TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f92d7a8c81bf2a42e55148eb891e13f331e5800b / . / library / des.c
blob: f470220d7b7b1af21d8c64d8fa3cad22e4fe81f5 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
38#include <string.h>
39
40/*
41 * 32-bit integer manipulation macros (big endian)
42 */
43#ifndef GET_ULONG_BE
44#define GET_ULONG_BE(n,b,i) \
45{ \
46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
49 | ( (unsigned long) (b)[(i) + 3] ); \
50}
51#endif
52
53#ifndef PUT_ULONG_BE
54#define PUT_ULONG_BE(n,b,i) \
55{ \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60}
61#endif
62
63/*
64 * Expanded DES S-boxes
65 */
66static const unsigned long SB1[64] =
67{
68 0x01010400, 0x00000000, 0x00010000, 0x01010404,
69 0x01010004, 0x00010404, 0x00000004, 0x00010000,
70 0x00000400, 0x01010400, 0x01010404, 0x00000400,
71 0x01000404, 0x01010004, 0x01000000, 0x00000004,
72 0x00000404, 0x01000400, 0x01000400, 0x00010400,
73 0x00010400, 0x01010000, 0x01010000, 0x01000404,
74 0x00010004, 0x01000004, 0x01000004, 0x00010004,
75 0x00000000, 0x00000404, 0x00010404, 0x01000000,
76 0x00010000, 0x01010404, 0x00000004, 0x01010000,
77 0x01010400, 0x01000000, 0x01000000, 0x00000400,
78 0x01010004, 0x00010000, 0x00010400, 0x01000004,
79 0x00000400, 0x00000004, 0x01000404, 0x00010404,
80 0x01010404, 0x00010004, 0x01010000, 0x01000404,
81 0x01000004, 0x00000404, 0x00010404, 0x01010400,
82 0x00000404, 0x01000400, 0x01000400, 0x00000000,
83 0x00010004, 0x00010400, 0x00000000, 0x01010004
84};
85
86static const unsigned long SB2[64] =
87{
88 0x80108020, 0x80008000, 0x00008000, 0x00108020,
89 0x00100000, 0x00000020, 0x80100020, 0x80008020,
90 0x80000020, 0x80108020, 0x80108000, 0x80000000,
91 0x80008000, 0x00100000, 0x00000020, 0x80100020,
92 0x00108000, 0x00100020, 0x80008020, 0x00000000,
93 0x80000000, 0x00008000, 0x00108020, 0x80100000,
94 0x00100020, 0x80000020, 0x00000000, 0x00108000,
95 0x00008020, 0x80108000, 0x80100000, 0x00008020,
96 0x00000000, 0x00108020, 0x80100020, 0x00100000,
97 0x80008020, 0x80100000, 0x80108000, 0x00008000,
98 0x80100000, 0x80008000, 0x00000020, 0x80108020,
99 0x00108020, 0x00000020, 0x00008000, 0x80000000,
100 0x00008020, 0x80108000, 0x00100000, 0x80000020,
101 0x00100020, 0x80008020, 0x80000020, 0x00100020,
102 0x00108000, 0x00000000, 0x80008000, 0x00008020,
103 0x80000000, 0x80100020, 0x80108020, 0x00108000
104};
105
106static const unsigned long SB3[64] =
107{
108 0x00000208, 0x08020200, 0x00000000, 0x08020008,
109 0x08000200, 0x00000000, 0x00020208, 0x08000200,
110 0x00020008, 0x08000008, 0x08000008, 0x00020000,
111 0x08020208, 0x00020008, 0x08020000, 0x00000208,
112 0x08000000, 0x00000008, 0x08020200, 0x00000200,
113 0x00020200, 0x08020000, 0x08020008, 0x00020208,
114 0x08000208, 0x00020200, 0x00020000, 0x08000208,
115 0x00000008, 0x08020208, 0x00000200, 0x08000000,
116 0x08020200, 0x08000000, 0x00020008, 0x00000208,
117 0x00020000, 0x08020200, 0x08000200, 0x00000000,
118 0x00000200, 0x00020008, 0x08020208, 0x08000200,
119 0x08000008, 0x00000200, 0x00000000, 0x08020008,
120 0x08000208, 0x00020000, 0x08000000, 0x08020208,
121 0x00000008, 0x00020208, 0x00020200, 0x08000008,
122 0x08020000, 0x08000208, 0x00000208, 0x08020000,
123 0x00020208, 0x00000008, 0x08020008, 0x00020200
124};
125
126static const unsigned long SB4[64] =
127{
128 0x00802001, 0x00002081, 0x00002081, 0x00000080,
129 0x00802080, 0x00800081, 0x00800001, 0x00002001,
130 0x00000000, 0x00802000, 0x00802000, 0x00802081,
131 0x00000081, 0x00000000, 0x00800080, 0x00800001,
132 0x00000001, 0x00002000, 0x00800000, 0x00802001,
133 0x00000080, 0x00800000, 0x00002001, 0x00002080,
134 0x00800081, 0x00000001, 0x00002080, 0x00800080,
135 0x00002000, 0x00802080, 0x00802081, 0x00000081,
136 0x00800080, 0x00800001, 0x00802000, 0x00802081,
137 0x00000081, 0x00000000, 0x00000000, 0x00802000,
138 0x00002080, 0x00800080, 0x00800081, 0x00000001,
139 0x00802001, 0x00002081, 0x00002081, 0x00000080,
140 0x00802081, 0x00000081, 0x00000001, 0x00002000,
141 0x00800001, 0x00002001, 0x00802080, 0x00800081,
142 0x00002001, 0x00002080, 0x00800000, 0x00802001,
