Blame - library/des.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: a979096eb554909ead2b04ffa79c9595518072d5 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-46-3 compliant Triple-DES implementation
				3	*
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	4	* Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* DES, on which TDES is based, was originally designed by Horst Feistel
				27	* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
				28	*
				29	* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
				30	*/
				31
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	32	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	33	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	34	#else
				35	#include POLARSSL_CONFIG_FILE
				36	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	38	#if defined(POLARSSL_DES_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	39
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	40	#include "polarssl/des.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	41
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	42	#if defined(POLARSSL_PLATFORM_C)
				43	#include "polarssl/platform.h"
				44	#else
				45	#define polarssl_printf printf
				46	#endif
				47
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	48	#if !defined(POLARSSL_DES_ALT)
				49
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame^]	50	/* Implementation that should never be optimized out by the compiler */
				51	static void polarssl_zeroize( void *v, size_t n ) {
				52	volatile unsigned char p = v; while( n-- ) p++ = 0;
				53	}
				54
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	55	/*
				56	* 32-bit integer manipulation macros (big endian)
				57	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	58	#ifndef GET_UINT32_BE
				59	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	60	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	61	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				62	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				63	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				64	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	65	}
				66	#endif
				67
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	68	#ifndef PUT_UINT32_BE
				69	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	70	{ \
				71	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				72	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				73	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				74	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				75	}
				76	#endif
				77
				78	/*
				79	* Expanded DES S-boxes
				80	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	81	static const uint32_t SB1[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	82	{
				83	0x01010400, 0x00000000, 0x00010000, 0x01010404,
				84	0x01010004, 0x00010404, 0x00000004, 0x00010000,
				85	0x00000400, 0x01010400, 0x01010404, 0x00000400,
				86	0x01000404, 0x01010004, 0x01000000, 0x00000004,
				87	0x00000404, 0x01000400, 0x01000400, 0x00010400,
				88	0x00010400, 0x01010000, 0x01010000, 0x01000404,
				89	0x00010004, 0x01000004, 0x01000004, 0x00010004,
				90	0x00000000, 0x00000404, 0x00010404, 0x01000000,
				91	0x00010000, 0x01010404, 0x00000004, 0x01010000,
				92	0x01010400, 0x01000000, 0x01000000, 0x00000400,
				93	0x01010004, 0x00010000, 0x00010400, 0x01000004,
				94	0x00000400, 0x00000004, 0x01000404, 0x00010404,
				95	0x01010404, 0x00010004, 0x01010000, 0x01000404,
				96	0x01000004, 0x00000404, 0x00010404, 0x01010400,
				97	0x00000404, 0x01000400, 0x01000400, 0x00000000,
				98	0x00010004, 0x00010400, 0x00000000, 0x01010004
				99	};
				100
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	101	static const uint32_t SB2[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	102	{
				103	0x80108020, 0x80008000, 0x00008000, 0x00108020,
				104	0x00100000, 0x00000020, 0x80100020, 0x80008020,
				105	0x80000020, 0x80108020, 0x80108000, 0x80000000,
				106	0x80008000, 0x00100000, 0x00000020, 0x80100020,
				107	0x00108000, 0x00100020, 0x80008020, 0x00000000,
				108	0x80000000, 0x00008000, 0x00108020, 0x80100000,
				109	0x00100020, 0x80000020, 0x00000000, 0x00108000,
				110	0x00008020, 0x80108000, 0x80100000, 0x00008020,
				111	0x00000000, 0x00108020, 0x80100020, 0x00100000,
				112	0x80008020, 0x80100000, 0x80108000, 0x00008000,
				113	0x80100000, 0x80008000, 0x00000020, 0x80108020,
				114	0x00108020, 0x00000020, 0x00008000, 0x80000000,
				115	0x00008020, 0x80108000, 0x00100000, 0x80000020,
				116	0x00100020, 0x80008020, 0x80000020, 0x00100020,
				117	0x00108000, 0x00000000, 0x80008000, 0x00008020,
				118	0x80000000, 0x80100020, 0x80108020, 0x00108000
				119	};
				120
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	121	static const uint32_t SB3[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	122	{
