Blame - library/des.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 6e152340877769f6d2d404fb64711aa8c22d4774 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-46-3 compliant Triple-DES implementation
				3	*
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	4	* Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* DES, on which TDES is based, was originally designed by Horst Feistel
				27	* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
				28	*
				29	* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
				30	*/
				31
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	32	#include "polarssl/config.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	33
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	34	#if defined(POLARSSL_DES_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	35
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	36	#include "polarssl/des.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	38	#if defined(POLARSSL_PLATFORM_C)
				39	#include "polarssl/platform.h"
				40	#else
				41	#define polarssl_printf printf
				42	#endif
				43
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	44	#if !defined(POLARSSL_DES_ALT)
				45
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	46	/*
				47	* 32-bit integer manipulation macros (big endian)
				48	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	49	#ifndef GET_UINT32_BE
				50	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	51	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	52	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				53	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				54	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				55	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	56	}
				57	#endif
				58
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	59	#ifndef PUT_UINT32_BE
				60	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	61	{ \
				62	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				63	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				64	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				65	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				66	}
				67	#endif
				68
				69	/*
				70	* Expanded DES S-boxes
				71	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	72	static const uint32_t SB1[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	73	{
				74	0x01010400, 0x00000000, 0x00010000, 0x01010404,
				75	0x01010004, 0x00010404, 0x00000004, 0x00010000,
				76	0x00000400, 0x01010400, 0x01010404, 0x00000400,
				77	0x01000404, 0x01010004, 0x01000000, 0x00000004,
				78	0x00000404, 0x01000400, 0x01000400, 0x00010400,
				79	0x00010400, 0x01010000, 0x01010000, 0x01000404,
				80	0x00010004, 0x01000004, 0x01000004, 0x00010004,
				81	0x00000000, 0x00000404, 0x00010404, 0x01000000,
				82	0x00010000, 0x01010404, 0x00000004, 0x01010000,
				83	0x01010400, 0x01000000, 0x01000000, 0x00000400,
				84	0x01010004, 0x00010000, 0x00010400, 0x01000004,
				85	0x00000400, 0x00000004, 0x01000404, 0x00010404,
				86	0x01010404, 0x00010004, 0x01010000, 0x01000404,
				87	0x01000004, 0x00000404, 0x00010404, 0x01010400,
				88	0x00000404, 0x01000400, 0x01000400, 0x00000000,
				89	0x00010004, 0x00010400, 0x00000000, 0x01010004
				90	};
				91
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	92	static const uint32_t SB2[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	93	{
				94	0x80108020, 0x80008000, 0x00008000, 0x00108020,
				95	0x00100000, 0x00000020, 0x80100020, 0x80008020,
				96	0x80000020, 0x80108020, 0x80108000, 0x80000000,
				97	0x80008000, 0x00100000, 0x00000020, 0x80100020,
				98	0x00108000, 0x00100020, 0x80008020, 0x00000000,
				99	0x80000000, 0x00008000, 0x00108020, 0x80100000,
				100	0x00100020, 0x80000020, 0x00000000, 0x00108000,
				101	0x00008020, 0x80108000, 0x80100000, 0x00008020,
				102	0x00000000, 0x00108020, 0x80100020, 0x00100000,
				103	0x80008020, 0x80100000, 0x80108000, 0x00008000,
				104	0x80100000, 0x80008000, 0x00000020, 0x80108020,
				105	0x00108020, 0x00000020, 0x00008000, 0x80000000,
				106	0x00008020, 0x80108000, 0x00100000, 0x80000020,
				107	0x00100020, 0x80008020, 0x80000020, 0x00100020,
				108	0x00108000, 0x00000000, 0x80008000, 0x00008020,
				109	0x80000000, 0x80100020, 0x80108020, 0x00108000
				110	};
				111
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	112	static const uint32_t SB3[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	113	{
				114	0x00000208, 0x08020200, 0x00000000, 0x08020008,
				115	0x08000200, 0x00000000, 0x00020208, 0x08000200,
				116	0x00020008, 0x08000008, 0x08000008, 0x00020000,
				117	0x08020208, 0x00020008, 0x08020000, 0x00000208,
				118	0x08000000, 0x00000008, 0x08020200, 0x00000200,