143 0x00000080, 0x00800000, 0x00002000, 0x00802080
144};
145
146static const unsigned long SB5[64] =
147{
148 0x00000100, 0x02080100, 0x02080000, 0x42000100,
149 0x00080000, 0x00000100, 0x40000000, 0x02080000,
150 0x40080100, 0x00080000, 0x02000100, 0x40080100,
151 0x42000100, 0x42080000, 0x00080100, 0x40000000,
152 0x02000000, 0x40080000, 0x40080000, 0x00000000,
153 0x40000100, 0x42080100, 0x42080100, 0x02000100,
154 0x42080000, 0x40000100, 0x00000000, 0x42000000,
155 0x02080100, 0x02000000, 0x42000000, 0x00080100,
156 0x00080000, 0x42000100, 0x00000100, 0x02000000,
157 0x40000000, 0x02080000, 0x42000100, 0x40080100,
158 0x02000100, 0x40000000, 0x42080000, 0x02080100,
159 0x40080100, 0x00000100, 0x02000000, 0x42080000,
160 0x42080100, 0x00080100, 0x42000000, 0x42080100,
161 0x02080000, 0x00000000, 0x40080000, 0x42000000,
162 0x00080100, 0x02000100, 0x40000100, 0x00080000,
163 0x00000000, 0x40080000, 0x02080100, 0x40000100
164};
165
166static const unsigned long SB6[64] =
167{
168 0x20000010, 0x20400000, 0x00004000, 0x20404010,
169 0x20400000, 0x00000010, 0x20404010, 0x00400000,
170 0x20004000, 0x00404010, 0x00400000, 0x20000010,
171 0x00400010, 0x20004000, 0x20000000, 0x00004010,
172 0x00000000, 0x00400010, 0x20004010, 0x00004000,
173 0x00404000, 0x20004010, 0x00000010, 0x20400010,
174 0x20400010, 0x00000000, 0x00404010, 0x20404000,
175 0x00004010, 0x00404000, 0x20404000, 0x20000000,
176 0x20004000, 0x00000010, 0x20400010, 0x00404000,
177 0x20404010, 0x00400000, 0x00004010, 0x20000010,
178 0x00400000, 0x20004000, 0x20000000, 0x00004010,
179 0x20000010, 0x20404010, 0x00404000, 0x20400000,
180 0x00404010, 0x20404000, 0x00000000, 0x20400010,
181 0x00000010, 0x00004000, 0x20400000, 0x00404010,
182 0x00004000, 0x00400010, 0x20004010, 0x00000000,
183 0x20404000, 0x20000000, 0x00400010, 0x20004010
184};
185
186static const unsigned long SB7[64] =
187{
188 0x00200000, 0x04200002, 0x04000802, 0x00000000,
189 0x00000800, 0x04000802, 0x00200802, 0x04200800,
190 0x04200802, 0x00200000, 0x00000000, 0x04000002,
191 0x00000002, 0x04000000, 0x04200002, 0x00000802,
192 0x04000800, 0x00200802, 0x00200002, 0x04000800,
193 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802,
195 0x00200800, 0x00000002, 0x04000000, 0x00200800,
196 0x04000000, 0x00200800, 0x00200000, 0x04000802,
197 0x04000802, 0x04200002, 0x04200002, 0x00000002,
198 0x00200002, 0x04000000, 0x04000800, 0x00200000,
199 0x04200800, 0x00000802, 0x00200802, 0x04200800,
200 0x00000802, 0x04000002, 0x04200802, 0x04200000,
201 0x00200800, 0x00000000, 0x00000002, 0x04200802,
202 0x00000000, 0x00200802, 0x04200000, 0x00000800,
203 0x04000002, 0x04000800, 0x00000800, 0x00200002
204};
205
206static const unsigned long SB8[64] =
207{
208 0x10001040, 0x00001000, 0x00040000, 0x10041040,
209 0x10000000, 0x10001040, 0x00000040, 0x10000000,
210 0x00040040, 0x10040000, 0x10041040, 0x00041000,
211 0x10041000, 0x00041040, 0x00001000, 0x00000040,
212 0x10040000, 0x10000040, 0x10001000, 0x00001040,
213 0x00041000, 0x00040040, 0x10040040, 0x10041000,
214 0x00001040, 0x00000000, 0x00000000, 0x10040040,
215 0x10000040, 0x10001000, 0x00041040, 0x00040000,
216 0x00041040, 0x00040000, 0x10041000, 0x00001000,
217 0x00000040, 0x10040040, 0x00001000, 0x00041040,
218 0x10001000, 0x00000040, 0x10000040, 0x10040000,
219 0x10040040, 0x10000000, 0x00040000, 0x10001040,
220 0x00000000, 0x10041040, 0x00040040, 0x10000040,
221 0x10040000, 0x10001000, 0x10001040, 0x00000000,
222 0x10041040, 0x00041000, 0x00041000, 0x00001040,
223 0x00001040, 0x00040040, 0x10000000, 0x10041000
224};
225
226/*
227 * PC1: left and right halves bit-swap
228 */
229static const unsigned long LHs[16] =
230{
231 0x00000000, 0x00000001, 0x00000100, 0x00000101,
232 0x00010000, 0x00010001, 0x00010100, 0x00010101,
233 0x01000000, 0x01000001, 0x01000100, 0x01000101,
234 0x01010000, 0x01010001, 0x01010100, 0x01010101
235};
236
237static const unsigned long RHs[16] =
238{
239 0x00000000, 0x01000000, 0x00010000, 0x01010000,
240 0x00000100, 0x01000100, 0x00010100, 0x01010100,
241 0x00000001, 0x01000001, 0x00010001, 0x01010001,