				123	0x00000208, 0x08020200, 0x00000000, 0x08020008,
				124	0x08000200, 0x00000000, 0x00020208, 0x08000200,
				125	0x00020008, 0x08000008, 0x08000008, 0x00020000,
				126	0x08020208, 0x00020008, 0x08020000, 0x00000208,
				127	0x08000000, 0x00000008, 0x08020200, 0x00000200,
				128	0x00020200, 0x08020000, 0x08020008, 0x00020208,
				129	0x08000208, 0x00020200, 0x00020000, 0x08000208,
				130	0x00000008, 0x08020208, 0x00000200, 0x08000000,
				131	0x08020200, 0x08000000, 0x00020008, 0x00000208,
				132	0x00020000, 0x08020200, 0x08000200, 0x00000000,
				133	0x00000200, 0x00020008, 0x08020208, 0x08000200,
				134	0x08000008, 0x00000200, 0x00000000, 0x08020008,
				135	0x08000208, 0x00020000, 0x08000000, 0x08020208,
				136	0x00000008, 0x00020208, 0x00020200, 0x08000008,
				137	0x08020000, 0x08000208, 0x00000208, 0x08020000,
				138	0x00020208, 0x00000008, 0x08020008, 0x00020200
				139	};
				140
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	141	static const uint32_t SB4[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	142	{
				143	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				144	0x00802080, 0x00800081, 0x00800001, 0x00002001,
				145	0x00000000, 0x00802000, 0x00802000, 0x00802081,
				146	0x00000081, 0x00000000, 0x00800080, 0x00800001,
				147	0x00000001, 0x00002000, 0x00800000, 0x00802001,
				148	0x00000080, 0x00800000, 0x00002001, 0x00002080,
				149	0x00800081, 0x00000001, 0x00002080, 0x00800080,
				150	0x00002000, 0x00802080, 0x00802081, 0x00000081,
				151	0x00800080, 0x00800001, 0x00802000, 0x00802081,
				152	0x00000081, 0x00000000, 0x00000000, 0x00802000,
				153	0x00002080, 0x00800080, 0x00800081, 0x00000001,
				154	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				155	0x00802081, 0x00000081, 0x00000001, 0x00002000,
				156	0x00800001, 0x00002001, 0x00802080, 0x00800081,
				157	0x00002001, 0x00002080, 0x00800000, 0x00802001,
				158	0x00000080, 0x00800000, 0x00002000, 0x00802080
				159	};
				160
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	161	static const uint32_t SB5[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	162	{
				163	0x00000100, 0x02080100, 0x02080000, 0x42000100,
				164	0x00080000, 0x00000100, 0x40000000, 0x02080000,
				165	0x40080100, 0x00080000, 0x02000100, 0x40080100,
				166	0x42000100, 0x42080000, 0x00080100, 0x40000000,
				167	0x02000000, 0x40080000, 0x40080000, 0x00000000,
				168	0x40000100, 0x42080100, 0x42080100, 0x02000100,
				169	0x42080000, 0x40000100, 0x00000000, 0x42000000,
				170	0x02080100, 0x02000000, 0x42000000, 0x00080100,
				171	0x00080000, 0x42000100, 0x00000100, 0x02000000,
				172	0x40000000, 0x02080000, 0x42000100, 0x40080100,
				173	0x02000100, 0x40000000, 0x42080000, 0x02080100,
				174	0x40080100, 0x00000100, 0x02000000, 0x42080000,
				175	0x42080100, 0x00080100, 0x42000000, 0x42080100,
				176	0x02080000, 0x00000000, 0x40080000, 0x42000000,
				177	0x00080100, 0x02000100, 0x40000100, 0x00080000,
				178	0x00000000, 0x40080000, 0x02080100, 0x40000100
				179	};
				180
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	181	static const uint32_t SB6[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	182	{
				183	0x20000010, 0x20400000, 0x00004000, 0x20404010,
				184	0x20400000, 0x00000010, 0x20404010, 0x00400000,
				185	0x20004000, 0x00404010, 0x00400000, 0x20000010,
				186	0x00400010, 0x20004000, 0x20000000, 0x00004010,
				187	0x00000000, 0x00400010, 0x20004010, 0x00004000,
				188	0x00404000, 0x20004010, 0x00000010, 0x20400010,
				189	0x20400010, 0x00000000, 0x00404010, 0x20404000,
				190	0x00004010, 0x00404000, 0x20404000, 0x20000000,
				191	0x20004000, 0x00000010, 0x20400010, 0x00404000,
				192	0x20404010, 0x00400000, 0x00004010, 0x20000010,
				193	0x00400000, 0x20004000, 0x20000000, 0x00004010,
				194	0x20000010, 0x20404010, 0x00404000, 0x20400000,
				195	0x00404010, 0x20404000, 0x00000000, 0x20400010,
				196	0x00000010, 0x00004000, 0x20400000, 0x00404010,
				197	0x00004000, 0x00400010, 0x20004010, 0x00000000,
				198	0x20404000, 0x20000000, 0x00400010, 0x20004010
				199	};
				200
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	201	static const uint32_t SB7[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	202	{
				203	0x00200000, 0x04200002, 0x04000802, 0x00000000,
				204	0x00000800, 0x04000802, 0x00200802, 0x04200800,
				205	0x04200802, 0x00200000, 0x00000000, 0x04000002,
				206	0x00000002, 0x04000000, 0x04200002, 0x00000802,
				207	0x04000800, 0x00200802, 0x00200002, 0x04000800,
				208	0x04000002, 0x04200000, 0x04200800, 0x00200002,
				209	0x04200000, 0x00000800, 0x00000802, 0x04200802,
				210	0x00200800, 0x00000002, 0x04000000, 0x00200800,
				211	0x04000000, 0x00200800, 0x00200000, 0x04000802,
				212	0x04000802, 0x04200002, 0x04200002, 0x00000002,
				213	0x00200002, 0x04000000, 0x04000800, 0x00200000,
