TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 77b385e91a0e48c4c263b2db1baa4887c7f61860 / . / library / des.c
blob: 65d3f08754f002ecd1499a2801bdbf5b583c2fa8 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame^]4 * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
5 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]6 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame^]7 * Joined copyright on original XySSL code with: Christophe Devine
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23/*
24 * DES, on which TDES is based, was originally designed by Horst Feistel
25 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
26 *
27 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
28 */
29
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]30#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
36#include <string.h>
37
38/*
39 * 32-bit integer manipulation macros (big endian)
40 */
41#ifndef GET_ULONG_BE
42#define GET_ULONG_BE(n,b,i) \
43{ \
44 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
45 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
46 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
47 | ( (unsigned long) (b)[(i) + 3] ); \
48}
49#endif
50
51#ifndef PUT_ULONG_BE
52#define PUT_ULONG_BE(n,b,i) \
53{ \
54 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
55 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
56 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
57 (b)[(i) + 3] = (unsigned char) ( (n) ); \
58}
59#endif
60
61/*
62 * Expanded DES S-boxes
63 */
64static const unsigned long SB1[64] =
65{
66 0x01010400, 0x00000000, 0x00010000, 0x01010404,
67 0x01010004, 0x00010404, 0x00000004, 0x00010000,
68 0x00000400, 0x01010400, 0x01010404, 0x00000400,
69 0x01000404, 0x01010004, 0x01000000, 0x00000004,
70 0x00000404, 0x01000400, 0x01000400, 0x00010400,
71 0x00010400, 0x01010000, 0x01010000, 0x01000404,
72 0x00010004, 0x01000004, 0x01000004, 0x00010004,
73 0x00000000, 0x00000404, 0x00010404, 0x01000000,
74 0x00010000, 0x01010404, 0x00000004, 0x01010000,
75 0x01010400, 0x01000000, 0x01000000, 0x00000400,
76 0x01010004, 0x00010000, 0x00010400, 0x01000004,
77 0x00000400, 0x00000004, 0x01000404, 0x00010404,
78 0x01010404, 0x00010004, 0x01010000, 0x01000404,
79 0x01000004, 0x00000404, 0x00010404, 0x01010400,
80 0x00000404, 0x01000400, 0x01000400, 0x00000000,
81 0x00010004, 0x00010400, 0x00000000, 0x01010004
82};
83
84static const unsigned long SB2[64] =
85{
86 0x80108020, 0x80008000, 0x00008000, 0x00108020,
87 0x00100000, 0x00000020, 0x80100020, 0x80008020,
88 0x80000020, 0x80108020, 0x80108000, 0x80000000,
89 0x80008000, 0x00100000, 0x00000020, 0x80100020,
90 0x00108000, 0x00100020, 0x80008020, 0x00000000,
91 0x80000000, 0x00008000, 0x00108020, 0x80100000,
92 0x00100020, 0x80000020, 0x00000000, 0x00108000,
93 0x00008020, 0x80108000, 0x80100000, 0x00008020,
94 0x00000000, 0x00108020, 0x80100020, 0x00100000,
95 0x80008020, 0x80100000, 0x80108000, 0x00008000,
96 0x80100000, 0x80008000, 0x00000020, 0x80108020,
97 0x00108020, 0x00000020, 0x00008000, 0x80000000,
98 0x00008020, 0x80108000, 0x00100000, 0x80000020,
99 0x00100020, 0x80008020, 0x80000020, 0x00100020,
100 0x00108000, 0x00000000, 0x80008000, 0x00008020,
101 0x80000000, 0x80100020, 0x80108020, 0x00108000
102};
103
104static const unsigned long SB3[64] =
105{
106 0x00000208, 0x08020200, 0x00000000, 0x08020008,
107 0x08000200, 0x00000000, 0x00020208, 0x08000200,
108 0x00020008, 0x08000008, 0x08000008, 0x00020000,
109 0x08020208, 0x00020008, 0x08020000, 0x00000208,
110 0x08000000, 0x00000008, 0x08020200, 0x00000200,
111 0x00020200, 0x08020000, 0x08020008, 0x00020208,
112 0x08000208, 0x00020200, 0x00020000, 0x08000208,
113 0x00000008, 0x08020208, 0x00000200, 0x08000000,
114 0x08020200, 0x08000000, 0x00020008, 0x00000208,
115 0x00020000, 0x08020200, 0x08000200, 0x00000000,
116 0x00000200, 0x00020008, 0x08020208, 0x08000200,
117 0x08000008, 0x00000200, 0x00000000, 0x08020008,
118 0x08000208, 0x00020000, 0x08000000, 0x08020208,