242 0x00000101, 0x01000101, 0x00010101, 0x01010101,
243};
244
245/*
246 * Initial Permutation macro
247 */
248#define DES_IP(X,Y) \
249{ \
250 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257}
258
259/*
260 * Final Permutation macro
261 */
262#define DES_FP(X,Y) \
263{ \
264 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271}
272
273/*
274 * DES round macro
275 */
276#define DES_ROUND(X,Y) \
277{ \
278 T = *SK++ ^ X; \
279 Y ^= SB8[ (T ) & 0x3F ] ^ \
280 SB6[ (T >> 8) & 0x3F ] ^ \
281 SB4[ (T >> 16) & 0x3F ] ^ \
282 SB2[ (T >> 24) & 0x3F ]; \
283 \
284 T = *SK++ ^ ((X << 28) | (X >> 4)); \
285 Y ^= SB7[ (T ) & 0x3F ] ^ \
286 SB5[ (T >> 8) & 0x3F ] ^ \
287 SB3[ (T >> 16) & 0x3F ] ^ \
288 SB1[ (T >> 24) & 0x3F ]; \
289}
290
291#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
292
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]293static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294{
295 int i;
296 unsigned long X, Y, T;
297
298 GET_ULONG_BE( X, key, 0 );
299 GET_ULONG_BE( Y, key, 4 );
300
301 /*
302 * Permuted Choice 1
303 */
304 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
305 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
306
307 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
308 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
309 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
310 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
311
312 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
313 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
314 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
315 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
316
317 X &= 0x0FFFFFFF;
318 Y &= 0x0FFFFFFF;
319
320 /*
321 * calculate subkeys
322 */
323 for( i = 0; i < 16; i++ )
324 {
325 if( i < 2 || i == 8 || i == 15 )
326 {
327 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
328 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
329 }
330 else
331 {
332 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
333 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
334 }
335
336 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
337 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
338 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
339 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
340 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
341 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
342 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
343 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
344 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
345 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
346 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
347
348 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
349 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
350 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
351 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
352 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
353 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
354 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
355 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
356 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
357 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
358 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
359 }
360}
361
362/*
363 * DES key schedule (56-bit, encryption)
364 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]365int des_setkey_enc( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366{
367 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]368
369 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370}
371
372/*
373 * DES key schedule (56-bit, decryption)
374 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]375int des_setkey_dec( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]376{
377 int i;
378
379 des_setkey( ctx->sk, key );
380
381 for( i = 0; i < 16; i += 2 )
382 {
383 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
384 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