				214	0x04200800, 0x00000802, 0x00200802, 0x04200800,
				215	0x00000802, 0x04000002, 0x04200802, 0x04200000,
				216	0x00200800, 0x00000000, 0x00000002, 0x04200802,
				217	0x00000000, 0x00200802, 0x04200000, 0x00000800,
				218	0x04000002, 0x04000800, 0x00000800, 0x00200002
				219	};
				220
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	221	static const uint32_t SB8[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	222	{
				223	0x10001040, 0x00001000, 0x00040000, 0x10041040,
				224	0x10000000, 0x10001040, 0x00000040, 0x10000000,
				225	0x00040040, 0x10040000, 0x10041040, 0x00041000,
				226	0x10041000, 0x00041040, 0x00001000, 0x00000040,
				227	0x10040000, 0x10000040, 0x10001000, 0x00001040,
				228	0x00041000, 0x00040040, 0x10040040, 0x10041000,
				229	0x00001040, 0x00000000, 0x00000000, 0x10040040,
				230	0x10000040, 0x10001000, 0x00041040, 0x00040000,
				231	0x00041040, 0x00040000, 0x10041000, 0x00001000,
				232	0x00000040, 0x10040040, 0x00001000, 0x00041040,
				233	0x10001000, 0x00000040, 0x10000040, 0x10040000,
				234	0x10040040, 0x10000000, 0x00040000, 0x10001040,
				235	0x00000000, 0x10041040, 0x00040040, 0x10000040,
				236	0x10040000, 0x10001000, 0x10001040, 0x00000000,
				237	0x10041040, 0x00041000, 0x00041000, 0x00001040,
				238	0x00001040, 0x00040040, 0x10000000, 0x10041000
				239	};
				240
				241	/*
				242	* PC1: left and right halves bit-swap
				243	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	244	static const uint32_t LHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	245	{
				246	0x00000000, 0x00000001, 0x00000100, 0x00000101,
				247	0x00010000, 0x00010001, 0x00010100, 0x00010101,
				248	0x01000000, 0x01000001, 0x01000100, 0x01000101,
				249	0x01010000, 0x01010001, 0x01010100, 0x01010101
				250	};
				251
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	252	static const uint32_t RHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	253	{
				254	0x00000000, 0x01000000, 0x00010000, 0x01010000,
				255	0x00000100, 0x01000100, 0x00010100, 0x01010100,
				256	0x00000001, 0x01000001, 0x00010001, 0x01010001,
				257	0x00000101, 0x01000101, 0x00010101, 0x01010101,
				258	};
				259
				260	/*
				261	* Initial Permutation macro
				262	*/
				263	#define DES_IP(X,Y) \
				264	{ \
				265	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				266	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				267	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				268	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				269	Y = ((Y << 1) \| (Y >> 31)) & 0xFFFFFFFF; \
				270	T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
				271	X = ((X << 1) \| (X >> 31)) & 0xFFFFFFFF; \
				272	}
				273
				274	/*
				275	* Final Permutation macro
				276	*/
				277	#define DES_FP(X,Y) \
				278	{ \
				279	X = ((X << 31) \| (X >> 1)) & 0xFFFFFFFF; \
				280	T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
				281	Y = ((Y << 31) \| (Y >> 1)) & 0xFFFFFFFF; \
				282	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				283	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				284	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				285	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				286	}
				287
				288	/*
				289	* DES round macro
				290	*/
				291	#define DES_ROUND(X,Y) \
				292	{ \
				293	T = *SK++ ^ X; \
				294	Y ^= SB8[ (T ) & 0x3F ] ^ \
				295	SB6[ (T >> 8) & 0x3F ] ^ \
				296	SB4[ (T >> 16) & 0x3F ] ^ \
				297	SB2[ (T >> 24) & 0x3F ]; \
				298	\
				299	T = *SK++ ^ ((X << 28) \| (X >> 4)); \
				300	Y ^= SB7[ (T ) & 0x3F ] ^ \
				301	SB5[ (T >> 8) & 0x3F ] ^ \
				302	SB3[ (T >> 16) & 0x3F ] ^ \
				303	SB1[ (T >> 24) & 0x3F ]; \
				304	}
				305
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	306	#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	307
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	308	static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
				309	11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
				310	47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
				311	82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
				312	115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
				313	143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
				314	171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
				315	199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
				316	227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
				317	254 };
				318
				319	void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
				320	{
				321	int i;
				322
				323	for( i = 0; i < DES_KEY_SIZE; i++ )
				324	key[i] = odd_parity_table[key[i] / 2];
				325	}
				326
				327	/*
				328	* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
				329	*/
				330	int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
				331	{
				332	int i;
				333