119 0x00000008, 0x00020208, 0x00020200, 0x08000008,
120 0x08020000, 0x08000208, 0x00000208, 0x08020000,
121 0x00020208, 0x00000008, 0x08020008, 0x00020200
122};
123
124static const unsigned long SB4[64] =
125{
126 0x00802001, 0x00002081, 0x00002081, 0x00000080,
127 0x00802080, 0x00800081, 0x00800001, 0x00002001,
128 0x00000000, 0x00802000, 0x00802000, 0x00802081,
129 0x00000081, 0x00000000, 0x00800080, 0x00800001,
130 0x00000001, 0x00002000, 0x00800000, 0x00802001,
131 0x00000080, 0x00800000, 0x00002001, 0x00002080,
132 0x00800081, 0x00000001, 0x00002080, 0x00800080,
133 0x00002000, 0x00802080, 0x00802081, 0x00000081,
134 0x00800080, 0x00800001, 0x00802000, 0x00802081,
135 0x00000081, 0x00000000, 0x00000000, 0x00802000,
136 0x00002080, 0x00800080, 0x00800081, 0x00000001,
137 0x00802001, 0x00002081, 0x00002081, 0x00000080,
138 0x00802081, 0x00000081, 0x00000001, 0x00002000,
139 0x00800001, 0x00002001, 0x00802080, 0x00800081,
140 0x00002001, 0x00002080, 0x00800000, 0x00802001,
141 0x00000080, 0x00800000, 0x00002000, 0x00802080
142};
143
144static const unsigned long SB5[64] =
145{
146 0x00000100, 0x02080100, 0x02080000, 0x42000100,
147 0x00080000, 0x00000100, 0x40000000, 0x02080000,
148 0x40080100, 0x00080000, 0x02000100, 0x40080100,
149 0x42000100, 0x42080000, 0x00080100, 0x40000000,
150 0x02000000, 0x40080000, 0x40080000, 0x00000000,
151 0x40000100, 0x42080100, 0x42080100, 0x02000100,
152 0x42080000, 0x40000100, 0x00000000, 0x42000000,
153 0x02080100, 0x02000000, 0x42000000, 0x00080100,
154 0x00080000, 0x42000100, 0x00000100, 0x02000000,
155 0x40000000, 0x02080000, 0x42000100, 0x40080100,
156 0x02000100, 0x40000000, 0x42080000, 0x02080100,
157 0x40080100, 0x00000100, 0x02000000, 0x42080000,
158 0x42080100, 0x00080100, 0x42000000, 0x42080100,
159 0x02080000, 0x00000000, 0x40080000, 0x42000000,
160 0x00080100, 0x02000100, 0x40000100, 0x00080000,
161 0x00000000, 0x40080000, 0x02080100, 0x40000100
162};
163
164static const unsigned long SB6[64] =
165{
166 0x20000010, 0x20400000, 0x00004000, 0x20404010,
167 0x20400000, 0x00000010, 0x20404010, 0x00400000,
168 0x20004000, 0x00404010, 0x00400000, 0x20000010,
169 0x00400010, 0x20004000, 0x20000000, 0x00004010,
170 0x00000000, 0x00400010, 0x20004010, 0x00004000,
171 0x00404000, 0x20004010, 0x00000010, 0x20400010,
172 0x20400010, 0x00000000, 0x00404010, 0x20404000,
173 0x00004010, 0x00404000, 0x20404000, 0x20000000,
174 0x20004000, 0x00000010, 0x20400010, 0x00404000,
175 0x20404010, 0x00400000, 0x00004010, 0x20000010,
176 0x00400000, 0x20004000, 0x20000000, 0x00004010,
177 0x20000010, 0x20404010, 0x00404000, 0x20400000,
178 0x00404010, 0x20404000, 0x00000000, 0x20400010,
179 0x00000010, 0x00004000, 0x20400000, 0x00404010,
180 0x00004000, 0x00400010, 0x20004010, 0x00000000,
181 0x20404000, 0x20000000, 0x00400010, 0x20004010
182};
183
184static const unsigned long SB7[64] =
185{
186 0x00200000, 0x04200002, 0x04000802, 0x00000000,
187 0x00000800, 0x04000802, 0x00200802, 0x04200800,
188 0x04200802, 0x00200000, 0x00000000, 0x04000002,
189 0x00000002, 0x04000000, 0x04200002, 0x00000802,
190 0x04000800, 0x00200802, 0x00200002, 0x04000800,
191 0x04000002, 0x04200000, 0x04200800, 0x00200002,
192 0x04200000, 0x00000800, 0x00000802, 0x04200802,
193 0x00200800, 0x00000002, 0x04000000, 0x00200800,
194 0x04000000, 0x00200800, 0x00200000, 0x04000802,
195 0x04000802, 0x04200002, 0x04200002, 0x00000002,
196 0x00200002, 0x04000000, 0x04000800, 0x00200000,
197 0x04200800, 0x00000802, 0x00200802, 0x04200800,
198 0x00000802, 0x04000002, 0x04200802, 0x04200000,
199 0x00200800, 0x00000000, 0x00000002, 0x04200802,
200 0x00000000, 0x00200802, 0x04200000, 0x00000800,
201 0x04000002, 0x04000800, 0x00000800, 0x00200002
202};
203
204static const unsigned long SB8[64] =
205{
206 0x10001040, 0x00001000, 0x00040000, 0x10041040,
207 0x10000000, 0x10001040, 0x00000040, 0x10000000,
208 0x00040040, 0x10040000, 0x10041040, 0x00041000,
209 0x10041000, 0x00041040, 0x00001000, 0x00000040,
