TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c38b2f5bcf7af32a9cdff4850345cdae1949439f / . / library / des.c
blob: 7798821fc0f4fcd168ea1aa03352228b4c0e292d [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakkerfc8c4362010-03-21 17:37:16 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]5 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]6 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21/*
22 * DES, on which TDES is based, was originally designed by Horst Feistel
23 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
24 *
25 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
26 */
27
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]28#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]29
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]30#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
34#include <string.h>
35
36/*
37 * 32-bit integer manipulation macros (big endian)
38 */
39#ifndef GET_ULONG_BE
40#define GET_ULONG_BE(n,b,i) \
41{ \
42 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
43 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
44 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
45 | ( (unsigned long) (b)[(i) + 3] ); \
46}
47#endif
48
49#ifndef PUT_ULONG_BE
50#define PUT_ULONG_BE(n,b,i) \
51{ \
52 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
53 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
54 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
55 (b)[(i) + 3] = (unsigned char) ( (n) ); \
56}
57#endif
58
59/*
60 * Expanded DES S-boxes
61 */
62static const unsigned long SB1[64] =
63{
64 0x01010400, 0x00000000, 0x00010000, 0x01010404,
65 0x01010004, 0x00010404, 0x00000004, 0x00010000,
66 0x00000400, 0x01010400, 0x01010404, 0x00000400,
67 0x01000404, 0x01010004, 0x01000000, 0x00000004,
68 0x00000404, 0x01000400, 0x01000400, 0x00010400,
69 0x00010400, 0x01010000, 0x01010000, 0x01000404,
70 0x00010004, 0x01000004, 0x01000004, 0x00010004,
71 0x00000000, 0x00000404, 0x00010404, 0x01000000,
72 0x00010000, 0x01010404, 0x00000004, 0x01010000,
73 0x01010400, 0x01000000, 0x01000000, 0x00000400,
74 0x01010004, 0x00010000, 0x00010400, 0x01000004,
75 0x00000400, 0x00000004, 0x01000404, 0x00010404,
76 0x01010404, 0x00010004, 0x01010000, 0x01000404,
77 0x01000004, 0x00000404, 0x00010404, 0x01010400,
78 0x00000404, 0x01000400, 0x01000400, 0x00000000,
79 0x00010004, 0x00010400, 0x00000000, 0x01010004
80};
81
82static const unsigned long SB2[64] =
83{
84 0x80108020, 0x80008000, 0x00008000, 0x00108020,
85 0x00100000, 0x00000020, 0x80100020, 0x80008020,
86 0x80000020, 0x80108020, 0x80108000, 0x80000000,
87 0x80008000, 0x00100000, 0x00000020, 0x80100020,
88 0x00108000, 0x00100020, 0x80008020, 0x00000000,
89 0x80000000, 0x00008000, 0x00108020, 0x80100000,
90 0x00100020, 0x80000020, 0x00000000, 0x00108000,
91 0x00008020, 0x80108000, 0x80100000, 0x00008020,
92 0x00000000, 0x00108020, 0x80100020, 0x00100000,
93 0x80008020, 0x80100000, 0x80108000, 0x00008000,
94 0x80100000, 0x80008000, 0x00000020, 0x80108020,
95 0x00108020, 0x00000020, 0x00008000, 0x80000000,
96 0x00008020, 0x80108000, 0x00100000, 0x80000020,
97 0x00100020, 0x80008020, 0x80000020, 0x00100020,
98 0x00108000, 0x00000000, 0x80008000, 0x00008020,
99 0x80000000, 0x80100020, 0x80108020, 0x00108000
100};
101
102static const unsigned long SB3[64] =
103{
104 0x00000208, 0x08020200, 0x00000000, 0x08020008,
105 0x08000200, 0x00000000, 0x00020208, 0x08000200,
106 0x00020008, 0x08000008, 0x08000008, 0x00020000,
107 0x08020208, 0x00020008, 0x08020000, 0x00000208,
108 0x08000000, 0x00000008, 0x08020200, 0x00000200,
109 0x00020200, 0x08020000, 0x08020008, 0x00020208,
110 0x08000208, 0x00020200, 0x00020000, 0x08000208,
111 0x00000008, 0x08020208, 0x00000200, 0x08000000,
112 0x08020200, 0x08000000, 0x00020008, 0x00000208,
113 0x00020000, 0x08020200, 0x08000200, 0x00000000,
114 0x00000200, 0x00020008, 0x08020208, 0x08000200,
115 0x08000008, 0x00000200, 0x00000000, 0x08020008,
116 0x08000208, 0x00020000, 0x08000000, 0x08020208,
117 0x00000008, 0x00020208, 0x00020200, 0x08000008,
118 0x08020000, 0x08000208, 0x00000208, 0x08020000,
119 0x00020208, 0x00000008, 0x08020008, 0x00020200
120};
121
122static const unsigned long SB4[64] =
123{
124 0x00802001, 0x00002081, 0x00002081, 0x00000080,
125 0x00802080, 0x00800081, 0x00800001, 0x00002001,
126 0x00000000, 0x00802000, 0x00802000, 0x00802081,
127 0x00000081, 0x00000000, 0x00800080, 0x00800001,