				334	for( i = 0; i < DES_KEY_SIZE; i++ )
				335	if ( key[i] != odd_parity_table[key[i] / 2] )
				336	return( 1 );
				337
				338	return( 0 );
				339	}
				340
				341	/*
				342	* Table of weak and semi-weak keys
				343	*
				344	* Source: http://en.wikipedia.org/wiki/Weak_key
				345	*
				346	* Weak:
				347	* Alternating ones + zeros (0x0101010101010101)
				348	* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
				349	* '0xE0E0E0E0F1F1F1F1'
				350	* '0x1F1F1F1F0E0E0E0E'
				351	*
				352	* Semi-weak:
				353	* 0x011F011F010E010E and 0x1F011F010E010E01
				354	* 0x01E001E001F101F1 and 0xE001E001F101F101
				355	* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
				356	* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
				357	* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
				358	* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
				359	*
				360	*/
				361
				362	#define WEAK_KEY_COUNT 16
				363
				364	static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
				365	{
				366	{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
				367	{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
				368	{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
				369	{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
				370
				371	{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
				372	{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
				373	{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
				374	{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
				375	{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
				376	{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
				377	{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
				378	{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
				379	{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
				380	{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
				381	{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
				382	{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
				383	};
				384
				385	int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
				386	{
				387	int i;
				388
				389	for( i = 0; i < WEAK_KEY_COUNT; i++ )
				390	if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	391	return( 1 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	392
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	393	return( 0 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	394	}
				395
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	396	static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	397	{
				398	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	399	uint32_t X, Y, T;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	400
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	401	GET_UINT32_BE( X, key, 0 );
				402	GET_UINT32_BE( Y, key, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	403
				404	/*
				405	* Permuted Choice 1
				406	*/
				407	T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
				408	T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
				409
				410	X = (LHs[ (X ) & 0xF] << 3) \| (LHs[ (X >> 8) & 0xF ] << 2)
				411	\| (LHs[ (X >> 16) & 0xF] << 1) \| (LHs[ (X >> 24) & 0xF ] )
				412	\| (LHs[ (X >> 5) & 0xF] << 7) \| (LHs[ (X >> 13) & 0xF ] << 6)
				413	\| (LHs[ (X >> 21) & 0xF] << 5) \| (LHs[ (X >> 29) & 0xF ] << 4);
				414
				415	Y = (RHs[ (Y >> 1) & 0xF] << 3) \| (RHs[ (Y >> 9) & 0xF ] << 2)
				416	\| (RHs[ (Y >> 17) & 0xF] << 1) \| (RHs[ (Y >> 25) & 0xF ] )
				417	\| (RHs[ (Y >> 4) & 0xF] << 7) \| (RHs[ (Y >> 12) & 0xF ] << 6)
				418	\| (RHs[ (Y >> 20) & 0xF] << 5) \| (RHs[ (Y >> 28) & 0xF ] << 4);
				419
				420	X &= 0x0FFFFFFF;
				421	Y &= 0x0FFFFFFF;
				422
				423	/*
				424	* calculate subkeys
				425	*/
				426	for( i = 0; i < 16; i++ )
				427	{
				428	if( i < 2 \|\| i == 8 \|\| i == 15 )
				429	{
				430	X = ((X << 1) \| (X >> 27)) & 0x0FFFFFFF;
				431	Y = ((Y << 1) \| (Y >> 27)) & 0x0FFFFFFF;
				432	}
				433	else
				434	{
				435	X = ((X << 2) \| (X >> 26)) & 0x0FFFFFFF;
				436	Y = ((Y << 2) \| (Y >> 26)) & 0x0FFFFFFF;
				437	}
				438
				439	*SK++ = ((X << 4) & 0x24000000) \| ((X << 28) & 0x10000000)
				440	\| ((X << 14) & 0x08000000) \| ((X << 18) & 0x02080000)
				441	\| ((X << 6) & 0x01000000) \| ((X << 9) & 0x00200000)
				442	\| ((X >> 1) & 0x00100000) \| ((X << 10) & 0x00040000)
				443	\| ((X << 2) & 0x00020000) \| ((X >> 10) & 0x00010000)
				444	\| ((Y >> 13) & 0x00002000) \| ((Y >> 4) & 0x00001000)
				445	\| ((Y << 6) & 0x00000800) \| ((Y >> 1) & 0x00000400)
				446	\| ((Y >> 14) & 0x00000200) \| ((Y ) & 0x00000100)
				447	\| ((Y >> 5) & 0x00000020) \| ((Y >> 10) & 0x00000010)
				448	\| ((Y >> 3) & 0x00000008) \| ((Y >> 18) & 0x00000004)
				449	\| ((Y >> 26) & 0x00000002) \| ((Y >> 24) & 0x00000001);
				450
				451	*SK++ = ((X << 15) & 0x20000000) \| ((X << 17) & 0x10000000)
