that the transformation can be made
faster (but less clear) with temp = buffer, buffer ^= iv, iv = temp
all in one loop */
static int decryptCFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
int noBytes )
{
CONV_INFO *convInfo = contextInfoPtr->ctxConv;
DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
BYTE temp[ DES_BLOCKSIZE ];
int i, ivCount = convInfo->ivCount;
/* If there's any encrypted material left in the IV, use it now */
if( ivCount > 0 )
{
int bytesToUse;
/* Find out how much material left in the encrypted IV we can use */
bytesToUse = DES_BLOCKSIZE - ivCount;
if( noBytes < bytesToUse )
bytesToUse = noBytes;
/* Decrypt the data */
memcpy( temp, buffer, bytesToUse );
for( i = 0; i < bytesToUse; i++ )
buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
memcpy( convInfo->currentIV + ivCount, temp,
bytesToUse );
/* Adjust the byte count and buffer position */
noBytes -= bytesToUse;
buffer += bytesToUse;
ivCount += bytesToUse;
}
while( noBytes > 0 )
{
ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
/* Encrypt the IV */
des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
( C_Block * ) convInfo->currentIV,
des3Key->desKey1, des3Key->desKey2,
des3Key->desKey3, DES_ENCRYPT );
/* Save the ciphertext */
memcpy( temp, buffer, ivCount );
/* XOR the buffer contents with the encrypted IV */
for( i = 0; i < ivCount; i++ )
buffer[ i ] ^= convInfo->currentIV[ i ];
/* Shift the ciphertext into the IV */
memcpy( convInfo->currentIV, temp, ivCount );
/* Move on to next block of data */
noBytes -= ivCount;
buffer += ivCount;
}
/* Remember how much of the IV is still available for use */
convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
/* Clear the temporary buffer */
zeroise( temp, DES_BLOCKSIZE );
return( CRYPT_OK );
}
/* Encrypt/decrypt data in OFB mode */
static int encryptOFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
int noBytes )
{
CONV_INFO *convInfo = contextInfoPtr->ctxConv;
DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
int i, ivCount = convInfo->ivCount;
/* If there's any encrypted material left in the IV, use it now */
if( ivCount > 0 )
{
int bytesToUse;
/* Find out how much material left in the encrypted IV we can use */
bytesToUse = DES_BLOCKSIZE - ivCount;
if( noBytes < bytesToUse )
bytesToUse = noBytes;
/* Encrypt the data */
for( i = 0; i < bytesToUse; i++ )
buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
/* Adjust the byte count and buffer position */
noBytes -= bytesToUse;
buffer += bytesToUse;
ivCount += bytesToUse;
}
while( noBytes > 0 )
{
ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
/* Encrypt the IV */
des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
( C_Block * ) convInfo->currentIV,
des3Key->desKey1, des3Key->desKey2,
des3Key->desKey3, DES_ENCRYPT );
/* XOR the buffer contents with the encrypted IV */
for( i = 0; i < ivCount; i++ )
buffer[ i ] ^= convInfo->currentIV[ i ];
/* Move on to next block of data */
noBytes -= ivCount;
buffer += ivCount;
}
/* Remember how much of the IV is still available for use */
convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
return( CRYPT_OK );
}
/* Decrypt data in OFB mode */
static int decryptOFB( CONTEXT_INFO *contextInfoPtr, BYTE *buffer,
int noBytes )
{
CONV_INFO *convInfo = contextInfoPtr->ctxConv;
DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
int i, ivCount = convInfo->ivCount;
/* If there's any encrypted material left in the IV, use it now */
if( ivCount > 0 )
{
int bytesToUse;
/* Find out how much material left in the encrypted IV we can use */
bytesToUse = DES_BLOCKSIZE - ivCount;
if( noBytes < bytesToUse )
bytesToUse = noBytes;
/* Decrypt the data */
for( i = 0; i < bytesToUse; i++ )
buffer[ i ] ^= convInfo->currentIV[ i + ivCount ];
/* Adjust the byte count and buffer position */
noBytes -= bytesToUse;
buffer += bytesToUse;
ivCount += bytesToUse;
}
while( noBytes > 0 )
{
ivCount = ( noBytes > DES_BLOCKSIZE ) ? DES_BLOCKSIZE : noBytes;
