src/crypt/CryptDes.c

*5c591343SA. Cody Schuffelen/* Microsoft Reference Implementation for TPM 2.0
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  The copyright in this software is being made available under the BSD License,
*5c591343SA. Cody Schuffelen *  included below. This software may be subject to other third party and
*5c591343SA. Cody Schuffelen *  contributor rights, including patent rights, and no such rights are granted
*5c591343SA. Cody Schuffelen *  under this license.
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  Copyright (c) Microsoft Corporation
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  All rights reserved.
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  BSD License
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  Redistribution and use in source and binary forms, with or without modification,
*5c591343SA. Cody Schuffelen *  are permitted provided that the following conditions are met:
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  Redistributions of source code must retain the above copyright notice, this list
*5c591343SA. Cody Schuffelen *  of conditions and the following disclaimer.
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  Redistributions in binary form must reproduce the above copyright notice, this
*5c591343SA. Cody Schuffelen *  list of conditions and the following disclaimer in the documentation and/or
*5c591343SA. Cody Schuffelen *  other materials provided with the distribution.
*5c591343SA. Cody Schuffelen *
*5c591343SA. Cody Schuffelen *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
*5c591343SA. Cody Schuffelen *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*5c591343SA. Cody Schuffelen *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
*5c591343SA. Cody Schuffelen *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
*5c591343SA. Cody Schuffelen *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
*5c591343SA. Cody Schuffelen *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
*5c591343SA. Cody Schuffelen *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
*5c591343SA. Cody Schuffelen *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
*5c591343SA. Cody Schuffelen *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
*5c591343SA. Cody Schuffelen *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*5c591343SA. Cody Schuffelen */
*5c591343SA. Cody Schuffelen//** Introduction
*5c591343SA. Cody Schuffelen//
*5c591343SA. Cody Schuffelen// This file contains the extra functions required for TDES.
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen//** Includes, Defines, and Typedefs
*5c591343SA. Cody Schuffelen#include "Tpm.h"
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen#if ALG_TDES
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen#define DES_NUM_WEAK 64
*5c591343SA. Cody Schuffelenconst UINT64 DesWeakKeys[DES_NUM_WEAK] = {
*5c591343SA. Cody Schuffelen    0x0101010101010101ULL, 0xFEFEFEFEFEFEFEFEULL,
*5c591343SA. Cody Schuffelen    0xE0E0E0E0F1F1F1F1ULL, 0x1F1F1F1F0E0E0E0EULL,
*5c591343SA. Cody Schuffelen    0x011F011F010E010EULL, 0x1F011F010E010E01ULL,
*5c591343SA. Cody Schuffelen    0x01E001E001F101F1ULL, 0xE001E001F101F101ULL,
*5c591343SA. Cody Schuffelen    0x01FE01FE01FE01FEULL, 0xFE01FE01FE01FE01ULL,
*5c591343SA. Cody Schuffelen    0x1FE01FE00EF10EF1ULL, 0xE01FE01FF10EF10EULL,
*5c591343SA. Cody Schuffelen    0x1FFE1FFE0EFE0EFEULL, 0xFE1FFE1FFE0EFE0EULL,
*5c591343SA. Cody Schuffelen    0xE0FEE0FEF1FEF1FEULL, 0xFEE0FEE0FEF1FEF1ULL,
*5c591343SA. Cody Schuffelen    0x01011F1F01010E0EULL, 0x1F1F01010E0E0101ULL,
*5c591343SA. Cody Schuffelen    0xE0E01F1FF1F10E0EULL, 0x0101E0E00101F1F1ULL,
*5c591343SA. Cody Schuffelen    0x1F1FE0E00E0EF1F1ULL, 0xE0E0FEFEF1F1FEFEULL,
*5c591343SA. Cody Schuffelen    0x0101FEFE0101FEFEULL, 0x1F1FFEFE0E0EFEFEULL,
*5c591343SA. Cody Schuffelen    0xE0FE011FF1FE010EULL, 0x011F1F01010E0E01ULL,
*5c591343SA. Cody Schuffelen    0x1FE001FE0EF101FEULL, 0xE0FE1F01F1FE0E01ULL,
*5c591343SA. Cody Schuffelen    0x011FE0FE010EF1FEULL, 0x1FE0E01F0EF1F10EULL,