				452	\| ((X << 10) & 0x08000000) \| ((X << 22) & 0x04000000)
				453	\| ((X >> 2) & 0x02000000) \| ((X << 1) & 0x01000000)
				454	\| ((X << 16) & 0x00200000) \| ((X << 11) & 0x00100000)
				455	\| ((X << 3) & 0x00080000) \| ((X >> 6) & 0x00040000)
				456	\| ((X << 15) & 0x00020000) \| ((X >> 4) & 0x00010000)
				457	\| ((Y >> 2) & 0x00002000) \| ((Y << 8) & 0x00001000)
				458	\| ((Y >> 14) & 0x00000808) \| ((Y >> 9) & 0x00000400)
				459	\| ((Y ) & 0x00000200) \| ((Y << 7) & 0x00000100)
				460	\| ((Y >> 7) & 0x00000020) \| ((Y >> 3) & 0x00000011)
				461	\| ((Y << 2) & 0x00000004) \| ((Y >> 21) & 0x00000002);
				462	}
				463	}
				464
				465	/*
				466	* DES key schedule (56-bit, encryption)
				467	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	468	int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	469	{
				470	des_setkey( ctx->sk, key );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	471
				472	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	473	}
				474
				475	/*
				476	* DES key schedule (56-bit, decryption)
				477	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	478	int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	479	{
				480	int i;
				481
				482	des_setkey( ctx->sk, key );
				483
				484	for( i = 0; i < 16; i += 2 )
				485	{
				486	SWAP( ctx->sk[i ], ctx->sk[30 - i] );
				487	SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
				488	}
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	489
				490	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	491	}
				492
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	493	static void des3_set2key( uint32_t esk[96],
				494	uint32_t dsk[96],
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	495	const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	496	{
				497	int i;
				498
				499	des_setkey( esk, key );
				500	des_setkey( dsk + 32, key + 8 );
				501
				502	for( i = 0; i < 32; i += 2 )
				503	{
				504	dsk[i ] = esk[30 - i];
				505	dsk[i + 1] = esk[31 - i];
				506
				507	esk[i + 32] = dsk[62 - i];
				508	esk[i + 33] = dsk[63 - i];
				509
				510	esk[i + 64] = esk[i ];
				511	esk[i + 65] = esk[i + 1];
				512
				513	dsk[i + 64] = dsk[i ];
				514	dsk[i + 65] = dsk[i + 1];
				515	}
				516	}
				517
				518	/*
				519	* Triple-DES key schedule (112-bit, encryption)
				520	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	521	int des3_set2key_enc( des3_context *ctx,
				522	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	523	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	524	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	525
				526	des3_set2key( ctx->sk, sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame^]	527	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	528
				529	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	530	}
				531
				532	/*
				533	* Triple-DES key schedule (112-bit, decryption)
				534	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	535	int des3_set2key_dec( des3_context *ctx,
				536	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	537	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	538	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	539
				540	des3_set2key( sk, ctx->sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame^]	541	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	542
				543	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	544	}
				545
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	546	static void des3_set3key( uint32_t esk[96],
				547	uint32_t dsk[96],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	548	const unsigned char key[24] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	549	{
				550	int i;
				551
				552	des_setkey( esk, key );
				553	des_setkey( dsk + 32, key + 8 );
				554	des_setkey( esk + 64, key + 16 );
				555
				556	for( i = 0; i < 32; i += 2 )
				557	{
				558	dsk[i ] = esk[94 - i];
				559	dsk[i + 1] = esk[95 - i];
				560
				561	esk[i + 32] = dsk[62 - i];
				562	esk[i + 33] = dsk[63 - i];
				563
				564	dsk[i + 64] = esk[30 - i];
				565	dsk[i + 65] = esk[31 - i];
				566	}
				567	}
				568
				569	/*
				570	* Triple-DES key schedule (168-bit, encryption)
				571	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	572	int des3_set3key_enc( des3_context *ctx,
				573	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	574	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	575	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	576
				577	des3_set3key( ctx->sk, sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame^]	578	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	579
				580	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	581	}
				582
				583	/*
				584	* Triple-DES key schedule (168-bit, decryption)