128 0x00000001, 0x00002000, 0x00800000, 0x00802001,
129 0x00000080, 0x00800000, 0x00002001, 0x00002080,
130 0x00800081, 0x00000001, 0x00002080, 0x00800080,
131 0x00002000, 0x00802080, 0x00802081, 0x00000081,
132 0x00800080, 0x00800001, 0x00802000, 0x00802081,
133 0x00000081, 0x00000000, 0x00000000, 0x00802000,
134 0x00002080, 0x00800080, 0x00800081, 0x00000001,
135 0x00802001, 0x00002081, 0x00002081, 0x00000080,
136 0x00802081, 0x00000081, 0x00000001, 0x00002000,
137 0x00800001, 0x00002001, 0x00802080, 0x00800081,
138 0x00002001, 0x00002080, 0x00800000, 0x00802001,
139 0x00000080, 0x00800000, 0x00002000, 0x00802080
140};
141
142static const unsigned long SB5[64] =
143{
144 0x00000100, 0x02080100, 0x02080000, 0x42000100,
145 0x00080000, 0x00000100, 0x40000000, 0x02080000,
146 0x40080100, 0x00080000, 0x02000100, 0x40080100,
147 0x42000100, 0x42080000, 0x00080100, 0x40000000,
148 0x02000000, 0x40080000, 0x40080000, 0x00000000,
149 0x40000100, 0x42080100, 0x42080100, 0x02000100,
150 0x42080000, 0x40000100, 0x00000000, 0x42000000,
151 0x02080100, 0x02000000, 0x42000000, 0x00080100,
152 0x00080000, 0x42000100, 0x00000100, 0x02000000,
153 0x40000000, 0x02080000, 0x42000100, 0x40080100,
154 0x02000100, 0x40000000, 0x42080000, 0x02080100,
155 0x40080100, 0x00000100, 0x02000000, 0x42080000,
156 0x42080100, 0x00080100, 0x42000000, 0x42080100,
157 0x02080000, 0x00000000, 0x40080000, 0x42000000,
158 0x00080100, 0x02000100, 0x40000100, 0x00080000,
159 0x00000000, 0x40080000, 0x02080100, 0x40000100
160};
161
162static const unsigned long SB6[64] =
163{
164 0x20000010, 0x20400000, 0x00004000, 0x20404010,
165 0x20400000, 0x00000010, 0x20404010, 0x00400000,
166 0x20004000, 0x00404010, 0x00400000, 0x20000010,
167 0x00400010, 0x20004000, 0x20000000, 0x00004010,
168 0x00000000, 0x00400010, 0x20004010, 0x00004000,
169 0x00404000, 0x20004010, 0x00000010, 0x20400010,
170 0x20400010, 0x00000000, 0x00404010, 0x20404000,
171 0x00004010, 0x00404000, 0x20404000, 0x20000000,
172 0x20004000, 0x00000010, 0x20400010, 0x00404000,
173 0x20404010, 0x00400000, 0x00004010, 0x20000010,
174 0x00400000, 0x20004000, 0x20000000, 0x00004010,
175 0x20000010, 0x20404010, 0x00404000, 0x20400000,
176 0x00404010, 0x20404000, 0x00000000, 0x20400010,
177 0x00000010, 0x00004000, 0x20400000, 0x00404010,
178 0x00004000, 0x00400010, 0x20004010, 0x00000000,
179 0x20404000, 0x20000000, 0x00400010, 0x20004010
180};
181
182static const unsigned long SB7[64] =
183{
184 0x00200000, 0x04200002, 0x04000802, 0x00000000,
185 0x00000800, 0x04000802, 0x00200802, 0x04200800,
186 0x04200802, 0x00200000, 0x00000000, 0x04000002,
187 0x00000002, 0x04000000, 0x04200002, 0x00000802,
188 0x04000800, 0x00200802, 0x00200002, 0x04000800,
189 0x04000002, 0x04200000, 0x04200800, 0x00200002,
190 0x04200000, 0x00000800, 0x00000802, 0x04200802,
191 0x00200800, 0x00000002, 0x04000000, 0x00200800,
192 0x04000000, 0x00200800, 0x00200000, 0x04000802,
193 0x04000802, 0x04200002, 0x04200002, 0x00000002,
194 0x00200002, 0x04000000, 0x04000800, 0x00200000,
195 0x04200800, 0x00000802, 0x00200802, 0x04200800,
196 0x00000802, 0x04000002, 0x04200802, 0x04200000,
197 0x00200800, 0x00000000, 0x00000002, 0x04200802,
198 0x00000000, 0x00200802, 0x04200000, 0x00000800,
199 0x04000002, 0x04000800, 0x00000800, 0x00200002
200};
201
202static const unsigned long SB8[64] =
203{
204 0x10001040, 0x00001000, 0x00040000, 0x10041040,
205 0x10000000, 0x10001040, 0x00000040, 0x10000000,
206 0x00040040, 0x10040000, 0x10041040, 0x00041000,
207 0x10041000, 0x00041040, 0x00001000, 0x00000040,
208 0x10040000, 0x10000040, 0x10001000, 0x00001040,
209 0x00041000, 0x00040040, 0x10040040, 0x10041000,
210 0x00001040, 0x00000000, 0x00000000, 0x10040040,
211 0x10000040, 0x10001000, 0x00041040, 0x00040000,
212 0x00041040, 0x00040000, 0x10041000, 0x00001000,
213 0x00000040, 0x10040040, 0x00001000, 0x00041040,
214 0x10001000, 0x00000040, 0x10000040, 0x10040000,
215 0x10040040, 0x10000000, 0x00040000, 0x10001040,
216 0x00000000, 0x10041040, 0x00040040, 0x10000040,
217 0x10040000, 0x10001000, 0x10001040, 0x00000000,
218 0x10041040, 0x00041000, 0x00041000, 0x00001040,
219 0x00001040, 0x00040040, 0x10000000, 0x10041000
220};
221
222/*
223 * PC1: left and right halves bit-swap
224 */
225static const unsigned long LHs[16] =
226{
227 0x00000000, 0x00000001, 0x00000100, 0x00000101,
228 0x00010000, 0x00010001, 0x00010100, 0x00010101,
229 0x01000000, 0x01000001, 0x01000100, 0x01000101,
230 0x01010000, 0x01010001, 0x01010100, 0x01010101