				119	0x00020200, 0x08020000, 0x08020008, 0x00020208,
				120	0x08000208, 0x00020200, 0x00020000, 0x08000208,
				121	0x00000008, 0x08020208, 0x00000200, 0x08000000,
				122	0x08020200, 0x08000000, 0x00020008, 0x00000208,
				123	0x00020000, 0x08020200, 0x08000200, 0x00000000,
				124	0x00000200, 0x00020008, 0x08020208, 0x08000200,
				125	0x08000008, 0x00000200, 0x00000000, 0x08020008,
				126	0x08000208, 0x00020000, 0x08000000, 0x08020208,
				127	0x00000008, 0x00020208, 0x00020200, 0x08000008,
				128	0x08020000, 0x08000208, 0x00000208, 0x08020000,
				129	0x00020208, 0x00000008, 0x08020008, 0x00020200
				130	};
				131
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	132	static const uint32_t SB4[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	133	{
				134	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				135	0x00802080, 0x00800081, 0x00800001, 0x00002001,
				136	0x00000000, 0x00802000, 0x00802000, 0x00802081,
				137	0x00000081, 0x00000000, 0x00800080, 0x00800001,
				138	0x00000001, 0x00002000, 0x00800000, 0x00802001,
				139	0x00000080, 0x00800000, 0x00002001, 0x00002080,
				140	0x00800081, 0x00000001, 0x00002080, 0x00800080,
				141	0x00002000, 0x00802080, 0x00802081, 0x00000081,
				142	0x00800080, 0x00800001, 0x00802000, 0x00802081,
				143	0x00000081, 0x00000000, 0x00000000, 0x00802000,
				144	0x00002080, 0x00800080, 0x00800081, 0x00000001,
				145	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				146	0x00802081, 0x00000081, 0x00000001, 0x00002000,
				147	0x00800001, 0x00002001, 0x00802080, 0x00800081,
				148	0x00002001, 0x00002080, 0x00800000, 0x00802001,
				149	0x00000080, 0x00800000, 0x00002000, 0x00802080
				150	};
				151
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	152	static const uint32_t SB5[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	153	{
				154	0x00000100, 0x02080100, 0x02080000, 0x42000100,
				155	0x00080000, 0x00000100, 0x40000000, 0x02080000,
				156	0x40080100, 0x00080000, 0x02000100, 0x40080100,
				157	0x42000100, 0x42080000, 0x00080100, 0x40000000,
				158	0x02000000, 0x40080000, 0x40080000, 0x00000000,
				159	0x40000100, 0x42080100, 0x42080100, 0x02000100,
				160	0x42080000, 0x40000100, 0x00000000, 0x42000000,
				161	0x02080100, 0x02000000, 0x42000000, 0x00080100,
				162	0x00080000, 0x42000100, 0x00000100, 0x02000000,
				163	0x40000000, 0x02080000, 0x42000100, 0x40080100,
				164	0x02000100, 0x40000000, 0x42080000, 0x02080100,
				165	0x40080100, 0x00000100, 0x02000000, 0x42080000,
				166	0x42080100, 0x00080100, 0x42000000, 0x42080100,
				167	0x02080000, 0x00000000, 0x40080000, 0x42000000,
				168	0x00080100, 0x02000100, 0x40000100, 0x00080000,
				169	0x00000000, 0x40080000, 0x02080100, 0x40000100
				170	};
				171
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	172	static const uint32_t SB6[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	173	{
				174	0x20000010, 0x20400000, 0x00004000, 0x20404010,
				175	0x20400000, 0x00000010, 0x20404010, 0x00400000,
				176	0x20004000, 0x00404010, 0x00400000, 0x20000010,
				177	0x00400010, 0x20004000, 0x20000000, 0x00004010,
				178	0x00000000, 0x00400010, 0x20004010, 0x00004000,
				179	0x00404000, 0x20004010, 0x00000010, 0x20400010,
				180	0x20400010, 0x00000000, 0x00404010, 0x20404000,
				181	0x00004010, 0x00404000, 0x20404000, 0x20000000,
				182	0x20004000, 0x00000010, 0x20400010, 0x00404000,
				183	0x20404010, 0x00400000, 0x00004010, 0x20000010,
				184	0x00400000, 0x20004000, 0x20000000, 0x00004010,
				185	0x20000010, 0x20404010, 0x00404000, 0x20400000,
				186	0x00404010, 0x20404000, 0x00000000, 0x20400010,
				187	0x00000010, 0x00004000, 0x20400000, 0x00404010,
				188	0x00004000, 0x00400010, 0x20004010, 0x00000000,
				189	0x20404000, 0x20000000, 0x00400010, 0x20004010
				190	};
				191
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	192	static const uint32_t SB7[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	193	{
				194	0x00200000, 0x04200002, 0x04000802, 0x00000000,
				195	0x00000800, 0x04000802, 0x00200802, 0x04200800,
				196	0x04200802, 0x00200000, 0x00000000, 0x04000002,
				197	0x00000002, 0x04000000, 0x04200002, 0x00000802,
				198	0x04000800, 0x00200802, 0x00200002, 0x04000800,
				199	0x04000002, 0x04200000, 0x04200800, 0x00200002,
				200	0x04200000, 0x00000800, 0x00000802, 0x04200802,
				201	0x00200800, 0x00000002, 0x04000000, 0x00200800,
				202	0x04000000, 0x00200800, 0x00200000, 0x04000802,
				203	0x04000802, 0x04200002, 0x04200002, 0x00000002,
				204	0x00200002, 0x04000000, 0x04000800, 0x00200000,
				205	0x04200800, 0x00000802, 0x00200802, 0x04200800,
				206	0x00000802, 0x04000002, 0x04200802, 0x04200000,
				207	0x00200800, 0x00000000, 0x00000002, 0x04200802,
				208	0x00000000, 0x00200802, 0x04200000, 0x00000800,
				209	0x04000002, 0x04000800, 0x00000800, 0x00200002
				210	};
				211
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	212	static const uint32_t SB8[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	213	{
				214	0x10001040, 0x00001000, 0x00040000, 0x10041040,
				215	0x10000000, 0x10001040, 0x00000040, 0x10000000,
				216	0x00040040, 0x10040000, 0x10041040, 0x00041000,
				217	0x10041000, 0x00041040, 0x00001000, 0x00000040,
				218	0x10040000, 0x10000040, 0x10001000, 0x00001040,
				219	0x00041000, 0x00040040, 0x10040040, 0x10041000,
				220	0x00001040, 0x00000000, 0x00000000, 0x10040040,
				221	0x10000040, 0x10001000, 0x00041040, 0x00040000,
				222	0x00041040, 0x00040000, 0x10041000, 0x00001000,
				223	0x00000040, 0x10040040, 0x00001000, 0x00041040,
				224	0x10001000, 0x00000040, 0x10000040, 0x10040000,
				225	0x10040040, 0x10000000, 0x00040000, 0x10001040,
				226	0x00000000, 0x10041040, 0x00040040, 0x10000040,
				227	0x10040000, 0x10001000, 0x10001040, 0x00000000,
				228	0x10041040, 0x00041000, 0x00041000, 0x00001040,
				229	0x00001040, 0x00040040, 0x10000000, 0x10041000
				230	};
				231
				232	/*
				233	* PC1: left and right halves bit-swap
				234	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	235	static const uint32_t LHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	236	{
				237	0x00000000, 0x00000001, 0x00000100, 0x00000101,
				238	0x00010000, 0x00010001, 0x00010100, 0x00010101,
				239	0x01000000, 0x01000001, 0x01000100, 0x01000101,
				240	0x01010000, 0x01010001, 0x01010100, 0x01010101
				241	};
				242
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	243	static const uint32_t RHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	244	{
				245	0x00000000, 0x01000000, 0x00010000, 0x01010000,
				246	0x00000100, 0x01000100, 0x00010100, 0x01010100,
				247	0x00000001, 0x01000001, 0x00010001, 0x01010001,
				248	0x00000101, 0x01000101, 0x00010101, 0x01010101,
				249	};
				250
				251	/*
				252	* Initial Permutation macro
				253	*/
				254	#define DES_IP(X,Y) \
				255	{ \
				256	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				257	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				258	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				259	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				260	Y = ((Y << 1) \| (Y >> 31)) & 0xFFFFFFFF; \
				261	T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
				262	X = ((X << 1) \| (X >> 31)) & 0xFFFFFFFF; \
				263	}
				264
				265	/*
				266	* Final Permutation macro
				267	*/
				268	#define DES_FP(X,Y) \
				269	{ \
				270	X = ((X << 31) \| (X >> 1)) & 0xFFFFFFFF; \
				271	T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
				272	Y = ((Y << 31) \| (Y >> 1)) & 0xFFFFFFFF; \
				273	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				274	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				275	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				276	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				277	}
				278
				279	/*
				280	* DES round macro
				281	*/
				282	#define DES_ROUND(X,Y) \
				283	{ \
				284	T = *SK++ ^ X; \
				285	Y ^= SB8[ (T ) & 0x3F ] ^ \
				286	SB6[ (T >> 8) & 0x3F ] ^ \
				287	SB4[ (T >> 16) & 0x3F ] ^ \
				288	SB2[ (T >> 24) & 0x3F ]; \
				289	\
				290	T = *SK++ ^ ((X << 28) \| (X >> 4)); \
				291	Y ^= SB7[ (T ) & 0x3F ] ^ \
				292	SB5[ (T >> 8) & 0x3F ] ^ \
				293	SB3[ (T >> 16) & 0x3F ] ^ \
				294	SB1[ (T >> 24) & 0x3F ]; \
				295	}
				296
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	297	#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	298
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	299	static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
				300	11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
				301	47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
				302	82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
				303	115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
				304	143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
				305	171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
				306	199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
				307	227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
				308	254 };
				309
				310	void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
				311	{
				312	int i;
				313
				314	for( i = 0; i < DES_KEY_SIZE; i++ )
				315	key[i] = odd_parity_table[key[i] / 2];
				316	}
				317
				318	/*
				319	* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
				320	*/
				321	int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
				322	{
				323	int i;
				324
				325	for( i = 0; i < DES_KEY_SIZE; i++ )
				326	if ( key[i] != odd_parity_table[key[i] / 2] )
				327	return( 1 );
				328
				329	return( 0 );
				330	}
				331
				332	/*
				333	* Table of weak and semi-weak keys
				334	*
				335	* Source: http://en.wikipedia.org/wiki/Weak_key
				336	*
				337	* Weak:
				338	* Alternating ones + zeros (0x0101010101010101)
				339	* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
				340	* '0xE0E0E0E0F1F1F1F1'
				341	* '0x1F1F1F1F0E0E0E0E'
				342	*
				343	* Semi-weak:
				344	* 0x011F011F010E010E and 0x1F011F010E010E01
				345	* 0x01E001E001F101F1 and 0xE001E001F101F101
				346	* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
				347	* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
				348	* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
				349	* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
				350	*
				351	*/
				352
				353	#define WEAK_KEY_COUNT 16
				354
				355	static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
				356	{
				357	{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
				358	{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
				359	{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
				360	{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
				361
				362	{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
				363	{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
				364	{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
				365	{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
				366	{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
				367	{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
				368	{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
				369	{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
				370	{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
				371	{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
				372	{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
				373	{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
				374	};
				375
				376	int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
				377	{
				378	int i;
				379
				380	for( i = 0; i < WEAK_KEY_COUNT; i++ )
				381	if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	382	return( 1 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	383
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	384	return( 0 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	385	}
				386
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	387	static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	388	{
				389	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	390	uint32_t X, Y, T;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	391
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	392	GET_UINT32_BE( X, key, 0 );
				393	GET_UINT32_BE( Y, key, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	394
				395	/*
				396	* Permuted Choice 1
				397	*/
				398	T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
				399	T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
				400
				401	X = (LHs[ (X ) & 0xF] << 3) \| (LHs[ (X >> 8) & 0xF ] << 2)
				402	\| (LHs[ (X >> 16) & 0xF] << 1) \| (LHs[ (X >> 24) & 0xF ] )
				403	\| (LHs[ (X >> 5) & 0xF] << 7) \| (LHs[ (X >> 13) & 0xF ] << 6)
				404	\| (LHs[ (X >> 21) & 0xF] << 5) \| (LHs[ (X >> 29) & 0xF ] << 4);
				405
				406	Y = (RHs[ (Y >> 1) & 0xF] << 3) \| (RHs[ (Y >> 9) & 0xF ] << 2)
				407	\| (RHs[ (Y >> 17) & 0xF] << 1) \| (RHs[ (Y >> 25) & 0xF ] )
				408	\| (RHs[ (Y >> 4) & 0xF] << 7) \| (RHs[ (Y >> 12) & 0xF ] << 6)
				409	\| (RHs[ (Y >> 20) & 0xF] << 5) \| (RHs[ (Y >> 28) & 0xF ] << 4);
				410
				411	X &= 0x0FFFFFFF;
				412	Y &= 0x0FFFFFFF;
				413
				414	/*
				415	* calculate subkeys
				416	*/
				417	for( i = 0; i < 16; i++ )
				418	{
				419	if( i < 2 \|\| i == 8 \|\| i == 15 )
				420	{
				421	X = ((X << 1) \| (X >> 27)) & 0x0FFFFFFF;
				422	Y = ((Y << 1) \| (Y >> 27)) & 0x0FFFFFFF;
				423	}
				424	else
				425	{
				426	X = ((X << 2) \| (X >> 26)) & 0x0FFFFFFF;
				427	Y = ((Y << 2) \| (Y >> 26)) & 0x0FFFFFFF;
				428	}
				429
				430	*SK++ = ((X << 4) & 0x24000000) \| ((X << 28) & 0x10000000)
				431	\| ((X << 14) & 0x08000000) \| ((X << 18) & 0x02080000)
				432	\| ((X << 6) & 0x01000000) \| ((X << 9) & 0x00200000)
				433	\| ((X >> 1) & 0x00100000) \| ((X << 10) & 0x00040000)
				434	\| ((X << 2) & 0x00020000) \| ((X >> 10) & 0x00010000)
				435	\| ((Y >> 13) & 0x00002000) \| ((Y >> 4) & 0x00001000)
				436	\| ((Y << 6) & 0x00000800) \| ((Y >> 1) & 0x00000400)
				437	\| ((Y >> 14) & 0x00000200) \| ((Y ) & 0x00000100)
				438	\| ((Y >> 5) & 0x00000020) \| ((Y >> 10) & 0x00000010)
				439	\| ((Y >> 3) & 0x00000008) \| ((Y >> 18) & 0x00000004)
				440	\| ((Y >> 26) & 0x00000002) \| ((Y >> 24) & 0x00000001);
				441
				442	*SK++ = ((X << 15) & 0x20000000) \| ((X << 17) & 0x10000000)
				443	\| ((X << 10) & 0x08000000) \| ((X << 22) & 0x04000000)
				444	\| ((X >> 2) & 0x02000000) \| ((X << 1) & 0x01000000)
				445	\| ((X << 16) & 0x00200000) \| ((X << 11) & 0x00100000)
				446	\| ((X << 3) & 0x00080000) \| ((X >> 6) & 0x00040000)
				447	\| ((X << 15) & 0x00020000) \| ((X >> 4) & 0x00010000)
				448	\| ((Y >> 2) & 0x00002000) \| ((Y << 8) & 0x00001000)
				449	\| ((Y >> 14) & 0x00000808) \| ((Y >> 9) & 0x00000400)
				450	\| ((Y ) & 0x00000200) \| ((Y << 7) & 0x00000100)
				451	\| ((Y >> 7) & 0x00000020) \| ((Y >> 3) & 0x00000011)
				452	\| ((Y << 2) & 0x00000004) \| ((Y >> 21) & 0x00000002);
				453	}
				454	}
				455
				456	/*
				457	* DES key schedule (56-bit, encryption)
				458	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	459	int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	460	{
				461	des_setkey( ctx->sk, key );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	462
				463	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	464	}
				465
				466	/*
				467	* DES key schedule (56-bit, decryption)
				468	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	469	int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	470	{
				471	int i;
				472
				473	des_setkey( ctx->sk, key );
				474
				475	for( i = 0; i < 16; i += 2 )
				476	{
				477	SWAP( ctx->sk[i ], ctx->sk[30 - i] );
				478	SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
				479	}
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	480
				481	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	482	}
				483
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	484	static void des3_set2key( uint32_t esk[96],
				485	uint32_t dsk[96],
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	486	const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	487	{
				488	int i;
				489
				490	des_setkey( esk, key );
				491	des_setkey( dsk + 32, key + 8 );
				492
				493	for( i = 0; i < 32; i += 2 )
				494	{
				495	dsk[i ] = esk[30 - i];
				496	dsk[i + 1] = esk[31 - i];
				497
				498	esk[i + 32] = dsk[62 - i];
				499	esk[i + 33] = dsk[63 - i];
				500
				501	esk[i + 64] = esk[i ];
				502	esk[i + 65] = esk[i + 1];
				503
				504	dsk[i + 64] = dsk[i ];
				505	dsk[i + 65] = dsk[i + 1];
				506	}
				507	}
				508
				509	/*
				510	* Triple-DES key schedule (112-bit, encryption)
				511	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	512	int des3_set2key_enc( des3_context ctx, const unsigned char key[DES_KEY_SIZE 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	513	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	514	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	515
				516	des3_set2key( ctx->sk, sk, key );
				517	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	518
				519	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	520	}
				521
				522	/*
				523	* Triple-DES key schedule (112-bit, decryption)
				524	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	525	int des3_set2key_dec( des3_context ctx, const unsigned char key[DES_KEY_SIZE 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	526	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	527	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	528
				529	des3_set2key( sk, ctx->sk, key );
				530	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	531
				532	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	533	}
				534
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	535	static void des3_set3key( uint32_t esk[96],
				536	uint32_t dsk[96],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	537	const unsigned char key[24] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	538	{
				539	int i;
				540
				541	des_setkey( esk, key );
				542	des_setkey( dsk + 32, key + 8 );
				543	des_setkey( esk + 64, key + 16 );
				544
				545	for( i = 0; i < 32; i += 2 )
				546	{
				547	dsk[i ] = esk[94 - i];
				548	dsk[i + 1] = esk[95 - i];
				549
				550	esk[i + 32] = dsk[62 - i];
				551	esk[i + 33] = dsk[63 - i];
				552
				553	dsk[i + 64] = esk[30 - i];
				554	dsk[i + 65] = esk[31 - i];
				555	}
				556	}
				557
				558	/*
				559	* Triple-DES key schedule (168-bit, encryption)
				560	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	561	int des3_set3key_enc( des3_context ctx, const unsigned char key[DES_KEY_SIZE 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	562	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	563	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	564
				565	des3_set3key( ctx->sk, sk, key );
				566	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	567
				568	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	569	}
				570
				571	/*
				572	* Triple-DES key schedule (168-bit, decryption)
				573	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	574	int des3_set3key_dec( des3_context ctx, const unsigned char key[DES_KEY_SIZE 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	575	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	576	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	577
				578	des3_set3key( sk, ctx->sk, key );
				579	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	580
				581	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	582	}
				583
				584	/*
				585	* DES-ECB block encryption/decryption
				586	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	587	int des_crypt_ecb( des_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	588	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	589	unsigned char output[8] )
				590	{
				591	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	592	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	593
				594	SK = ctx->sk;
				595
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	596	GET_UINT32_BE( X, input, 0 );
				597	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	598
				599	DES_IP( X, Y );
				600
				601	for( i = 0; i < 8; i++ )
				602	{
				603	DES_ROUND( Y, X );
				604	DES_ROUND( X, Y );
				605	}
				606
				607	DES_FP( Y, X );
				608
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	609	PUT_UINT32_BE( Y, output, 0 );
				610	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	611
				612	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	613	}
				614
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	615	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	616	/*
				617	* DES-CBC buffer encryption/decryption
				618	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	619	int des_crypt_cbc( des_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	620	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	621	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	622	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	623	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	624	unsigned char *output )
				625	{
				626	int i;
				627	unsigned char temp[8];
				628
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	629	if( length % 8 )
				630	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				631
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	632	if( mode == DES_ENCRYPT )
				633	{
				634	while( length > 0 )
				635	{
				636	for( i = 0; i < 8; i++ )
				637	output[i] = (unsigned char)( input[i] ^ iv[i] );
				638
				639	des_crypt_ecb( ctx, output, output );
				640	memcpy( iv, output, 8 );
				641
				642	input += 8;
				643	output += 8;
				644	length -= 8;
				645	}
				646	}
				647	else /* DES_DECRYPT */
				648	{
				649	while( length > 0 )
				650	{
				651	memcpy( temp, input, 8 );
				652	des_crypt_ecb( ctx, input, output );
				653
				654	for( i = 0; i < 8; i++ )
				655	output[i] = (unsigned char)( output[i] ^ iv[i] );
				656
				657	memcpy( iv, temp, 8 );
				658
				659	input += 8;
				660	output += 8;
				661	length -= 8;
				662	}
				663	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	664
				665	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	666	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	667	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	668
				669	/*
				670	* 3DES-ECB block encryption/decryption
				671	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	672	int des3_crypt_ecb( des3_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	673	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	674	unsigned char output[8] )
				675	{
				676	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	677	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	678
				679	SK = ctx->sk;
				680
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	681	GET_UINT32_BE( X, input, 0 );
				682	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	683
				684	DES_IP( X, Y );
				685
				686	for( i = 0; i < 8; i++ )
				687	{
				688	DES_ROUND( Y, X );
				689	DES_ROUND( X, Y );
				690	}
				691
				692	for( i = 0; i < 8; i++ )
				693	{
				694	DES_ROUND( X, Y );
				695	DES_ROUND( Y, X );
				696	}
				697
				698	for( i = 0; i < 8; i++ )
				699	{
				700	DES_ROUND( Y, X );
				701	DES_ROUND( X, Y );
				702	}
				703
				704	DES_FP( Y, X );
				705
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	706	PUT_UINT32_BE( Y, output, 0 );
				707	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	708
				709	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	710	}
				711
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	712	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	713	/*
				714	* 3DES-CBC buffer encryption/decryption
				715	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	716	int des3_crypt_cbc( des3_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	717	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	718	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	719	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	720	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	721	unsigned char *output )
				722	{
				723	int i;
				724	unsigned char temp[8];
				725
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	726	if( length % 8 )
				727	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				728
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	729	if( mode == DES_ENCRYPT )
				730	{
				731	while( length > 0 )
				732	{
				733	for( i = 0; i < 8; i++ )
				734	output[i] = (unsigned char)( input[i] ^ iv[i] );
				735
				736	des3_crypt_ecb( ctx, output, output );
				737	memcpy( iv, output, 8 );
				738
				739	input += 8;
				740	output += 8;
				741	length -= 8;
				742	}
				743	}
				744	else /* DES_DECRYPT */
				745	{
				746	while( length > 0 )
				747	{
				748	memcpy( temp, input, 8 );
				749	des3_crypt_ecb( ctx, input, output );
				750
				751	for( i = 0; i < 8; i++ )
				752	output[i] = (unsigned char)( output[i] ^ iv[i] );
				753
				754	memcpy( iv, temp, 8 );
				755
				756	input += 8;
				757	output += 8;
				758	length -= 8;
				759	}
				760	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	761
				762	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	763	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	764	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	765
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	766	#endif /* !POLARSSL_DES_ALT */
				767
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	768	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	769
				770	#include <stdio.h>
				771
				772	/*
				773	* DES and 3DES test vectors from:
				774	*
				775	* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
				776	*/
				777	static const unsigned char des3_test_keys[24] =
				778	{
				779	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
				780	0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
				781	0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
				782	};
				783
				784	static const unsigned char des3_test_iv[8] =
				785	{
				786	0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
				787	};
				788
				789	static const unsigned char des3_test_buf[8] =
				790	{
				791	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
				792	};
				793
				794	static const unsigned char des3_test_ecb_dec[3][8] =
				795	{
				796	{ 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
				797	{ 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
				798	{ 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
				799	};
				800
				801	static const unsigned char des3_test_ecb_enc[3][8] =
				802	{
				803	{ 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
				804	{ 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
				805	{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
				806	};
				807
				808	static const unsigned char des3_test_cbc_dec[3][8] =
				809	{
				810	{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
				811	{ 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
				812	{ 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
				813	};
				814
				815	static const unsigned char des3_test_cbc_enc[3][8] =
				816	{
				817	{ 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
				818	{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
				819	{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
				820	};
				821
				822	/*
				823	* Checkup routine
				824	*/
				825	int des_self_test( int verbose )
				826	{
				827	int i, j, u, v;
				828	des_context ctx;
				829	des3_context ctx3;
				830	unsigned char key[24];
				831	unsigned char buf[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	832	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	833	unsigned char prv[8];
				834	unsigned char iv[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	835	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	836
				837	memset( key, 0, 24 );
				838
				839	/*
				840	* ECB mode
				841	*/
				842	for( i = 0; i < 6; i++ )
				843	{
				844	u = i >> 1;
				845	v = i & 1;
				846
				847	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	848	polarssl_printf( " DES%c-ECB-%3d (%s): ",
				849	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				850	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	851
				852	memcpy( buf, des3_test_buf, 8 );
				853
				854	switch( i )
				855	{
				856	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	857	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	858	break;
				859
				860	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	861	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	862	break;
				863
				864	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	865	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	866	break;
				867
				868	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	869	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	870	break;
				871
				872	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	873	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	874	break;
				875
				876	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	877	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	878	break;
				879
				880	default:
				881	return( 1 );
				882	}
				883
				884	for( j = 0; j < 10000; j++ )
				885	{
				886	if( u == 0 )
				887	des_crypt_ecb( &ctx, buf, buf );
				888	else
				889	des3_crypt_ecb( &ctx3, buf, buf );
				890	}
				891
				892	if( ( v == DES_DECRYPT &&
				893	memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) \|\|
				894	( v != DES_DECRYPT &&
				895	memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
				896	{
				897	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	898	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	899
				900	return( 1 );
				901	}
				902
				903	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	904	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	905	}
				906
				907	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	908	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	909
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	910	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	911	/*
				912	* CBC mode
				913	*/
				914	for( i = 0; i < 6; i++ )
				915	{
				916	u = i >> 1;
				917	v = i & 1;
				918
				919	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	920	polarssl_printf( " DES%c-CBC-%3d (%s): ",
				921	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				922	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	923
				924	memcpy( iv, des3_test_iv, 8 );
				925	memcpy( prv, des3_test_iv, 8 );
				926	memcpy( buf, des3_test_buf, 8 );
				927
				928	switch( i )
				929	{
				930	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	931	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	932	break;
				933
				934	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	935	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	936	break;
				937
				938	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	939	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	940	break;
				941
				942	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	943	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	944	break;
				945
				946	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	947	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	948	break;
				949
				950	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	951	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	952	break;
				953
				954	default:
				955	return( 1 );
				956	}
				957
				958	if( v == DES_DECRYPT )
				959	{
				960	for( j = 0; j < 10000; j++ )
				961	{
				962	if( u == 0 )
				963	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				964	else
				965	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				966	}
				967	}
				968	else
				969	{
				970	for( j = 0; j < 10000; j++ )
				971	{
				972	unsigned char tmp[8];
				973
				974	if( u == 0 )
				975	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				976	else
				977	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				978
				979	memcpy( tmp, prv, 8 );
				980	memcpy( prv, buf, 8 );
				981	memcpy( buf, tmp, 8 );
				982	}
				983
				984	memcpy( buf, prv, 8 );
				985	}
				986
				987	if( ( v == DES_DECRYPT &&
				988	memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) \|\|
				989	( v != DES_DECRYPT &&
				990	memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
				991	{
				992	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	993	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	994
				995	return( 1 );
				996	}
				997
				998	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	999	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1000	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	1001	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1002
				1003	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame^]	1004	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1005
				1006	return( 0 );
				1007	}
				1008
				1009	#endif
				1010
				1011	#endif