385 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]386
387 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]388}
389
390static void des3_set2key( unsigned long esk[96],
391 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]392 const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]393{
394 int i;
395
396 des_setkey( esk, key );
397 des_setkey( dsk + 32, key + 8 );
398
399 for( i = 0; i < 32; i += 2 )
400 {
401 dsk[i ] = esk[30 - i];
402 dsk[i + 1] = esk[31 - i];
403
404 esk[i + 32] = dsk[62 - i];
405 esk[i + 33] = dsk[63 - i];
406
407 esk[i + 64] = esk[i ];
408 esk[i + 65] = esk[i + 1];
409
410 dsk[i + 64] = dsk[i ];
411 dsk[i + 65] = dsk[i + 1];
412 }
413}
414
415/*
416 * Triple-DES key schedule (112-bit, encryption)
417 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]418int des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]419{
420 unsigned long sk[96];
421
422 des3_set2key( ctx->sk, sk, key );
423 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]424
425 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426}
427
428/*
429 * Triple-DES key schedule (112-bit, decryption)
430 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]431int des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432{
433 unsigned long sk[96];
434
435 des3_set2key( sk, ctx->sk, key );
436 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]437
438 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]439}
440
441static void des3_set3key( unsigned long esk[96],
442 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]443 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444{
445 int i;
446
447 des_setkey( esk, key );
448 des_setkey( dsk + 32, key + 8 );
449 des_setkey( esk + 64, key + 16 );
450
451 for( i = 0; i < 32; i += 2 )
452 {
453 dsk[i ] = esk[94 - i];
454 dsk[i + 1] = esk[95 - i];
455
456 esk[i + 32] = dsk[62 - i];
457 esk[i + 33] = dsk[63 - i];
458
459 dsk[i + 64] = esk[30 - i];
460 dsk[i + 65] = esk[31 - i];
461 }
462}
463
464/*
465 * Triple-DES key schedule (168-bit, encryption)
466 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]467int des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]468{
469 unsigned long sk[96];
470
471 des3_set3key( ctx->sk, sk, key );
472 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]473
474 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]475}
476
477/*
478 * Triple-DES key schedule (168-bit, decryption)
479 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]480int des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481{
482 unsigned long sk[96];
483
484 des3_set3key( sk, ctx->sk, key );
485 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]486
487 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]488}
489
490/*
491 * DES-ECB block encryption/decryption
492 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]493int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]494 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]495 unsigned char output[8] )
496{
497 int i;
498 unsigned long X, Y, T, *SK;
499
500 SK = ctx->sk;
501
502 GET_ULONG_BE( X, input, 0 );
503 GET_ULONG_BE( Y, input, 4 );
504
505 DES_IP( X, Y );
506
507 for( i = 0; i < 8; i++ )
508 {
509 DES_ROUND( Y, X );
510 DES_ROUND( X, Y );
511 }
512
513 DES_FP( Y, X );
514
515 PUT_ULONG_BE( Y, output, 0 );
516 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]517
518 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]519}
520
521/*
522 * DES-CBC buffer encryption/decryption
523 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]524int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]525 int mode,
526 int length,
527 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]528 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]529 unsigned char *output )
530{
531 int i;
532 unsigned char temp[8];
533
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]534 if( length % 8 )
535 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
536
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]537 if( mode == DES_ENCRYPT )
538 {
539 while( length > 0 )
540 {
