TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 84f12b76fc6d5b9dc3ec4eff3dc0f1e6b03a259a / . / library / des.c
blob: 25091aae8e9155b1c80ab5257e8ba39a05ed44e4 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame^]4 * Copyright (C) 2006-2010, Brainspark B.V.
5 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]6 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * DES, on which TDES is based, was originally designed by Horst Feistel
24 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
25 *
26 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
27 */
28
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]29#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
35#include <string.h>
36
37/*
38 * 32-bit integer manipulation macros (big endian)
39 */
40#ifndef GET_ULONG_BE
41#define GET_ULONG_BE(n,b,i) \
42{ \
43 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
44 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
45 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
46 | ( (unsigned long) (b)[(i) + 3] ); \
47}
48#endif
49
50#ifndef PUT_ULONG_BE
51#define PUT_ULONG_BE(n,b,i) \
52{ \
53 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
54 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
55 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
56 (b)[(i) + 3] = (unsigned char) ( (n) ); \
57}
58#endif
59
60/*
61 * Expanded DES S-boxes
62 */
63static const unsigned long SB1[64] =
64{
65 0x01010400, 0x00000000, 0x00010000, 0x01010404,
66 0x01010004, 0x00010404, 0x00000004, 0x00010000,
67 0x00000400, 0x01010400, 0x01010404, 0x00000400,
68 0x01000404, 0x01010004, 0x01000000, 0x00000004,
69 0x00000404, 0x01000400, 0x01000400, 0x00010400,
70 0x00010400, 0x01010000, 0x01010000, 0x01000404,
71 0x00010004, 0x01000004, 0x01000004, 0x00010004,
72 0x00000000, 0x00000404, 0x00010404, 0x01000000,
73 0x00010000, 0x01010404, 0x00000004, 0x01010000,
74 0x01010400, 0x01000000, 0x01000000, 0x00000400,
75 0x01010004, 0x00010000, 0x00010400, 0x01000004,
76 0x00000400, 0x00000004, 0x01000404, 0x00010404,
77 0x01010404, 0x00010004, 0x01010000, 0x01000404,
78 0x01000004, 0x00000404, 0x00010404, 0x01010400,
79 0x00000404, 0x01000400, 0x01000400, 0x00000000,
80 0x00010004, 0x00010400, 0x00000000, 0x01010004
81};
82
83static const unsigned long SB2[64] =
84{
85 0x80108020, 0x80008000, 0x00008000, 0x00108020,
86 0x00100000, 0x00000020, 0x80100020, 0x80008020,
87 0x80000020, 0x80108020, 0x80108000, 0x80000000,
88 0x80008000, 0x00100000, 0x00000020, 0x80100020,
89 0x00108000, 0x00100020, 0x80008020, 0x00000000,
90 0x80000000, 0x00008000, 0x00108020, 0x80100000,
91 0x00100020, 0x80000020, 0x00000000, 0x00108000,
92 0x00008020, 0x80108000, 0x80100000, 0x00008020,
93 0x00000000, 0x00108020, 0x80100020, 0x00100000,
94 0x80008020, 0x80100000, 0x80108000, 0x00008000,
95 0x80100000, 0x80008000, 0x00000020, 0x80108020,
96 0x00108020, 0x00000020, 0x00008000, 0x80000000,
97 0x00008020, 0x80108000, 0x00100000, 0x80000020,
98 0x00100020, 0x80008020, 0x80000020, 0x00100020,
99 0x00108000, 0x00000000, 0x80008000, 0x00008020,
100 0x80000000, 0x80100020, 0x80108020, 0x00108000
101};
102
103static const unsigned long SB3[64] =
104{
105 0x00000208, 0x08020200, 0x00000000, 0x08020008,
106 0x08000200, 0x00000000, 0x00020208, 0x08000200,
107 0x00020008, 0x08000008, 0x08000008, 0x00020000,
108 0x08020208, 0x00020008, 0x08020000, 0x00000208,
109 0x08000000, 0x00000008, 0x08020200, 0x00000200,
110 0x00020200, 0x08020000, 0x08020008, 0x00020208,
111 0x08000208, 0x00020200, 0x00020000, 0x08000208,
112 0x00000008, 0x08020208, 0x00000200, 0x08000000,
113 0x08020200, 0x08000000, 0x00020008, 0x00000208,
114 0x00020000, 0x08020200, 0x08000200, 0x00000000,
115 0x00000200, 0x00020008, 0x08020208, 0x08000200,
116 0x08000008, 0x00000200, 0x00000000, 0x08020008,
117 0x08000208, 0x00020000, 0x08000000, 0x08020208,
118 0x00000008, 0x00020208, 0x00020200, 0x08000008,
119 0x08020000, 0x08000208, 0x00000208, 0x08020000,
120 0x00020208, 0x00000008, 0x08020008, 0x00020200
121};
122
123static const unsigned long SB4[64] =
124{
125 0x00802001, 0x00002081, 0x00002081, 0x00000080,
126 0x00802080, 0x00800081, 0x00800001, 0x00002001,
127 0x00000000, 0x00802000, 0x00802000, 0x00802081,
128 0x00000081, 0x00000000, 0x00800080, 0x00800001,