210 0x10040000, 0x10000040, 0x10001000, 0x00001040,
211 0x00041000, 0x00040040, 0x10040040, 0x10041000,
212 0x00001040, 0x00000000, 0x00000000, 0x10040040,
213 0x10000040, 0x10001000, 0x00041040, 0x00040000,
214 0x00041040, 0x00040000, 0x10041000, 0x00001000,
215 0x00000040, 0x10040040, 0x00001000, 0x00041040,
216 0x10001000, 0x00000040, 0x10000040, 0x10040000,
217 0x10040040, 0x10000000, 0x00040000, 0x10001040,
218 0x00000000, 0x10041040, 0x00040040, 0x10000040,
219 0x10040000, 0x10001000, 0x10001040, 0x00000000,
220 0x10041040, 0x00041000, 0x00041000, 0x00001040,
221 0x00001040, 0x00040040, 0x10000000, 0x10041000
222};
223
224/*
225 * PC1: left and right halves bit-swap
226 */
227static const unsigned long LHs[16] =
228{
229 0x00000000, 0x00000001, 0x00000100, 0x00000101,
230 0x00010000, 0x00010001, 0x00010100, 0x00010101,
231 0x01000000, 0x01000001, 0x01000100, 0x01000101,
232 0x01010000, 0x01010001, 0x01010100, 0x01010101
233};
234
235static const unsigned long RHs[16] =
236{
237 0x00000000, 0x01000000, 0x00010000, 0x01010000,
238 0x00000100, 0x01000100, 0x00010100, 0x01010100,
239 0x00000001, 0x01000001, 0x00010001, 0x01010001,
240 0x00000101, 0x01000101, 0x00010101, 0x01010101,
241};
242
243/*
244 * Initial Permutation macro
245 */
246#define DES_IP(X,Y) \
247{ \
248 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
249 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
250 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
251 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
252 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
253 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
254 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
255}
256
257/*
258 * Final Permutation macro
259 */
260#define DES_FP(X,Y) \
261{ \
262 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
263 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
264 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
265 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
266 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
267 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
268 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
269}
270
271/*
272 * DES round macro
273 */
274#define DES_ROUND(X,Y) \
275{ \
276 T = *SK++ ^ X; \
277 Y ^= SB8[ (T ) & 0x3F ] ^ \
278 SB6[ (T >> 8) & 0x3F ] ^ \
279 SB4[ (T >> 16) & 0x3F ] ^ \
280 SB2[ (T >> 24) & 0x3F ]; \
281 \
282 T = *SK++ ^ ((X << 28) | (X >> 4)); \
283 Y ^= SB7[ (T ) & 0x3F ] ^ \
284 SB5[ (T >> 8) & 0x3F ] ^ \
285 SB3[ (T >> 16) & 0x3F ] ^ \
286 SB1[ (T >> 24) & 0x3F ]; \
287}
288
289#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
290
291static void des_setkey( unsigned long SK[32], unsigned char key[8] )
292{
293 int i;
294 unsigned long X, Y, T;
295
296 GET_ULONG_BE( X, key, 0 );
297 GET_ULONG_BE( Y, key, 4 );
298
299 /*
300 * Permuted Choice 1
301 */
302 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
303 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
304
305 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
306 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
307 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
308 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
309
310 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
311 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
312 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
313 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
314
315 X &= 0x0FFFFFFF;
316 Y &= 0x0FFFFFFF;
317
318 /*
319 * calculate subkeys
320 */
321 for( i = 0; i < 16; i++ )
322 {
323 if( i < 2 || i == 8 || i == 15 )
324 {
325 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
326 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
327 }
328 else
329 {
330 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
331 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
332 }
333
334 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
335 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