				585	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	586	int des3_set3key_dec( des3_context *ctx,
				587	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	588	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	589	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	590
				591	des3_set3key( sk, ctx->sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame^]	592	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	593
				594	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	595	}
				596
				597	/*
				598	* DES-ECB block encryption/decryption
				599	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	600	int des_crypt_ecb( des_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	601	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	602	unsigned char output[8] )
				603	{
				604	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	605	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	606
				607	SK = ctx->sk;
				608
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	609	GET_UINT32_BE( X, input, 0 );
				610	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	611
				612	DES_IP( X, Y );
				613
				614	for( i = 0; i < 8; i++ )
				615	{
				616	DES_ROUND( Y, X );
				617	DES_ROUND( X, Y );
				618	}
				619
				620	DES_FP( Y, X );
				621
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	622	PUT_UINT32_BE( Y, output, 0 );
				623	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	624
				625	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	626	}
				627
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	628	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	629	/*
				630	* DES-CBC buffer encryption/decryption
				631	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	632	int des_crypt_cbc( des_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	633	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	634	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	635	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	636	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	637	unsigned char *output )
				638	{
				639	int i;
				640	unsigned char temp[8];
				641
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	642	if( length % 8 )
				643	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				644
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	645	if( mode == DES_ENCRYPT )
				646	{
				647	while( length > 0 )
				648	{
				649	for( i = 0; i < 8; i++ )
				650	output[i] = (unsigned char)( input[i] ^ iv[i] );
				651
				652	des_crypt_ecb( ctx, output, output );
				653	memcpy( iv, output, 8 );
				654
				655	input += 8;
				656	output += 8;
				657	length -= 8;
				658	}
				659	}
				660	else /* DES_DECRYPT */
				661	{
				662	while( length > 0 )
				663	{
				664	memcpy( temp, input, 8 );
				665	des_crypt_ecb( ctx, input, output );
				666
				667	for( i = 0; i < 8; i++ )
				668	output[i] = (unsigned char)( output[i] ^ iv[i] );
				669
				670	memcpy( iv, temp, 8 );
				671
				672	input += 8;
				673	output += 8;
				674	length -= 8;
				675	}
				676	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	677
				678	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	679	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	680	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	681
				682	/*
				683	* 3DES-ECB block encryption/decryption
				684	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	685	int des3_crypt_ecb( des3_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	686	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	687	unsigned char output[8] )
				688	{
				689	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	690	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	691
				692	SK = ctx->sk;
				693
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	694	GET_UINT32_BE( X, input, 0 );
				695	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	696
				697	DES_IP( X, Y );
				698
				699	for( i = 0; i < 8; i++ )
				700	{
				701	DES_ROUND( Y, X );
				702	DES_ROUND( X, Y );
				703	}
				704
				705	for( i = 0; i < 8; i++ )
				706	{
				707	DES_ROUND( X, Y );
				708	DES_ROUND( Y, X );
				709	}
				710
				711	for( i = 0; i < 8; i++ )
				712	{
				713	DES_ROUND( Y, X );
				714	DES_ROUND( X, Y );
				715	}
				716
				717	DES_FP( Y, X );
				718
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	719	PUT_UINT32_BE( Y, output, 0 );
				720	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	721
				722	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	723	}
				724
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	725	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	726	/*
				727	* 3DES-CBC buffer encryption/decryption