129 0x00000001, 0x00002000, 0x00800000, 0x00802001,
130 0x00000080, 0x00800000, 0x00002001, 0x00002080,
131 0x00800081, 0x00000001, 0x00002080, 0x00800080,
132 0x00002000, 0x00802080, 0x00802081, 0x00000081,
133 0x00800080, 0x00800001, 0x00802000, 0x00802081,
134 0x00000081, 0x00000000, 0x00000000, 0x00802000,
135 0x00002080, 0x00800080, 0x00800081, 0x00000001,
136 0x00802001, 0x00002081, 0x00002081, 0x00000080,
137 0x00802081, 0x00000081, 0x00000001, 0x00002000,
138 0x00800001, 0x00002001, 0x00802080, 0x00800081,
139 0x00002001, 0x00002080, 0x00800000, 0x00802001,
140 0x00000080, 0x00800000, 0x00002000, 0x00802080
141};
142
143static const unsigned long SB5[64] =
144{
145 0x00000100, 0x02080100, 0x02080000, 0x42000100,
146 0x00080000, 0x00000100, 0x40000000, 0x02080000,
147 0x40080100, 0x00080000, 0x02000100, 0x40080100,
148 0x42000100, 0x42080000, 0x00080100, 0x40000000,
149 0x02000000, 0x40080000, 0x40080000, 0x00000000,
150 0x40000100, 0x42080100, 0x42080100, 0x02000100,
151 0x42080000, 0x40000100, 0x00000000, 0x42000000,
152 0x02080100, 0x02000000, 0x42000000, 0x00080100,
153 0x00080000, 0x42000100, 0x00000100, 0x02000000,
154 0x40000000, 0x02080000, 0x42000100, 0x40080100,
155 0x02000100, 0x40000000, 0x42080000, 0x02080100,
156 0x40080100, 0x00000100, 0x02000000, 0x42080000,
157 0x42080100, 0x00080100, 0x42000000, 0x42080100,
158 0x02080000, 0x00000000, 0x40080000, 0x42000000,
159 0x00080100, 0x02000100, 0x40000100, 0x00080000,
160 0x00000000, 0x40080000, 0x02080100, 0x40000100
161};
162
163static const unsigned long SB6[64] =
164{
165 0x20000010, 0x20400000, 0x00004000, 0x20404010,
166 0x20400000, 0x00000010, 0x20404010, 0x00400000,
167 0x20004000, 0x00404010, 0x00400000, 0x20000010,
168 0x00400010, 0x20004000, 0x20000000, 0x00004010,
169 0x00000000, 0x00400010, 0x20004010, 0x00004000,
170 0x00404000, 0x20004010, 0x00000010, 0x20400010,
171 0x20400010, 0x00000000, 0x00404010, 0x20404000,
172 0x00004010, 0x00404000, 0x20404000, 0x20000000,
173 0x20004000, 0x00000010, 0x20400010, 0x00404000,
174 0x20404010, 0x00400000, 0x00004010, 0x20000010,
175 0x00400000, 0x20004000, 0x20000000, 0x00004010,
176 0x20000010, 0x20404010, 0x00404000, 0x20400000,
177 0x00404010, 0x20404000, 0x00000000, 0x20400010,
178 0x00000010, 0x00004000, 0x20400000, 0x00404010,
179 0x00004000, 0x00400010, 0x20004010, 0x00000000,
180 0x20404000, 0x20000000, 0x00400010, 0x20004010
181};
182
183static const unsigned long SB7[64] =
184{
185 0x00200000, 0x04200002, 0x04000802, 0x00000000,
186 0x00000800, 0x04000802, 0x00200802, 0x04200800,
187 0x04200802, 0x00200000, 0x00000000, 0x04000002,
188 0x00000002, 0x04000000, 0x04200002, 0x00000802,
189 0x04000800, 0x00200802, 0x00200002, 0x04000800,
190 0x04000002, 0x04200000, 0x04200800, 0x00200002,
191 0x04200000, 0x00000800, 0x00000802, 0x04200802,
192 0x00200800, 0x00000002, 0x04000000, 0x00200800,
193 0x04000000, 0x00200800, 0x00200000, 0x04000802,
194 0x04000802, 0x04200002, 0x04200002, 0x00000002,
195 0x00200002, 0x04000000, 0x04000800, 0x00200000,
196 0x04200800, 0x00000802, 0x00200802, 0x04200800,
197 0x00000802, 0x04000002, 0x04200802, 0x04200000,
198 0x00200800, 0x00000000, 0x00000002, 0x04200802,
199 0x00000000, 0x00200802, 0x04200000, 0x00000800,
200 0x04000002, 0x04000800, 0x00000800, 0x00200002
201};
202
203static const unsigned long SB8[64] =
204{
205 0x10001040, 0x00001000, 0x00040000, 0x10041040,
206 0x10000000, 0x10001040, 0x00000040, 0x10000000,
207 0x00040040, 0x10040000, 0x10041040, 0x00041000,
208 0x10041000, 0x00041040, 0x00001000, 0x00000040,
209 0x10040000, 0x10000040, 0x10001000, 0x00001040,
210 0x00041000, 0x00040040, 0x10040040, 0x10041000,
211 0x00001040, 0x00000000, 0x00000000, 0x10040040,
212 0x10000040, 0x10001000, 0x00041040, 0x00040000,
213 0x00041040, 0x00040000, 0x10041000, 0x00001000,
214 0x00000040, 0x10040040, 0x00001000, 0x00041040,
215 0x10001000, 0x00000040, 0x10000040, 0x10040000,
216 0x10040040, 0x10000000, 0x00040000, 0x10001040,
217 0x00000000, 0x10041040, 0x00040040, 0x10000040,
218 0x10040000, 0x10001000, 0x10001040, 0x00000000,
219 0x10041040, 0x00041000, 0x00041000, 0x00001040,
220 0x00001040, 0x00040040, 0x10000000, 0x10041000
221};
222
223/*
224 * PC1: left and right halves bit-swap
225 */