541 for( i = 0; i < 8; i++ )
542 output[i] = (unsigned char)( input[i] ^ iv[i] );
543
544 des_crypt_ecb( ctx, output, output );
545 memcpy( iv, output, 8 );
546
547 input += 8;
548 output += 8;
549 length -= 8;
550 }
551 }
552 else /* DES_DECRYPT */
553 {
554 while( length > 0 )
555 {
556 memcpy( temp, input, 8 );
557 des_crypt_ecb( ctx, input, output );
558
559 for( i = 0; i < 8; i++ )
560 output[i] = (unsigned char)( output[i] ^ iv[i] );
561
562 memcpy( iv, temp, 8 );
563
564 input += 8;
565 output += 8;
566 length -= 8;
567 }
568 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]569
570 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]571}
572
573/*
574 * 3DES-ECB block encryption/decryption
575 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]576int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]577 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]578 unsigned char output[8] )
579{
580 int i;
581 unsigned long X, Y, T, *SK;
582
583 SK = ctx->sk;
584
585 GET_ULONG_BE( X, input, 0 );
586 GET_ULONG_BE( Y, input, 4 );
587
588 DES_IP( X, Y );
589
590 for( i = 0; i < 8; i++ )
591 {
592 DES_ROUND( Y, X );
593 DES_ROUND( X, Y );
594 }
595
596 for( i = 0; i < 8; i++ )
597 {
598 DES_ROUND( X, Y );
599 DES_ROUND( Y, X );
600 }
601
602 for( i = 0; i < 8; i++ )
603 {
604 DES_ROUND( Y, X );
605 DES_ROUND( X, Y );
606 }
607
608 DES_FP( Y, X );
609
610 PUT_ULONG_BE( Y, output, 0 );
611 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]612
613 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]614}
615
616/*
617 * 3DES-CBC buffer encryption/decryption
618 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]619int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620 int mode,
621 int length,
622 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]623 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]624 unsigned char *output )
625{
626 int i;
627 unsigned char temp[8];
628
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]629 if( length % 8 )
630 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
631
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]632 if( mode == DES_ENCRYPT )
633 {
634 while( length > 0 )
635 {
636 for( i = 0; i < 8; i++ )
637 output[i] = (unsigned char)( input[i] ^ iv[i] );
638
639 des3_crypt_ecb( ctx, output, output );
640 memcpy( iv, output, 8 );
641
642 input += 8;
643 output += 8;
644 length -= 8;
645 }
646 }
647 else /* DES_DECRYPT */
648 {
649 while( length > 0 )
650 {
651 memcpy( temp, input, 8 );
652 des3_crypt_ecb( ctx, input, output );
653
654 for( i = 0; i < 8; i++ )
655 output[i] = (unsigned char)( output[i] ^ iv[i] );
656
657 memcpy( iv, temp, 8 );
658
659 input += 8;
660 output += 8;
661 length -= 8;
662 }
663 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]664
665 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]666}
667
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]668#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]669
670#include <stdio.h>
671
672/*
673 * DES and 3DES test vectors from:
674 *
675 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
676 */
677static const unsigned char des3_test_keys[24] =
678{
679 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
680 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
681 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
682};
683
684static const unsigned char des3_test_iv[8] =
685{
686 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
687};
688
689static const unsigned char des3_test_buf[8] =
690{
691 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
692};
693
694static const unsigned char des3_test_ecb_dec[3][8] =
695{
696 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
697 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
698 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
699};
700
701static const unsigned char des3_test_ecb_enc[3][8] =
702{
703 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
704 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
705 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
706};
707
708static const unsigned char des3_test_cbc_dec[3][8] =
709{
710 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
711 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
712 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
713};
714
715static const unsigned char des3_test_cbc_enc[3][8] =
716{
717 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
718 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
719 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
720};
721
722/*
723 * Checkup routine
724 */
725int des_self_test( int verbose )
726{
727 int i, j, u, v;
728 des_context ctx;
729 des3_context ctx3;
730 unsigned char key[24];
731 unsigned char buf[8];
732 unsigned char prv[8];
733 unsigned char iv[8];
734
735 memset( key, 0, 24 );
736
737 /*
738 * ECB mode
739 */
740 for( i = 0; i < 6; i++ )
741 {
742 u = i >> 1;
743 v = i & 1;
744
745 if( verbose != 0 )
746 printf( " DES%c-ECB-%3d (%s): ",
747 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
748 ( v == DES_DECRYPT ) ? "dec" : "enc" );
749
750 memcpy( buf, des3_test_buf, 8 );
751
752 switch( i )
753 {
754 case 0:
755 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
756 break;
757
758 case 1:
759 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
760 break;
761
762 case 2:
763 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
764 break;
765
766 case 3:
767 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
768 break;
769
770 case 4:
771 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
772 break;
773
774 case 5:
775 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
776 break;
777
778 default:
779 return( 1 );
780 }
781
782 for( j = 0; j < 10000; j++ )
783 {
784 if( u == 0 )
785 des_crypt_ecb( &ctx, buf, buf );
786 else
787 des3_crypt_ecb( &ctx3, buf, buf );
788 }
789
790 if( ( v == DES_DECRYPT &&
791 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
792 ( v != DES_DECRYPT &&
793 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
794 {
795 if( verbose != 0 )
796 printf( "failed\n" );
797
798 return( 1 );
799 }
800
801 if( verbose != 0 )
802 printf( "passed\n" );
803 }
804
805 if( verbose != 0 )
806 printf( "\n" );
807
808 /*
809 * CBC mode
810 */
811 for( i = 0; i < 6; i++ )
812 {
813 u = i >> 1;
814 v = i & 1;
815
816 if( verbose != 0 )
817 printf( " DES%c-CBC-%3d (%s): ",
818 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
819 ( v == DES_DECRYPT ) ? "dec" : "enc" );
820
821 memcpy( iv, des3_test_iv, 8 );
822 memcpy( prv, des3_test_iv, 8 );
823 memcpy( buf, des3_test_buf, 8 );
824
825 switch( i )
826 {
827 case 0:
828 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
829 break;
830
831 case 1:
832 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
833 break;
834
835 case 2:
836 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
837 break;
838
839 case 3:
840 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
841 break;
842
843 case 4:
844 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
845 break;
846
847 case 5:
848 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
849 break;
850
851 default:
852 return( 1 );
853 }
854
855 if( v == DES_DECRYPT )
856 {
857 for( j = 0; j < 10000; j++ )
858 {
859 if( u == 0 )
860 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
861 else
862 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
863 }
864 }
865 else
866 {
867 for( j = 0; j < 10000; j++ )
868 {
869 unsigned char tmp[8];
870
871 if( u == 0 )
872 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
873 else
874 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
875
876 memcpy( tmp, prv, 8 );
877 memcpy( prv, buf, 8 );
878 memcpy( buf, tmp, 8 );
879 }
880
881 memcpy( buf, prv, 8 );
882 }
883
884 if( ( v == DES_DECRYPT &&
885 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
886 ( v != DES_DECRYPT &&
887 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
888 {
889 if( verbose != 0 )
890 printf( "failed\n" );
891
892 return( 1 );
893 }
894
895 if( verbose != 0 )
896 printf( "passed\n" );
897 }
898
899 if( verbose != 0 )
900 printf( "\n" );
901
902 return( 0 );
903}
904
905#endif
906
907#endif