*5c591343SA. Cody Schuffelen    0xE0FEFEE0F1FEFEF1ULL, 0x011FFEE0010EFEF1ULL,
*5c591343SA. Cody Schuffelen    0x1FE0FE010EF1FE01ULL, 0xFE0101FEFE0101FEULL,
*5c591343SA. Cody Schuffelen    0x01E01FFE01F10EFEULL, 0x1FFE01E00EFE01F1ULL,
*5c591343SA. Cody Schuffelen    0xFE011FE0FE010EF1ULL, 0xFE01E01FFE01F10EULL,
*5c591343SA. Cody Schuffelen    0x1FFEE0010EFEF101ULL, 0xFE1F01E0FE0E01F1ULL,
*5c591343SA. Cody Schuffelen    0x01E0E00101F1F101ULL, 0x1FFEFE1F0EFEFE0EULL,
*5c591343SA. Cody Schuffelen    0xFE1FE001FE0EF101ULL, 0x01E0FE1F01F1FE0EULL,
*5c591343SA. Cody Schuffelen    0xE00101E0F10101F1ULL, 0xFE1F1FFEFE0E0EFEULL,
*5c591343SA. Cody Schuffelen    0x01FE1FE001FE0EF1ULL, 0xE0011FFEF1010EFEULL,
*5c591343SA. Cody Schuffelen    0xFEE0011FFEF1010EULL, 0x01FEE01F01FEF10EULL,
*5c591343SA. Cody Schuffelen    0xE001FE1FF101FE0EULL, 0xFEE01F01FEF10E01ULL,
*5c591343SA. Cody Schuffelen    0x01FEFE0101FEFE01ULL, 0xE01F01FEF10E01FEULL,
*5c591343SA. Cody Schuffelen    0xFEE0E0FEFEF1F1FEULL, 0x1F01011F0E01010EULL,
*5c591343SA. Cody Schuffelen    0xE01F1FE0F10E0EF1ULL, 0xFEFE0101FEFE0101ULL,
*5c591343SA. Cody Schuffelen    0x1F01E0FE0E01F1FEULL, 0xE01FFE01F10EFE01ULL,
*5c591343SA. Cody Schuffelen    0xFEFE1F1FFEFE0E0EULL, 0x1F01FEE00E01FEF1ULL,
*5c591343SA. Cody Schuffelen    0xE0E00101F1F10101ULL, 0xFEFEE0E0FEFEF1F1ULL};
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen//*** CryptSetOddByteParity()
*5c591343SA. Cody Schuffelen// This function sets the per byte parity of a 64-bit value. The least-significant
*5c591343SA. Cody Schuffelen// bit is of each byte is replaced with the odd parity of the other 7 bits in the
*5c591343SA. Cody Schuffelen// byte. With odd parity, no byte will ever be 0x00.
*5c591343SA. Cody SchuffelenUINT64
*5c591343SA. Cody SchuffelenCryptSetOddByteParity(
*5c591343SA. Cody Schuffelen    UINT64          k
*5c591343SA. Cody Schuffelen    )
*5c591343SA. Cody Schuffelen{
*5c591343SA. Cody Schuffelen#define PMASK 0x0101010101010101ULL
*5c591343SA. Cody Schuffelen    UINT64          out;
*5c591343SA. Cody Schuffelen    k |= PMASK;     // set the parity bit
*5c591343SA. Cody Schuffelen    out = k;
*5c591343SA. Cody Schuffelen    k ^= k >> 4;
*5c591343SA. Cody Schuffelen    k ^= k >> 2;
*5c591343SA. Cody Schuffelen    k ^= k >> 1;
*5c591343SA. Cody Schuffelen    k &= PMASK;     // odd parity extracted
*5c591343SA. Cody Schuffelen    out ^= k;       // out is now even parity because parity bit was already set
*5c591343SA. Cody Schuffelen    out ^= PMASK;   // out is now even parity
*5c591343SA. Cody Schuffelen    return out;
*5c591343SA. Cody Schuffelen}
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen//*** CryptDesIsWeakKey()
*5c591343SA. Cody Schuffelen// Check to see if a DES key is on the list of weak, semi-weak, or possibly weak
*5c591343SA. Cody Schuffelen// keys.
*5c591343SA. Cody Schuffelen//  Return Type: BOOL
*5c591343SA. Cody Schuffelen//      TRUE(1)         DES key is weak
*5c591343SA. Cody Schuffelen//      FALSE(0)        DES key is not weak
*5c591343SA. Cody Schuffelenstatic BOOL
*5c591343SA. Cody SchuffelenCryptDesIsWeakKey(
*5c591343SA. Cody Schuffelen    UINT64            k
*5c591343SA. Cody Schuffelen    )
*5c591343SA. Cody Schuffelen{
*5c591343SA. Cody Schuffelen    int              i;
*5c591343SA. Cody Schuffelen//
*5c591343SA. Cody Schuffelen    for(i = 0; i < DES_NUM_WEAK; i++)
*5c591343SA. Cody Schuffelen    {
*5c591343SA. Cody Schuffelen        if(k == DesWeakKeys[i])
*5c591343SA. Cody Schuffelen            return TRUE;
*5c591343SA. Cody Schuffelen    }
*5c591343SA. Cody Schuffelen    return FALSE;
*5c591343SA. Cody Schuffelen}
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen//*** CryptDesValidateKey()
*5c591343SA. Cody Schuffelen// Function to check to see if the input key is a valid DES key where the definition
*5c591343SA. Cody Schuffelen// of valid is that none of the elements are on the list of weak, semi-weak, or
*5c591343SA. Cody Schuffelen// possibly weak keys; and that for two keys, K1!=K2, and for three keys that
*5c591343SA. Cody Schuffelen// K1!=K2 and K2!=K3.