226static const unsigned long LHs[16] =
227{
228 0x00000000, 0x00000001, 0x00000100, 0x00000101,
229 0x00010000, 0x00010001, 0x00010100, 0x00010101,
230 0x01000000, 0x01000001, 0x01000100, 0x01000101,
231 0x01010000, 0x01010001, 0x01010100, 0x01010101
232};
233
234static const unsigned long RHs[16] =
235{
236 0x00000000, 0x01000000, 0x00010000, 0x01010000,
237 0x00000100, 0x01000100, 0x00010100, 0x01010100,
238 0x00000001, 0x01000001, 0x00010001, 0x01010001,
239 0x00000101, 0x01000101, 0x00010101, 0x01010101,
240};
241
242/*
243 * Initial Permutation macro
244 */
245#define DES_IP(X,Y) \
246{ \
247 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
248 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
249 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
250 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
251 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
252 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
253 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
254}
255
256/*
257 * Final Permutation macro
258 */
259#define DES_FP(X,Y) \
260{ \
261 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
262 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
263 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
264 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
265 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
266 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
267 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
268}
269
270/*
271 * DES round macro
272 */
273#define DES_ROUND(X,Y) \
274{ \
275 T = *SK++ ^ X; \
276 Y ^= SB8[ (T ) & 0x3F ] ^ \
277 SB6[ (T >> 8) & 0x3F ] ^ \
278 SB4[ (T >> 16) & 0x3F ] ^ \
279 SB2[ (T >> 24) & 0x3F ]; \
280 \
281 T = *SK++ ^ ((X << 28) | (X >> 4)); \
282 Y ^= SB7[ (T ) & 0x3F ] ^ \
283 SB5[ (T >> 8) & 0x3F ] ^ \
284 SB3[ (T >> 16) & 0x3F ] ^ \
285 SB1[ (T >> 24) & 0x3F ]; \
286}
287
288#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
289
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]290static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]291{
292 int i;
293 unsigned long X, Y, T;
294
295 GET_ULONG_BE( X, key, 0 );
296 GET_ULONG_BE( Y, key, 4 );
297
298 /*
299 * Permuted Choice 1
300 */
301 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
302 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
303
304 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
305 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
306 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
307 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
308
309 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
310 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
311 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
312 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
313
314 X &= 0x0FFFFFFF;
315 Y &= 0x0FFFFFFF;
316
317 /*
318 * calculate subkeys
319 */
320 for( i = 0; i < 16; i++ )
321 {
322 if( i < 2 || i == 8 || i == 15 )
323 {
324 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
325 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
326 }
327 else
328 {
329 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
330 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
331 }
332
333 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
334 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
335 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
336 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
337 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
338 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
339 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
340 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
341 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
342 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
343 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
344
345 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
346 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
347 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
348 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
349 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
350 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