336 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
337 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
338 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
339 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
340 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
341 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
342 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
343 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
344 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
345
346 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
347 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
348 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
349 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
350 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
351 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
352 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
353 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
354 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
355 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
356 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
357 }
358}
359
360/*
361 * DES key schedule (56-bit, encryption)
362 */
363void des_setkey_enc( des_context *ctx, unsigned char key[8] )
364{
365 des_setkey( ctx->sk, key );
366}
367
368/*
369 * DES key schedule (56-bit, decryption)
370 */
371void des_setkey_dec( des_context *ctx, unsigned char key[8] )
372{
373 int i;
374
375 des_setkey( ctx->sk, key );
376
377 for( i = 0; i < 16; i += 2 )
378 {
379 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
380 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
381 }
382}
383
384static void des3_set2key( unsigned long esk[96],
385 unsigned long dsk[96],
386 unsigned char key[16] )
387{
388 int i;
389
390 des_setkey( esk, key );
391 des_setkey( dsk + 32, key + 8 );
392
393 for( i = 0; i < 32; i += 2 )
394 {
395 dsk[i ] = esk[30 - i];
396 dsk[i + 1] = esk[31 - i];
397
398 esk[i + 32] = dsk[62 - i];
399 esk[i + 33] = dsk[63 - i];
400
401 esk[i + 64] = esk[i ];
402 esk[i + 65] = esk[i + 1];
403
404 dsk[i + 64] = dsk[i ];
405 dsk[i + 65] = dsk[i + 1];
406 }
407}
408
409/*
410 * Triple-DES key schedule (112-bit, encryption)
411 */
412void des3_set2key_enc( des3_context *ctx, unsigned char key[16] )
413{
414 unsigned long sk[96];
415
416 des3_set2key( ctx->sk, sk, key );
417 memset( sk, 0, sizeof( sk ) );
418}
419
420/*
421 * Triple-DES key schedule (112-bit, decryption)
422 */
423void des3_set2key_dec( des3_context *ctx, unsigned char key[16] )
424{
425 unsigned long sk[96];
426
427 des3_set2key( sk, ctx->sk, key );
428 memset( sk, 0, sizeof( sk ) );
429}
430
431static void des3_set3key( unsigned long esk[96],
432 unsigned long dsk[96],
433 unsigned char key[24] )
434{
435 int i;
436
437 des_setkey( esk, key );
438 des_setkey( dsk + 32, key + 8 );
439 des_setkey( esk + 64, key + 16 );
440
441 for( i = 0; i < 32; i += 2 )
442 {
443 dsk[i ] = esk[94 - i];
444 dsk[i + 1] = esk[95 - i];
445
446 esk[i + 32] = dsk[62 - i];
447 esk[i + 33] = dsk[63 - i];
448
449 dsk[i + 64] = esk[30 - i];
450 dsk[i + 65] = esk[31 - i];
451 }
452}
453
454/*
455 * Triple-DES key schedule (168-bit, encryption)
456 */
457void des3_set3key_enc( des3_context *ctx, unsigned char key[24] )
458{
459 unsigned long sk[96];
460
461 des3_set3key( ctx->sk, sk, key );
462 memset( sk, 0, sizeof( sk ) );
463}
464
465/*
466 * Triple-DES key schedule (168-bit, decryption)
467 */
468void des3_set3key_dec( des3_context *ctx, unsigned char key[24] )
469{
470 unsigned long sk[96];
471
472 des3_set3key( sk, ctx->sk, key );
473 memset( sk, 0, sizeof( sk ) );
474}
475
476/*
477 * DES-ECB block encryption/decryption
478 */
479void des_crypt_ecb( des_context *ctx,
480 unsigned char input[8],
481 unsigned char output[8] )
482{
483 int i;
484 unsigned long X, Y, T, *SK;
485
486 SK = ctx->sk;
487
488 GET_ULONG_BE( X, input, 0 );
489 GET_ULONG_BE( Y, input, 4 );
490
491 DES_IP( X, Y );