231};
232
233static const unsigned long RHs[16] =
234{
235 0x00000000, 0x01000000, 0x00010000, 0x01010000,
236 0x00000100, 0x01000100, 0x00010100, 0x01010100,
237 0x00000001, 0x01000001, 0x00010001, 0x01010001,
238 0x00000101, 0x01000101, 0x00010101, 0x01010101,
239};
240
241/*
242 * Initial Permutation macro
243 */
244#define DES_IP(X,Y) \
245{ \
246 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
247 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
248 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
249 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
250 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
251 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
252 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
253}
254
255/*
256 * Final Permutation macro
257 */
258#define DES_FP(X,Y) \
259{ \
260 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
261 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
262 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
263 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
264 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
265 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
266 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
267}
268
269/*
270 * DES round macro
271 */
272#define DES_ROUND(X,Y) \
273{ \
274 T = *SK++ ^ X; \
275 Y ^= SB8[ (T ) & 0x3F ] ^ \
276 SB6[ (T >> 8) & 0x3F ] ^ \
277 SB4[ (T >> 16) & 0x3F ] ^ \
278 SB2[ (T >> 24) & 0x3F ]; \
279 \
280 T = *SK++ ^ ((X << 28) | (X >> 4)); \
281 Y ^= SB7[ (T ) & 0x3F ] ^ \
282 SB5[ (T >> 8) & 0x3F ] ^ \
283 SB3[ (T >> 16) & 0x3F ] ^ \
284 SB1[ (T >> 24) & 0x3F ]; \
285}
286
287#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
288
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]289static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290{
291 int i;
292 unsigned long X, Y, T;
293
294 GET_ULONG_BE( X, key, 0 );
295 GET_ULONG_BE( Y, key, 4 );
296
297 /*
298 * Permuted Choice 1
299 */
300 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
301 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
302
303 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
304 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
305 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
306 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
307
308 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
309 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
310 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
311 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
312
313 X &= 0x0FFFFFFF;
314 Y &= 0x0FFFFFFF;
315
316 /*
317 * calculate subkeys
318 */
319 for( i = 0; i < 16; i++ )
320 {
321 if( i < 2 || i == 8 || i == 15 )
322 {
323 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
324 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
325 }
326 else
327 {
328 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
329 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
330 }
331
332 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
333 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
334 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
335 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
336 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
337 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
338 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
339 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
340 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
341 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
342 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
343
344 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
345 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
346 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
347 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
348 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
349 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
350 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
351 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
352 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
353 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
354 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
355 }
356}
357
358/*
359 * DES key schedule (56-bit, encryption)
360 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]361void des_setkey_enc( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]362{