/* Encrypt the IV */
des_ecb3_encrypt( ( C_Block * ) convInfo->currentIV,
( C_Block * ) convInfo->currentIV,
des3Key->desKey1, des3Key->desKey2,
des3Key->desKey3, DES_ENCRYPT );
/* XOR the buffer contents with the encrypted IV */
for( i = 0; i < ivCount; i++ )
buffer[ i ] ^= convInfo->currentIV[ i ];
/* Move on to next block of data */
noBytes -= ivCount;
buffer += ivCount;
}
/* Remember how much of the IV is still available for use */
convInfo->ivCount = ( ivCount % DES_BLOCKSIZE );
return( CRYPT_OK );
}
/****************************************************************************
* *
* 3DES Key Management Routines *
* *
****************************************************************************/
/* Key schedule two/three DES keys */
static int initKey( CONTEXT_INFO *contextInfoPtr, const void *key,
const int keyLength )
{
CONV_INFO *convInfo = contextInfoPtr->ctxConv;
DES3_KEY *des3Key = ( DES3_KEY * ) convInfo->key;
BOOLEAN useEDE = FALSE;
/* Copy the key to internal storage */
if( convInfo->userKey != key )
memcpy( convInfo->userKey, key, keyLength );
convInfo->userKeyLength = keyLength;
/* Check the key size. This gets a bit complicated because although we
follow X9.52 and default to three-key triple DES, we'll often be
passed a 128 (112)-bit key which was common in older designs. If this
happens we take the 112-bit key and repeat the first 56 bits to create
a 168-bit key. X9.52 says that if the caller wants EDE behaviour they
have to set it up themselves using a full 168-bit key, but this will
cause problems for people using the high-level functions which don't
allow this level of control, so if we're passed a 112-bit key we just
expand it out to 168 bits to get two-key EDE */
if( keyLength <= bitsToBytes( 64 * 2 ) )
useEDE = TRUE; /* Only 112 bits of key, force EDE mode */
/* Call the libdes key schedule code. Returns with -1 if the key parity
is wrong (which never occurs since we force the correct parity) or -2
if a weak key is used */
des_set_odd_parity( ( C_Block * ) convInfo->userKey );
if( des_key_sched( ( des_cblock * ) convInfo->userKey, des3Key->desKey1 ) )
return( CRYPT_ARGERROR_STR1 );
des_set_odd_parity( ( C_Block * ) \
( ( BYTE * ) convInfo->userKey + bitsToBytes( 64 ) ) );
if( des_key_sched( ( des_cblock * ) \
( ( BYTE * ) convInfo->userKey + bitsToBytes( 64 ) ),
des3Key->desKey2 ) )
return( CRYPT_ARGERROR_STR1 );
if( useEDE )
/* Rather than performing another key schedule, we just copy the first
scheduled key into the third one */
memcpy( des3Key->desKey3, des3Key->desKey1, DES_KEYSIZE );
else
{
des_set_odd_parity( ( C_Block * ) \
( ( BYTE * ) convInfo->userKey + bitsToBytes( 128 ) ) );
if( des_key_sched( ( des_cblock * ) \
( ( BYTE * ) convInfo->userKey + bitsToBytes( 128 ) ),
des3Key->desKey3 ) )
return( CRYPT_ARGERROR_STR1 );
}
return( CRYPT_OK );
}
/****************************************************************************
* *
* Capability Access Routines *
* *
****************************************************************************/
static const CAPABILITY_INFO FAR_BSS capabilityInfo = {
/* Unlike the other algorithms, the minimum key size for 3DES is 64 + 8
bits (nominally 56 + 1 bits) because using a key any shorter is (a)
no better than single DES, and (b) will result in a key load error
since the second key will be an all-zero weak key. We also give the
default key size as 192 bits instead of 128 to make sure that anyone
using a key of the default size ends up with three-key 3DES rather
than two-key 3DES */
CRYPT_ALGO_3DES, bitsToBytes( 64 ), "3DES",
bitsToBytes( 64 + 8 ), bitsToBytes( 192 ), bitsToBytes( 192 ),
selfTest, getInfo, NULL, initKeyParams, initKey, NULL,
encryptECB, decryptECB, encryptCBC, decryptCBC,
encryptCFB, decryptCFB, encryptOFB, decryptOFB
};
const CAPABILITY_INFO *get3DESCapability( void )
{
return( &capabilityInfo );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -