Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 716c176597cef2f6380e70c8720dda593948d8a3 / . / library / des.c
blob: 39ff216dc8c3e16adb26a5dbbdb5b19145e4bc9f [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
38#include <string.h>
39
40/*
41 * 32-bit integer manipulation macros (big endian)
42 */
43#ifndef GET_ULONG_BE
44#define GET_ULONG_BE(n,b,i) \
45{ \
46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
49 | ( (unsigned long) (b)[(i) + 3] ); \
50}
51#endif
52
53#ifndef PUT_ULONG_BE
54#define PUT_ULONG_BE(n,b,i) \
55{ \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60}
61#endif
62
63/*
64 * Expanded DES S-boxes
65 */
66static const unsigned long SB1[64] =
67{
68 0x01010400, 0x00000000, 0x00010000, 0x01010404,
69 0x01010004, 0x00010404, 0x00000004, 0x00010000,
70 0x00000400, 0x01010400, 0x01010404, 0x00000400,
71 0x01000404, 0x01010004, 0x01000000, 0x00000004,
72 0x00000404, 0x01000400, 0x01000400, 0x00010400,
73 0x00010400, 0x01010000, 0x01010000, 0x01000404,
74 0x00010004, 0x01000004, 0x01000004, 0x00010004,
75 0x00000000, 0x00000404, 0x00010404, 0x01000000,
76 0x00010000, 0x01010404, 0x00000004, 0x01010000,
77 0x01010400, 0x01000000, 0x01000000, 0x00000400,
78 0x01010004, 0x00010000, 0x00010400, 0x01000004,
79 0x00000400, 0x00000004, 0x01000404, 0x00010404,
80 0x01010404, 0x00010004, 0x01010000, 0x01000404,
81 0x01000004, 0x00000404, 0x00010404, 0x01010400,
82 0x00000404, 0x01000400, 0x01000400, 0x00000000,
83 0x00010004, 0x00010400, 0x00000000, 0x01010004
84};
85
86static const unsigned long SB2[64] =
87{
88 0x80108020, 0x80008000, 0x00008000, 0x00108020,
89 0x00100000, 0x00000020, 0x80100020, 0x80008020,
90 0x80000020, 0x80108020, 0x80108000, 0x80000000,
91 0x80008000, 0x00100000, 0x00000020, 0x80100020,
92 0x00108000, 0x00100020, 0x80008020, 0x00000000,
93 0x80000000, 0x00008000, 0x00108020, 0x80100000,
94 0x00100020, 0x80000020, 0x00000000, 0x00108000,
95 0x00008020, 0x80108000, 0x80100000, 0x00008020,
96 0x00000000, 0x00108020, 0x80100020, 0x00100000,
97 0x80008020, 0x80100000, 0x80108000, 0x00008000,
98 0x80100000, 0x80008000, 0x00000020, 0x80108020,
99 0x00108020, 0x00000020, 0x00008000, 0x80000000,
100 0x00008020, 0x80108000, 0x00100000, 0x80000020,
101 0x00100020, 0x80008020, 0x80000020, 0x00100020,
102 0x00108000, 0x00000000, 0x80008000, 0x00008020,
103 0x80000000, 0x80100020, 0x80108020, 0x00108000
104};
105
106static const unsigned long SB3[64] =
107{
108 0x00000208, 0x08020200, 0x00000000, 0x08020008,
109 0x08000200, 0x00000000, 0x00020208, 0x08000200,
110 0x00020008, 0x08000008, 0x08000008, 0x00020000,
111 0x08020208, 0x00020008, 0x08020000, 0x00000208,
112 0x08000000, 0x00000008, 0x08020200, 0x00000200,
113 0x00020200, 0x08020000, 0x08020008, 0x00020208,
114 0x08000208, 0x00020200, 0x00020000, 0x08000208,
115 0x00000008, 0x08020208, 0x00000200, 0x08000000,
116 0x08020200, 0x08000000, 0x00020008, 0x00000208,
117 0x00020000, 0x08020200, 0x08000200, 0x00000000,
118 0x00000200, 0x00020008, 0x08020208, 0x08000200,
119 0x08000008, 0x00000200, 0x00000000, 0x08020008,
120 0x08000208, 0x00020000, 0x08000000, 0x08020208,
121 0x00000008, 0x00020208, 0x00020200, 0x08000008,
122 0x08020000, 0x08000208, 0x00000208, 0x08020000,
123 0x00020208, 0x00000008, 0x08020008, 0x00020200
124};
125
126static const unsigned long SB4[64] =
127{
128 0x00802001, 0x00002081, 0x00002081, 0x00000080,
129 0x00802080, 0x00800081, 0x00800001, 0x00002001,
130 0x00000000, 0x00802000, 0x00802000, 0x00802081,
131 0x00000081, 0x00000000, 0x00800080, 0x00800001,
132 0x00000001, 0x00002000, 0x00800000, 0x00802001,
133 0x00000080, 0x00800000, 0x00002001, 0x00002080,
134 0x00800081, 0x00000001, 0x00002080, 0x00800080,
135 0x00002000, 0x00802080, 0x00802081, 0x00000081,
136 0x00800080, 0x00800001, 0x00802000, 0x00802081,
137 0x00000081, 0x00000000, 0x00000000, 0x00802000,
138 0x00002080, 0x00800080, 0x00800081, 0x00000001,
139 0x00802001, 0x00002081, 0x00002081, 0x00000080,
140 0x00802081, 0x00000081, 0x00000001, 0x00002000,
141 0x00800001, 0x00002001, 0x00802080, 0x00800081,
142 0x00002001, 0x00002080, 0x00800000, 0x00802001,
143 0x00000080, 0x00800000, 0x00002000, 0x00802080
144};
145
146static const unsigned long SB5[64] =
147{
148 0x00000100, 0x02080100, 0x02080000, 0x42000100,
149 0x00080000, 0x00000100, 0x40000000, 0x02080000,
150 0x40080100, 0x00080000, 0x02000100, 0x40080100,
151 0x42000100, 0x42080000, 0x00080100, 0x40000000,
152 0x02000000, 0x40080000, 0x40080000, 0x00000000,
153 0x40000100, 0x42080100, 0x42080100, 0x02000100,
154 0x42080000, 0x40000100, 0x00000000, 0x42000000,