351 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
352 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
353 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
354 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
355 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
356 }
357}
358
359/*
360 * DES key schedule (56-bit, encryption)
361 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]362void des_setkey_enc( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363{
364 des_setkey( ctx->sk, key );
365}
366
367/*
368 * DES key schedule (56-bit, decryption)
369 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]370void des_setkey_dec( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]371{
372 int i;
373
374 des_setkey( ctx->sk, key );
375
376 for( i = 0; i < 16; i += 2 )
377 {
378 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
379 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
380 }
381}
382
383static void des3_set2key( unsigned long esk[96],
384 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]385 const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]386{
387 int i;
388
389 des_setkey( esk, key );
390 des_setkey( dsk + 32, key + 8 );
391
392 for( i = 0; i < 32; i += 2 )
393 {
394 dsk[i ] = esk[30 - i];
395 dsk[i + 1] = esk[31 - i];
396
397 esk[i + 32] = dsk[62 - i];
398 esk[i + 33] = dsk[63 - i];
399
400 esk[i + 64] = esk[i ];
401 esk[i + 65] = esk[i + 1];
402
403 dsk[i + 64] = dsk[i ];
404 dsk[i + 65] = dsk[i + 1];
405 }
406}
407
408/*
409 * Triple-DES key schedule (112-bit, encryption)
410 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]411void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]412{
413 unsigned long sk[96];
414
415 des3_set2key( ctx->sk, sk, key );
416 memset( sk, 0, sizeof( sk ) );
417}
418
419/*
420 * Triple-DES key schedule (112-bit, decryption)
421 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]422void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423{
424 unsigned long sk[96];
425
426 des3_set2key( sk, ctx->sk, key );
427 memset( sk, 0, sizeof( sk ) );
428}
429
430static void des3_set3key( unsigned long esk[96],
431 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]432 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]433{
434 int i;
435
436 des_setkey( esk, key );
437 des_setkey( dsk + 32, key + 8 );
438 des_setkey( esk + 64, key + 16 );
439
440 for( i = 0; i < 32; i += 2 )
441 {
442 dsk[i ] = esk[94 - i];
443 dsk[i + 1] = esk[95 - i];
444
445 esk[i + 32] = dsk[62 - i];
446 esk[i + 33] = dsk[63 - i];
447
448 dsk[i + 64] = esk[30 - i];
449 dsk[i + 65] = esk[31 - i];
450 }
451}
452
453/*
454 * Triple-DES key schedule (168-bit, encryption)
455 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]456void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]457{
458 unsigned long sk[96];
459
460 des3_set3key( ctx->sk, sk, key );
461 memset( sk, 0, sizeof( sk ) );
462}
463
464/*
465 * Triple-DES key schedule (168-bit, decryption)
466 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]467void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]468{
469 unsigned long sk[96];
470
471 des3_set3key( sk, ctx->sk, key );
472 memset( sk, 0, sizeof( sk ) );
473}
474
475/*
476 * DES-ECB block encryption/decryption
477 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]478int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]479 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]480 unsigned char output[8] )
481{
482 int i;
483 unsigned long X, Y, T, *SK;
484
485 SK = ctx->sk;
486
487 GET_ULONG_BE( X, input, 0 );
488 GET_ULONG_BE( Y, input, 4 );
489
490 DES_IP( X, Y );
491
492 for( i = 0; i < 8; i++ )
493 {
494 DES_ROUND( Y, X );
495 DES_ROUND( X, Y );
496 }
497
498 DES_FP( Y, X );
499
500 PUT_ULONG_BE( Y, output, 0 );
501 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]502
503 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]504}
505
506/*
507 * DES-CBC buffer encryption/decryption
508 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]509int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]510 int mode,
511 int length,
512 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]513 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]514 unsigned char *output )