492
493 for( i = 0; i < 8; i++ )
494 {
495 DES_ROUND( Y, X );
496 DES_ROUND( X, Y );
497 }
498
499 DES_FP( Y, X );
500
501 PUT_ULONG_BE( Y, output, 0 );
502 PUT_ULONG_BE( X, output, 4 );
503}
504
505/*
506 * DES-CBC buffer encryption/decryption
507 */
508void des_crypt_cbc( des_context *ctx,
509 int mode,
510 int length,
511 unsigned char iv[8],
512 unsigned char *input,
513 unsigned char *output )
514{
515 int i;
516 unsigned char temp[8];
517
518 if( mode == DES_ENCRYPT )
519 {
520 while( length > 0 )
521 {
522 for( i = 0; i < 8; i++ )
523 output[i] = (unsigned char)( input[i] ^ iv[i] );
524
525 des_crypt_ecb( ctx, output, output );
526 memcpy( iv, output, 8 );
527
528 input += 8;
529 output += 8;
530 length -= 8;
531 }
532 }
533 else /* DES_DECRYPT */
534 {
535 while( length > 0 )
536 {
537 memcpy( temp, input, 8 );
538 des_crypt_ecb( ctx, input, output );
539
540 for( i = 0; i < 8; i++ )
541 output[i] = (unsigned char)( output[i] ^ iv[i] );
542
543 memcpy( iv, temp, 8 );
544
545 input += 8;
546 output += 8;
547 length -= 8;
548 }
549 }
550}
551
552/*
553 * 3DES-ECB block encryption/decryption
554 */
555void des3_crypt_ecb( des3_context *ctx,
556 unsigned char input[8],
557 unsigned char output[8] )
558{
559 int i;
560 unsigned long X, Y, T, *SK;
561
562 SK = ctx->sk;
563
564 GET_ULONG_BE( X, input, 0 );
565 GET_ULONG_BE( Y, input, 4 );
566
567 DES_IP( X, Y );
568
569 for( i = 0; i < 8; i++ )
570 {
571 DES_ROUND( Y, X );
572 DES_ROUND( X, Y );
573 }
574
575 for( i = 0; i < 8; i++ )
576 {
577 DES_ROUND( X, Y );
578 DES_ROUND( Y, X );
579 }
580
581 for( i = 0; i < 8; i++ )
582 {
583 DES_ROUND( Y, X );
584 DES_ROUND( X, Y );
585 }
586
587 DES_FP( Y, X );
588
589 PUT_ULONG_BE( Y, output, 0 );
590 PUT_ULONG_BE( X, output, 4 );
591}
592
593/*
594 * 3DES-CBC buffer encryption/decryption
595 */
596void des3_crypt_cbc( des3_context *ctx,
597 int mode,
598 int length,
599 unsigned char iv[8],
600 unsigned char *input,
601 unsigned char *output )
602{
603 int i;
604 unsigned char temp[8];
605
606 if( mode == DES_ENCRYPT )
607 {
608 while( length > 0 )
609 {
610 for( i = 0; i < 8; i++ )
611 output[i] = (unsigned char)( input[i] ^ iv[i] );
612
613 des3_crypt_ecb( ctx, output, output );
614 memcpy( iv, output, 8 );
615
616 input += 8;
617 output += 8;
618 length -= 8;
619 }
620 }
621 else /* DES_DECRYPT */
622 {
623 while( length > 0 )
624 {
625 memcpy( temp, input, 8 );
626 des3_crypt_ecb( ctx, input, output );
627
628 for( i = 0; i < 8; i++ )
629 output[i] = (unsigned char)( output[i] ^ iv[i] );
630
631 memcpy( iv, temp, 8 );
632
633 input += 8;
634 output += 8;
635 length -= 8;
636 }
637 }
638}
639
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]640#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]641
642#include <stdio.h>
643
644/*
645 * DES and 3DES test vectors from:
646 *
647 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
648 */
649static const unsigned char des3_test_keys[24] =
650{
651 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
652 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
653 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
654};
655
656static const unsigned char des3_test_iv[8] =
657{
658 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
659};
660
661static const unsigned char des3_test_buf[8] =
662{
663 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
664};
665
666static const unsigned char des3_test_ecb_dec[3][8] =
667{
668 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
669 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
670 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
671};
672
673static const unsigned char des3_test_ecb_enc[3][8] =
674{
675 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
676 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
677 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
678};
679
680static const unsigned char des3_test_cbc_dec[3][8] =
681{
682 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