155 0x02080100, 0x02000000, 0x42000000, 0x00080100,
156 0x00080000, 0x42000100, 0x00000100, 0x02000000,
157 0x40000000, 0x02080000, 0x42000100, 0x40080100,
158 0x02000100, 0x40000000, 0x42080000, 0x02080100,
159 0x40080100, 0x00000100, 0x02000000, 0x42080000,
160 0x42080100, 0x00080100, 0x42000000, 0x42080100,
161 0x02080000, 0x00000000, 0x40080000, 0x42000000,
162 0x00080100, 0x02000100, 0x40000100, 0x00080000,
163 0x00000000, 0x40080000, 0x02080100, 0x40000100
164};
165
166static const unsigned long SB6[64] =
167{
168 0x20000010, 0x20400000, 0x00004000, 0x20404010,
169 0x20400000, 0x00000010, 0x20404010, 0x00400000,
170 0x20004000, 0x00404010, 0x00400000, 0x20000010,
171 0x00400010, 0x20004000, 0x20000000, 0x00004010,
172 0x00000000, 0x00400010, 0x20004010, 0x00004000,
173 0x00404000, 0x20004010, 0x00000010, 0x20400010,
174 0x20400010, 0x00000000, 0x00404010, 0x20404000,
175 0x00004010, 0x00404000, 0x20404000, 0x20000000,
176 0x20004000, 0x00000010, 0x20400010, 0x00404000,
177 0x20404010, 0x00400000, 0x00004010, 0x20000010,
178 0x00400000, 0x20004000, 0x20000000, 0x00004010,
179 0x20000010, 0x20404010, 0x00404000, 0x20400000,
180 0x00404010, 0x20404000, 0x00000000, 0x20400010,
181 0x00000010, 0x00004000, 0x20400000, 0x00404010,
182 0x00004000, 0x00400010, 0x20004010, 0x00000000,
183 0x20404000, 0x20000000, 0x00400010, 0x20004010
184};
185
186static const unsigned long SB7[64] =
187{
188 0x00200000, 0x04200002, 0x04000802, 0x00000000,
189 0x00000800, 0x04000802, 0x00200802, 0x04200800,
190 0x04200802, 0x00200000, 0x00000000, 0x04000002,
191 0x00000002, 0x04000000, 0x04200002, 0x00000802,
192 0x04000800, 0x00200802, 0x00200002, 0x04000800,
193 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802,
195 0x00200800, 0x00000002, 0x04000000, 0x00200800,
196 0x04000000, 0x00200800, 0x00200000, 0x04000802,
197 0x04000802, 0x04200002, 0x04200002, 0x00000002,
198 0x00200002, 0x04000000, 0x04000800, 0x00200000,
199 0x04200800, 0x00000802, 0x00200802, 0x04200800,
200 0x00000802, 0x04000002, 0x04200802, 0x04200000,
201 0x00200800, 0x00000000, 0x00000002, 0x04200802,
202 0x00000000, 0x00200802, 0x04200000, 0x00000800,
203 0x04000002, 0x04000800, 0x00000800, 0x00200002
204};
205
206static const unsigned long SB8[64] =
207{
208 0x10001040, 0x00001000, 0x00040000, 0x10041040,
209 0x10000000, 0x10001040, 0x00000040, 0x10000000,
210 0x00040040, 0x10040000, 0x10041040, 0x00041000,
211 0x10041000, 0x00041040, 0x00001000, 0x00000040,
212 0x10040000, 0x10000040, 0x10001000, 0x00001040,
213 0x00041000, 0x00040040, 0x10040040, 0x10041000,
214 0x00001040, 0x00000000, 0x00000000, 0x10040040,
215 0x10000040, 0x10001000, 0x00041040, 0x00040000,
216 0x00041040, 0x00040000, 0x10041000, 0x00001000,
217 0x00000040, 0x10040040, 0x00001000, 0x00041040,
218 0x10001000, 0x00000040, 0x10000040, 0x10040000,
219 0x10040040, 0x10000000, 0x00040000, 0x10001040,
220 0x00000000, 0x10041040, 0x00040040, 0x10000040,
221 0x10040000, 0x10001000, 0x10001040, 0x00000000,
222 0x10041040, 0x00041000, 0x00041000, 0x00001040,
223 0x00001040, 0x00040040, 0x10000000, 0x10041000
224};
225
226/*
227 * PC1: left and right halves bit-swap
228 */
229static const unsigned long LHs[16] =
230{
231 0x00000000, 0x00000001, 0x00000100, 0x00000101,
232 0x00010000, 0x00010001, 0x00010100, 0x00010101,
233 0x01000000, 0x01000001, 0x01000100, 0x01000101,
234 0x01010000, 0x01010001, 0x01010100, 0x01010101
235};
236
237static const unsigned long RHs[16] =
238{
239 0x00000000, 0x01000000, 0x00010000, 0x01010000,
240 0x00000100, 0x01000100, 0x00010100, 0x01010100,
241 0x00000001, 0x01000001, 0x00010001, 0x01010001,
242 0x00000101, 0x01000101, 0x00010101, 0x01010101,
243};
244
245/*
246 * Initial Permutation macro
247 */
248#define DES_IP(X,Y) \
249{ \
250 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257}
258
259/*
260 * Final Permutation macro
261 */
262#define DES_FP(X,Y) \
263{ \
264 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271}
272
273/*
274 * DES round macro
275 */
276#define DES_ROUND(X,Y) \
277{ \
278 T = *SK++ ^ X; \
279 Y ^= SB8[ (T ) & 0x3F ] ^ \
280 SB6[ (T >> 8) & 0x3F ] ^ \
281 SB4[ (T >> 16) & 0x3F ] ^ \
282 SB2[ (T >> 24) & 0x3F ]; \
283 \
284 T = *SK++ ^ ((X << 28) | (X >> 4)); \
285 Y ^= SB7[ (T ) & 0x3F ] ^ \
286 SB5[ (T >> 8) & 0x3F ] ^ \
287 SB3[ (T >> 16) & 0x3F ] ^ \
288 SB1[ (T >> 24) & 0x3F ]; \
289}
290
291#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
292
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]293static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
294 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
295 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
296 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
297 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
298 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
299 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
300 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
301 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
302 254 };
303
304void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
305{
306 int i;
307
308 for( i = 0; i < DES_KEY_SIZE; i++ )
309 key[i] = odd_parity_table[key[i] / 2];
310}
311
312/*
313 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
314 */
315int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
316{
317 int i;
318
319 for( i = 0; i < DES_KEY_SIZE; i++ )
320 if ( key[i] != odd_parity_table[key[i] / 2] )
321 return( 1 );
322
323 return( 0 );
324}
325
326/*
327 * Table of weak and semi-weak keys
328 *
329 * Source: http://en.wikipedia.org/wiki/Weak_key
330 *
331 * Weak:
332 * Alternating ones + zeros (0x0101010101010101)
333 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
334 * '0xE0E0E0E0F1F1F1F1'
335 * '0x1F1F1F1F0E0E0E0E'
336 *
337 * Semi-weak:
338 * 0x011F011F010E010E and 0x1F011F010E010E01
339 * 0x01E001E001F101F1 and 0xE001E001F101F101
340 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
341 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
342 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
343 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
344 *
345 */
346
347#define WEAK_KEY_COUNT 16
348
349static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
350{
351 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
352 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
353 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
354 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
355
356 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
357 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
358 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
359 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
360 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
361 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
362 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
363 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
364 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
365 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
366 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
367 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
368};
369
370int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
371{
372 int i;
373
374 for( i = 0; i < WEAK_KEY_COUNT; i++ )
375 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
376 return( 0 );
377
378 return( 1 );
379}
380
381static void des_setkey( unsigned long SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382{
383 int i;
384 unsigned long X, Y, T;
385
386 GET_ULONG_BE( X, key, 0 );
387 GET_ULONG_BE( Y, key, 4 );
388
389 /*
390 * Permuted Choice 1
391 */
392 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
393 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
394
395 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
396 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
397 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
398 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
399
400 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
401 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
402 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
403 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
404
405 X &= 0x0FFFFFFF;
406 Y &= 0x0FFFFFFF;
407
408 /*
409 * calculate subkeys
410 */
411 for( i = 0; i < 16; i++ )
412 {
413 if( i < 2 || i == 8 || i == 15 )
414 {
415 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
416 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
417 }
418 else
419 {
420 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
421 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
422 }
423
424 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
425 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
426 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
427 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
428 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
429 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
430 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
431 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
432 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
433 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
434 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
435
436 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
437 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
438 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
439 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
440 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
441 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
442 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
443 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
444 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
445 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
446 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
447 }
448}
449
450/*
451 * DES key schedule (56-bit, encryption)
452 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]453int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454{
455 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]456
457 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]458}
459
460/*
461 * DES key schedule (56-bit, decryption)
462 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]463int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]464{
465 int i;
466
467 des_setkey( ctx->sk, key );
468
469 for( i = 0; i < 16; i += 2 )
470 {
471 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
472 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
473 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]474
475 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476}
477
478static void des3_set2key( unsigned long esk[96],
479 unsigned long dsk[96],
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]480 const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481{
482 int i;
483
484 des_setkey( esk, key );
485 des_setkey( dsk + 32, key + 8 );
486
487 for( i = 0; i < 32; i += 2 )
488 {
489 dsk[i ] = esk[30 - i];
490 dsk[i + 1] = esk[31 - i];
491
492 esk[i + 32] = dsk[62 - i];
493 esk[i + 33] = dsk[63 - i];
494
495 esk[i + 64] = esk[i ];
496 esk[i + 65] = esk[i + 1];
497
498 dsk[i + 64] = dsk[i ];
499 dsk[i + 65] = dsk[i + 1];
500 }
501}
502
503/*
504 * Triple-DES key schedule (112-bit, encryption)
505 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]506int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]507{
508 unsigned long sk[96];
509
510 des3_set2key( ctx->sk, sk, key );
511 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]512
513 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]514}
515
516/*
517 * Triple-DES key schedule (112-bit, decryption)
518 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]519int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]520{
521 unsigned long sk[96];
522
523 des3_set2key( sk, ctx->sk, key );
524 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]525
526 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]527}
528
529static void des3_set3key( unsigned long esk[96],
530 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]531 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]532{
533 int i;
534
535 des_setkey( esk, key );
536 des_setkey( dsk + 32, key + 8 );
537 des_setkey( esk + 64, key + 16 );
538
539 for( i = 0; i < 32; i += 2 )
540 {
541 dsk[i ] = esk[94 - i];
542 dsk[i + 1] = esk[95 - i];
543
544 esk[i + 32] = dsk[62 - i];
545 esk[i + 33] = dsk[63 - i];
546
547 dsk[i + 64] = esk[30 - i];
548 dsk[i + 65] = esk[31 - i];
549 }
550}
551
552/*
553 * Triple-DES key schedule (168-bit, encryption)
554 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]555int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]556{
557 unsigned long sk[96];
558
559 des3_set3key( ctx->sk, sk, key );
560 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]561
562 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]563}
564
565/*
566 * Triple-DES key schedule (168-bit, decryption)
567 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]568int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]569{
570 unsigned long sk[96];
571
572 des3_set3key( sk, ctx->sk, key );
573 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]574
575 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]576}
577
578/*
579 * DES-ECB block encryption/decryption
580 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]581int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]582 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]583 unsigned char output[8] )
584{
585 int i;
586 unsigned long X, Y, T, *SK;
587
588 SK = ctx->sk;
589
590 GET_ULONG_BE( X, input, 0 );
591 GET_ULONG_BE( Y, input, 4 );
592
593 DES_IP( X, Y );
594
595 for( i = 0; i < 8; i++ )
596 {
597 DES_ROUND( Y, X );
598 DES_ROUND( X, Y );
599 }
600
601 DES_FP( Y, X );
602
603 PUT_ULONG_BE( Y, output, 0 );
604 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]605
606 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]607}
608
609/*
610 * DES-CBC buffer encryption/decryption
611 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]612int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]613 int mode,
614 int length,
615 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]616 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]617 unsigned char *output )
618{
619 int i;
620 unsigned char temp[8];
621
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]622 if( length % 8 )
623 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
624
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]625 if( mode == DES_ENCRYPT )
626 {
627 while( length > 0 )
628 {
629 for( i = 0; i < 8; i++ )
630 output[i] = (unsigned char)( input[i] ^ iv[i] );
631
632 des_crypt_ecb( ctx, output, output );
633 memcpy( iv, output, 8 );
634
635 input += 8;
636 output += 8;
637 length -= 8;
638 }
639 }
640 else /* DES_DECRYPT */
641 {
642 while( length > 0 )
643 {
644 memcpy( temp, input, 8 );
645 des_crypt_ecb( ctx, input, output );
646
647 for( i = 0; i < 8; i++ )
648 output[i] = (unsigned char)( output[i] ^ iv[i] );
649
650 memcpy( iv, temp, 8 );
651
652 input += 8;
653 output += 8;
654 length -= 8;
655 }
656 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]657
658 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]659}
660
661/*
662 * 3DES-ECB block encryption/decryption
663 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]664int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]665 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]666 unsigned char output[8] )
667{
668 int i;
669 unsigned long X, Y, T, *SK;
670
671 SK = ctx->sk;
672
673 GET_ULONG_BE( X, input, 0 );
674 GET_ULONG_BE( Y, input, 4 );
675
676 DES_IP( X, Y );
677
678 for( i = 0; i < 8; i++ )
679 {
680 DES_ROUND( Y, X );
681 DES_ROUND( X, Y );
682 }
683
684 for( i = 0; i < 8; i++ )
685 {
686 DES_ROUND( X, Y );
687 DES_ROUND( Y, X );
688 }
689
690 for( i = 0; i < 8; i++ )
691 {
692 DES_ROUND( Y, X );
693 DES_ROUND( X, Y );
694 }
695
696 DES_FP( Y, X );
697
698 PUT_ULONG_BE( Y, output, 0 );
699 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]700
701 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]702}
703
704/*
705 * 3DES-CBC buffer encryption/decryption
706 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]707int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]708 int mode,
709 int length,
710 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]711 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]712 unsigned char *output )
713{
714 int i;
715 unsigned char temp[8];
716
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]717 if( length % 8 )
718 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
719
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]720 if( mode == DES_ENCRYPT )
721 {
722 while( length > 0 )
723 {
724 for( i = 0; i < 8; i++ )
725 output[i] = (unsigned char)( input[i] ^ iv[i] );
726
727 des3_crypt_ecb( ctx, output, output );
728 memcpy( iv, output, 8 );
729
730 input += 8;
731 output += 8;
732 length -= 8;
733 }
734 }
735 else /* DES_DECRYPT */
736 {
737 while( length > 0 )
738 {
739 memcpy( temp, input, 8 );
740 des3_crypt_ecb( ctx, input, output );
741
742 for( i = 0; i < 8; i++ )
743 output[i] = (unsigned char)( output[i] ^ iv[i] );
744
745 memcpy( iv, temp, 8 );
746
747 input += 8;
748 output += 8;
749 length -= 8;
750 }
751 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]752
753 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]754}
755
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]756#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]757
758#include <stdio.h>
759
760/*
761 * DES and 3DES test vectors from:
762 *
763 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
764 */
765static const unsigned char des3_test_keys[24] =
766{
767 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
768 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
769 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
770};
771
772static const unsigned char des3_test_iv[8] =
773{
774 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
775};
776
777static const unsigned char des3_test_buf[8] =
778{
779 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
780};
781