				728	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	729	int des3_crypt_cbc( des3_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	730	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	731	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	732	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	733	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	734	unsigned char *output )
				735	{
				736	int i;
				737	unsigned char temp[8];
				738
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	739	if( length % 8 )
				740	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				741
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	742	if( mode == DES_ENCRYPT )
				743	{
				744	while( length > 0 )
				745	{
				746	for( i = 0; i < 8; i++ )
				747	output[i] = (unsigned char)( input[i] ^ iv[i] );
				748
				749	des3_crypt_ecb( ctx, output, output );
				750	memcpy( iv, output, 8 );
				751
				752	input += 8;
				753	output += 8;
				754	length -= 8;
				755	}
				756	}
				757	else /* DES_DECRYPT */
				758	{
				759	while( length > 0 )
				760	{
				761	memcpy( temp, input, 8 );
				762	des3_crypt_ecb( ctx, input, output );
				763
				764	for( i = 0; i < 8; i++ )
				765	output[i] = (unsigned char)( output[i] ^ iv[i] );
				766
				767	memcpy( iv, temp, 8 );
				768
				769	input += 8;
				770	output += 8;
				771	length -= 8;
				772	}
				773	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	774
				775	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	776	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	777	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	778
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	779	#endif /* !POLARSSL_DES_ALT */
				780
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	781	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	782
				783	#include <stdio.h>
				784
				785	/*
				786	* DES and 3DES test vectors from:
				787	*
				788	* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
				789	*/
				790	static const unsigned char des3_test_keys[24] =
				791	{
				792	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
				793	0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
				794	0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
				795	};
				796
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	797	static const unsigned char des3_test_buf[8] =
				798	{
				799	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
				800	};
				801
				802	static const unsigned char des3_test_ecb_dec[3][8] =
				803	{
				804	{ 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
				805	{ 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
				806	{ 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
				807	};
				808
				809	static const unsigned char des3_test_ecb_enc[3][8] =
				810	{
				811	{ 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
				812	{ 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
				813	{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
				814	};
				815
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	816	#if defined(POLARSSL_CIPHER_MODE_CBC)
				817	static const unsigned char des3_test_iv[8] =
				818	{
				819	0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
				820	};
				821
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	822	static const unsigned char des3_test_cbc_dec[3][8] =
				823	{
				824	{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
				825	{ 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
				826	{ 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
				827	};
				828
				829	static const unsigned char des3_test_cbc_enc[3][8] =
				830	{
				831	{ 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
				832	{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
				833	{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
				834	};
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	835	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	836
				837	/*
				838	* Checkup routine
				839	*/
				840	int des_self_test( int verbose )
				841	{
				842	int i, j, u, v;
				843	des_context ctx;
				844	des3_context ctx3;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	845	unsigned char buf[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	846	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	847	unsigned char prv[8];
				848	unsigned char iv[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	849	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	850
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	851	/*
				852	* ECB mode
				853	*/
				854	for( i = 0; i < 6; i++ )
				855	{
				856	u = i >> 1;
				857	v = i & 1;
				858
				859	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	860	polarssl_printf( " DES%c-ECB-%3d (%s): ",
				861	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				862	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	863
				864	memcpy( buf, des3_test_buf, 8 );
				865
				866	switch( i )
				867	{