515{
516 int i;
517 unsigned char temp[8];
518
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]519 if( length % 8 )
520 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
521
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]522 if( mode == DES_ENCRYPT )
523 {
524 while( length > 0 )
525 {
526 for( i = 0; i < 8; i++ )
527 output[i] = (unsigned char)( input[i] ^ iv[i] );
528
529 des_crypt_ecb( ctx, output, output );
530 memcpy( iv, output, 8 );
531
532 input += 8;
533 output += 8;
534 length -= 8;
535 }
536 }
537 else /* DES_DECRYPT */
538 {
539 while( length > 0 )
540 {
541 memcpy( temp, input, 8 );
542 des_crypt_ecb( ctx, input, output );
543
544 for( i = 0; i < 8; i++ )
545 output[i] = (unsigned char)( output[i] ^ iv[i] );
546
547 memcpy( iv, temp, 8 );
548
549 input += 8;
550 output += 8;
551 length -= 8;
552 }
553 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]554
555 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]556}
557
558/*
559 * 3DES-ECB block encryption/decryption
560 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]561int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]562 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]563 unsigned char output[8] )
564{
565 int i;
566 unsigned long X, Y, T, *SK;
567
568 SK = ctx->sk;
569
570 GET_ULONG_BE( X, input, 0 );
571 GET_ULONG_BE( Y, input, 4 );
572
573 DES_IP( X, Y );
574
575 for( i = 0; i < 8; i++ )
576 {
577 DES_ROUND( Y, X );
578 DES_ROUND( X, Y );
579 }
580
581 for( i = 0; i < 8; i++ )
582 {
583 DES_ROUND( X, Y );
584 DES_ROUND( Y, X );
585 }
586
587 for( i = 0; i < 8; i++ )
588 {
589 DES_ROUND( Y, X );
590 DES_ROUND( X, Y );
591 }
592
593 DES_FP( Y, X );
594
595 PUT_ULONG_BE( Y, output, 0 );
596 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]597
598 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]599}
600
601/*
602 * 3DES-CBC buffer encryption/decryption
603 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]604int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]605 int mode,
606 int length,
607 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]608 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]609 unsigned char *output )
610{
611 int i;
612 unsigned char temp[8];
613
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]614 if( length % 8 )
615 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
616
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]617 if( mode == DES_ENCRYPT )
618 {
619 while( length > 0 )
620 {
621 for( i = 0; i < 8; i++ )
622 output[i] = (unsigned char)( input[i] ^ iv[i] );
623
624 des3_crypt_ecb( ctx, output, output );
625 memcpy( iv, output, 8 );
626
627 input += 8;
628 output += 8;
629 length -= 8;
630 }
631 }
632 else /* DES_DECRYPT */
633 {
634 while( length > 0 )
635 {
636 memcpy( temp, input, 8 );
637 des3_crypt_ecb( ctx, input, output );
638
639 for( i = 0; i < 8; i++ )
640 output[i] = (unsigned char)( output[i] ^ iv[i] );
641
642 memcpy( iv, temp, 8 );
643
644 input += 8;
645 output += 8;
646 length -= 8;
647 }
648 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]649
650 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]651}
652
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]653#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]654
655#include <stdio.h>
656
657/*
658 * DES and 3DES test vectors from:
659 *
660 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
661 */
662static const unsigned char des3_test_keys[24] =
663{
664 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
665 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
666 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
667};
668
669static const unsigned char des3_test_iv[8] =
670{
671 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
672};
673
674static const unsigned char des3_test_buf[8] =
675{
676 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
677};
678
679static const unsigned char des3_test_ecb_dec[3][8] =
680{
681 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
682 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
683 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
684};
685
686static const unsigned char des3_test_ecb_enc[3][8] =
687{
688 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