782static const unsigned char des3_test_ecb_dec[3][8] =
783{
784 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
785 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
786 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
787};
788
789static const unsigned char des3_test_ecb_enc[3][8] =
790{
791 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
792 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
793 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
794};
795
796static const unsigned char des3_test_cbc_dec[3][8] =
797{
798 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
799 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
800 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
801};
802
803static const unsigned char des3_test_cbc_enc[3][8] =
804{
805 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
806 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
807 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
808};
809
810/*
811 * Checkup routine
812 */
813int des_self_test( int verbose )
814{
815 int i, j, u, v;
816 des_context ctx;
817 des3_context ctx3;
818 unsigned char key[24];
819 unsigned char buf[8];
820 unsigned char prv[8];
821 unsigned char iv[8];
822
823 memset( key, 0, 24 );
824
825 /*
826 * ECB mode
827 */
828 for( i = 0; i < 6; i++ )
829 {
830 u = i >> 1;
831 v = i & 1;
832
833 if( verbose != 0 )
834 printf( " DES%c-ECB-%3d (%s): ",
835 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
836 ( v == DES_DECRYPT ) ? "dec" : "enc" );
837
838 memcpy( buf, des3_test_buf, 8 );
839
840 switch( i )
841 {
842 case 0:
843 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
844 break;
845
846 case 1:
847 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
848 break;
849
850 case 2:
851 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
852 break;
853
854 case 3:
855 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
856 break;
857
858 case 4:
859 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
860 break;
861
862 case 5:
863 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
864 break;
865
866 default:
867 return( 1 );
868 }
869
870 for( j = 0; j < 10000; j++ )
871 {
872 if( u == 0 )
873 des_crypt_ecb( &ctx, buf, buf );
874 else
875 des3_crypt_ecb( &ctx3, buf, buf );
876 }
877
878 if( ( v == DES_DECRYPT &&
879 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
880 ( v != DES_DECRYPT &&
881 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
882 {
883 if( verbose != 0 )
884 printf( "failed\n" );
885
886 return( 1 );
887 }
888
889 if( verbose != 0 )
890 printf( "passed\n" );
891 }
892
893 if( verbose != 0 )
894 printf( "\n" );
895
896 /*
897 * CBC mode
898 */
899 for( i = 0; i < 6; i++ )
900 {
901 u = i >> 1;
902 v = i & 1;
903
904 if( verbose != 0 )
905 printf( " DES%c-CBC-%3d (%s): ",
906 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
907 ( v == DES_DECRYPT ) ? "dec" : "enc" );
908
909 memcpy( iv, des3_test_iv, 8 );
910 memcpy( prv, des3_test_iv, 8 );
911 memcpy( buf, des3_test_buf, 8 );
912
913 switch( i )
914 {
915 case 0:
916 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
917 break;
918
919 case 1:
920 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
921 break;
922
923 case 2:
924 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
925 break;
926
927 case 3:
928 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
929 break;
930
931 case 4:
932 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
933 break;
934
935 case 5:
936 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
937 break;
938
939 default:
940 return( 1 );
941 }
942
943 if( v == DES_DECRYPT )
944 {
945 for( j = 0; j < 10000; j++ )
946 {
947 if( u == 0 )
948 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
949 else
950 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
951 }
952 }
953 else
954 {
955 for( j = 0; j < 10000; j++ )
956 {
957 unsigned char tmp[8];
958
959 if( u == 0 )
960 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
961 else
962 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
963
964 memcpy( tmp, prv, 8 );
965 memcpy( prv, buf, 8 );
966 memcpy( buf, tmp, 8 );
967 }
968
969 memcpy( buf, prv, 8 );
970 }
971
972 if( ( v == DES_DECRYPT &&
973 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
974 ( v != DES_DECRYPT &&
975 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
976 {
977 if( verbose != 0 )
978 printf( "failed\n" );
979
980 return( 1 );
981 }
982
983 if( verbose != 0 )
984 printf( "passed\n" );
985 }
986
987 if( verbose != 0 )
988 printf( "\n" );
989
990 return( 0 );
991}
992
993#endif
994
995#endif