				868	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	869	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	870	break;
				871
				872	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	873	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	874	break;
				875
				876	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	877	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	878	break;
				879
				880	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	881	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	882	break;
				883
				884	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	885	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	886	break;
				887
				888	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	889	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	890	break;
				891
				892	default:
				893	return( 1 );
				894	}
				895
				896	for( j = 0; j < 10000; j++ )
				897	{
				898	if( u == 0 )
				899	des_crypt_ecb( &ctx, buf, buf );
				900	else
				901	des3_crypt_ecb( &ctx3, buf, buf );
				902	}
				903
				904	if( ( v == DES_DECRYPT &&
				905	memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) \|\|
				906	( v != DES_DECRYPT &&
				907	memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
				908	{
				909	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	910	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	911
				912	return( 1 );
				913	}
				914
				915	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	916	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	917	}
				918
				919	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	920	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	921
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	922	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	923	/*
				924	* CBC mode
				925	*/
				926	for( i = 0; i < 6; i++ )
				927	{
				928	u = i >> 1;
				929	v = i & 1;
				930
				931	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	932	polarssl_printf( " DES%c-CBC-%3d (%s): ",
				933	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				934	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	935
				936	memcpy( iv, des3_test_iv, 8 );
				937	memcpy( prv, des3_test_iv, 8 );
				938	memcpy( buf, des3_test_buf, 8 );
				939
				940	switch( i )
				941	{
				942	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	943	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	944	break;
				945
				946	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	947	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	948	break;
				949
				950	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	951	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	952	break;
				953
				954	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	955	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	956	break;
				957
				958	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	959	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	960	break;
				961
				962	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	963	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	964	break;
				965
				966	default:
				967	return( 1 );
				968	}
				969
				970	if( v == DES_DECRYPT )
				971	{
				972	for( j = 0; j < 10000; j++ )
				973	{
				974	if( u == 0 )
				975	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				976	else
				977	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				978	}
				979	}
				980	else
				981	{
				982	for( j = 0; j < 10000; j++ )
				983	{
				984	unsigned char tmp[8];
				985
				986	if( u == 0 )
				987	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				988	else
				989	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				990
				991	memcpy( tmp, prv, 8 );
				992	memcpy( prv, buf, 8 );
				993	memcpy( buf, tmp, 8 );
				994	}
				995
				996	memcpy( buf, prv, 8 );
				997	}
				998
				999	if( ( v == DES_DECRYPT &&
				1000	memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) \|\|
				1001	( v != DES_DECRYPT &&
				1002	memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
				1003	{
				1004	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1005	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1006
				1007	return( 1 );
				1008	}
				1009
				1010	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1011	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1012	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	1013	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1014
				1015	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1016	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1017
				1018	return( 0 );
				1019	}
				1020
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1021	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1022
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1023	#endif /* POLARSSL_DES_C */