683 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
684 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
685};
686
687static const unsigned char des3_test_cbc_enc[3][8] =
688{
689 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
690 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
691 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
692};
693
694/*
695 * Checkup routine
696 */
697int des_self_test( int verbose )
698{
699 int i, j, u, v;
700 des_context ctx;
701 des3_context ctx3;
702 unsigned char key[24];
703 unsigned char buf[8];
704 unsigned char prv[8];
705 unsigned char iv[8];
706
707 memset( key, 0, 24 );
708
709 /*
710 * ECB mode
711 */
712 for( i = 0; i < 6; i++ )
713 {
714 u = i >> 1;
715 v = i & 1;
716
717 if( verbose != 0 )
718 printf( " DES%c-ECB-%3d (%s): ",
719 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
720 ( v == DES_DECRYPT ) ? "dec" : "enc" );
721
722 memcpy( buf, des3_test_buf, 8 );
723
724 switch( i )
725 {
726 case 0:
727 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
728 break;
729
730 case 1:
731 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
732 break;
733
734 case 2:
735 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
736 break;
737
738 case 3:
739 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
740 break;
741
742 case 4:
743 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
744 break;
745
746 case 5:
747 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
748 break;
749
750 default:
751 return( 1 );
752 }
753
754 for( j = 0; j < 10000; j++ )
755 {
756 if( u == 0 )
757 des_crypt_ecb( &ctx, buf, buf );
758 else
759 des3_crypt_ecb( &ctx3, buf, buf );
760 }
761
762 if( ( v == DES_DECRYPT &&
763 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
764 ( v != DES_DECRYPT &&
765 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
766 {
767 if( verbose != 0 )
768 printf( "failed\n" );
769
770 return( 1 );
771 }
772
773 if( verbose != 0 )
774 printf( "passed\n" );
775 }
776
777 if( verbose != 0 )
778 printf( "\n" );
779
780 /*
781 * CBC mode
782 */
783 for( i = 0; i < 6; i++ )
784 {
785 u = i >> 1;
786 v = i & 1;
787
788 if( verbose != 0 )
789 printf( " DES%c-CBC-%3d (%s): ",
790 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
791 ( v == DES_DECRYPT ) ? "dec" : "enc" );
792
793 memcpy( iv, des3_test_iv, 8 );
794 memcpy( prv, des3_test_iv, 8 );
795 memcpy( buf, des3_test_buf, 8 );
796
797 switch( i )
798 {
799 case 0:
800 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
801 break;
802
803 case 1:
804 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
805 break;
806
807 case 2:
808 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
809 break;
810
811 case 3:
812 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
813 break;
814
815 case 4:
816 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
817 break;
818
819 case 5:
820 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
821 break;
822
823 default:
824 return( 1 );
825 }
826
827 if( v == DES_DECRYPT )
828 {
829 for( j = 0; j < 10000; j++ )
830 {
831 if( u == 0 )
832 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
833 else
834 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
835 }
836 }
837 else
838 {
839 for( j = 0; j < 10000; j++ )
840 {
841 unsigned char tmp[8];
842
843 if( u == 0 )
844 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
845 else
846 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
847
848 memcpy( tmp, prv, 8 );
849 memcpy( prv, buf, 8 );
850 memcpy( buf, tmp, 8 );
851 }
852
853 memcpy( buf, prv, 8 );
854 }
855
856 if( ( v == DES_DECRYPT &&
857 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
858 ( v != DES_DECRYPT &&
859 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
860 {
861 if( verbose != 0 )
862 printf( "failed\n" );
863
864 return( 1 );
865 }
866
867 if( verbose != 0 )
868 printf( "passed\n" );
869 }
870
871 if( verbose != 0 )
872 printf( "\n" );
873
874 return( 0 );
875}
876
877#endif
878
879#endif