*5c591343SA. Cody SchuffelenBOOL
*5c591343SA. Cody SchuffelenCryptDesValidateKey(
*5c591343SA. Cody Schuffelen    TPM2B_SYM_KEY       *desKey     // IN: key to validate
*5c591343SA. Cody Schuffelen    )
*5c591343SA. Cody Schuffelen{
*5c591343SA. Cody Schuffelen    UINT64               k[3];
*5c591343SA. Cody Schuffelen    int                  i;
*5c591343SA. Cody Schuffelen    int                  keys = (desKey->t.size + 7) / 8;
*5c591343SA. Cody Schuffelen    BYTE                *pk = desKey->t.buffer;
*5c591343SA. Cody Schuffelen    BOOL                 ok;
*5c591343SA. Cody Schuffelen//
*5c591343SA. Cody Schuffelen    // Note: 'keys' is the number of keys, not the maximum index for 'k'
*5c591343SA. Cody Schuffelen    ok = ((keys == 2) || (keys == 3)) && ((desKey->t.size % 8) == 0);
*5c591343SA. Cody Schuffelen    for(i = 0; ok && i < keys; pk += 8, i++)
*5c591343SA. Cody Schuffelen    {
*5c591343SA. Cody Schuffelen        k[i] = CryptSetOddByteParity(BYTE_ARRAY_TO_UINT64(pk));
*5c591343SA. Cody Schuffelen        ok = !CryptDesIsWeakKey(k[i]);
*5c591343SA. Cody Schuffelen    }
*5c591343SA. Cody Schuffelen    ok = ok && k[0] != k[1];
*5c591343SA. Cody Schuffelen    if(keys == 3)
*5c591343SA. Cody Schuffelen        ok = ok && k[1] != k[2];
*5c591343SA. Cody Schuffelen    return ok;
*5c591343SA. Cody Schuffelen}
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen//*** CryptGenerateKeyDes()
*5c591343SA. Cody Schuffelen// This function is used to create a DES key of the appropriate size. The key will
*5c591343SA. Cody Schuffelen// have odd parity in the bytes.
*5c591343SA. Cody SchuffelenTPM_RC
*5c591343SA. Cody SchuffelenCryptGenerateKeyDes(
*5c591343SA. Cody Schuffelen    TPMT_PUBLIC             *publicArea,        // IN/OUT: The public area template
*5c591343SA. Cody Schuffelen                                                //     for the new key.
*5c591343SA. Cody Schuffelen    TPMT_SENSITIVE          *sensitive,         // OUT: sensitive area
*5c591343SA. Cody Schuffelen    RAND_STATE              *rand               // IN: the "entropy" source for
*5c591343SA. Cody Schuffelen    )
*5c591343SA. Cody Schuffelen{
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen    // Assume that the publicArea key size has been validated and is a supported
*5c591343SA. Cody Schuffelen    // number of bits.
*5c591343SA. Cody Schuffelen    sensitive->sensitive.sym.t.size =
*5c591343SA. Cody Schuffelen            BITS_TO_BYTES(publicArea->parameters.symDetail.sym.keyBits.sym);
*5c591343SA. Cody Schuffelen    do
*5c591343SA. Cody Schuffelen    {
*5c591343SA. Cody Schuffelen        BYTE                    *pK = sensitive->sensitive.sym.t.buffer;
*5c591343SA. Cody Schuffelen        int                      i = (sensitive->sensitive.sym.t.size + 7) / 8;
*5c591343SA. Cody Schuffelen// Use the random number generator to generate the required number of bits
*5c591343SA. Cody Schuffelen        if(DRBG_Generate(rand, pK, sensitive->sensitive.sym.t.size) == 0)
*5c591343SA. Cody Schuffelen            return TPM_RC_NO_RESULT;
*5c591343SA. Cody Schuffelen        for(; i > 0; pK += 8, i--)
*5c591343SA. Cody Schuffelen        {
*5c591343SA. Cody Schuffelen            UINT64      k = BYTE_ARRAY_TO_UINT64(pK);
*5c591343SA. Cody Schuffelen            k = CryptSetOddByteParity(k);
*5c591343SA. Cody Schuffelen            UINT64_TO_BYTE_ARRAY(k, pK);
*5c591343SA. Cody Schuffelen        }
*5c591343SA. Cody Schuffelen    } while(!CryptDesValidateKey(&sensitive->sensitive.sym));
*5c591343SA. Cody Schuffelen    return TPM_RC_SUCCESS;
*5c591343SA. Cody Schuffelen}
*5c591343SA. Cody Schuffelen
*5c591343SA. Cody Schuffelen#endif
*5c591343SA. Cody Schuffelen//***