689 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
690 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
691};
692
693static const unsigned char des3_test_cbc_dec[3][8] =
694{
695 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
696 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
697 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
698};
699
700static const unsigned char des3_test_cbc_enc[3][8] =
701{
702 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
703 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
704 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
705};
706
707/*
708 * Checkup routine
709 */
710int des_self_test( int verbose )
711{
712 int i, j, u, v;
713 des_context ctx;
714 des3_context ctx3;
715 unsigned char key[24];
716 unsigned char buf[8];
717 unsigned char prv[8];
718 unsigned char iv[8];
719
720 memset( key, 0, 24 );
721
722 /*
723 * ECB mode
724 */
725 for( i = 0; i < 6; i++ )
726 {
727 u = i >> 1;
728 v = i & 1;
729
730 if( verbose != 0 )
731 printf( " DES%c-ECB-%3d (%s): ",
732 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
733 ( v == DES_DECRYPT ) ? "dec" : "enc" );
734
735 memcpy( buf, des3_test_buf, 8 );
736
737 switch( i )
738 {
739 case 0:
740 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
741 break;
742
743 case 1:
744 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
745 break;
746
747 case 2:
748 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
749 break;
750
751 case 3:
752 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
753 break;
754
755 case 4:
756 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
757 break;
758
759 case 5:
760 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
761 break;
762
763 default:
764 return( 1 );
765 }
766
767 for( j = 0; j < 10000; j++ )
768 {
769 if( u == 0 )
770 des_crypt_ecb( &ctx, buf, buf );
771 else
772 des3_crypt_ecb( &ctx3, buf, buf );
773 }
774
775 if( ( v == DES_DECRYPT &&
776 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
777 ( v != DES_DECRYPT &&
778 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
779 {
780 if( verbose != 0 )
781 printf( "failed\n" );
782
783 return( 1 );
784 }
785
786 if( verbose != 0 )
787 printf( "passed\n" );
788 }
789
790 if( verbose != 0 )
791 printf( "\n" );
792
793 /*
794 * CBC mode
795 */
796 for( i = 0; i < 6; i++ )
797 {
798 u = i >> 1;
799 v = i & 1;
800
801 if( verbose != 0 )
802 printf( " DES%c-CBC-%3d (%s): ",
803 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
804 ( v == DES_DECRYPT ) ? "dec" : "enc" );
805
806 memcpy( iv, des3_test_iv, 8 );
807 memcpy( prv, des3_test_iv, 8 );
808 memcpy( buf, des3_test_buf, 8 );
809
810 switch( i )
811 {
812 case 0:
813 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
814 break;
815
816 case 1:
817 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
818 break;
819
820 case 2:
821 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
822 break;
823
824 case 3:
825 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
826 break;
827
828 case 4:
829 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
830 break;
831
832 case 5:
833 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
834 break;
835
836 default:
837 return( 1 );
838 }
839
840 if( v == DES_DECRYPT )
841 {
842 for( j = 0; j < 10000; j++ )
843 {
844 if( u == 0 )
845 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
846 else
847 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
848 }
849 }
850 else
851 {
852 for( j = 0; j < 10000; j++ )
853 {
854 unsigned char tmp[8];
855
856 if( u == 0 )
857 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
858 else
859 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
860
861 memcpy( tmp, prv, 8 );
862 memcpy( prv, buf, 8 );
863 memcpy( buf, tmp, 8 );
864 }
865
866 memcpy( buf, prv, 8 );
867 }
868
869 if( ( v == DES_DECRYPT &&
870 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
871 ( v != DES_DECRYPT &&
872 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
873 {
874 if( verbose != 0 )
875 printf( "failed\n" );
876
877 return( 1 );
878 }
879
880 if( verbose != 0 )
881 printf( "passed\n" );
882 }
883
884 if( verbose != 0 )
885 printf( "\n" );
886
887 return( 0 );
888}
889
890#endif
891
892#endif