363 des_setkey( ctx->sk, key );
364}
365
366/*
367 * DES key schedule (56-bit, decryption)
368 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]369void des_setkey_dec( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370{
371 int i;
372
373 des_setkey( ctx->sk, key );
374
375 for( i = 0; i < 16; i += 2 )
376 {
377 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
378 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
379 }
380}
381
382static void des3_set2key( unsigned long esk[96],
383 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]384 const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385{
386 int i;
387
388 des_setkey( esk, key );
389 des_setkey( dsk + 32, key + 8 );
390
391 for( i = 0; i < 32; i += 2 )
392 {
393 dsk[i ] = esk[30 - i];
394 dsk[i + 1] = esk[31 - i];
395
396 esk[i + 32] = dsk[62 - i];
397 esk[i + 33] = dsk[63 - i];
398
399 esk[i + 64] = esk[i ];
400 esk[i + 65] = esk[i + 1];
401
402 dsk[i + 64] = dsk[i ];
403 dsk[i + 65] = dsk[i + 1];
404 }
405}
406
407/*
408 * Triple-DES key schedule (112-bit, encryption)
409 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]410void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]411{
412 unsigned long sk[96];
413
414 des3_set2key( ctx->sk, sk, key );
415 memset( sk, 0, sizeof( sk ) );
416}
417
418/*
419 * Triple-DES key schedule (112-bit, decryption)
420 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]421void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]422{
423 unsigned long sk[96];
424
425 des3_set2key( sk, ctx->sk, key );
426 memset( sk, 0, sizeof( sk ) );
427}
428
429static void des3_set3key( unsigned long esk[96],
430 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]431 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432{
433 int i;
434
435 des_setkey( esk, key );
436 des_setkey( dsk + 32, key + 8 );
437 des_setkey( esk + 64, key + 16 );
438
439 for( i = 0; i < 32; i += 2 )
440 {
441 dsk[i ] = esk[94 - i];
442 dsk[i + 1] = esk[95 - i];
443
444 esk[i + 32] = dsk[62 - i];
445 esk[i + 33] = dsk[63 - i];
446
447 dsk[i + 64] = esk[30 - i];
448 dsk[i + 65] = esk[31 - i];
449 }
450}
451
452/*
453 * Triple-DES key schedule (168-bit, encryption)
454 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]455void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456{
457 unsigned long sk[96];
458
459 des3_set3key( ctx->sk, sk, key );
460 memset( sk, 0, sizeof( sk ) );
461}
462
463/*
464 * Triple-DES key schedule (168-bit, decryption)
465 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]466void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]467{
468 unsigned long sk[96];
469
470 des3_set3key( sk, ctx->sk, key );
471 memset( sk, 0, sizeof( sk ) );
472}
473
474/*
475 * DES-ECB block encryption/decryption
476 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]477int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]478 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]479 unsigned char output[8] )
480{
481 int i;
482 unsigned long X, Y, T, *SK;
483
484 SK = ctx->sk;
485
486 GET_ULONG_BE( X, input, 0 );
487 GET_ULONG_BE( Y, input, 4 );
488
489 DES_IP( X, Y );
490
491 for( i = 0; i < 8; i++ )
492 {
493 DES_ROUND( Y, X );
494 DES_ROUND( X, Y );
495 }
496
497 DES_FP( Y, X );
498
499 PUT_ULONG_BE( Y, output, 0 );
500 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]501
502 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]503}
504
505/*
506 * DES-CBC buffer encryption/decryption
507 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]508int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]509 int mode,
510 int length,
511 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]512 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]513 unsigned char *output )
514{
515 int i;
516 unsigned char temp[8];
517
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]518 if( length % 8 )
519 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
520
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]521 if( mode == DES_ENCRYPT )
522 {
523 while( length > 0 )
524 {
525 for( i = 0; i < 8; i++ )
526 output[i] = (unsigned char)( input[i] ^ iv[i] );
527
528 des_crypt_ecb( ctx, output, output );
529 memcpy( iv, output, 8 );
530
531 input += 8;
532 output += 8;
533 length -= 8;
534 }
535 }
536 else /* DES_DECRYPT */
537 {
538 while( length > 0 )
539 {
540 memcpy( temp, input, 8 );
541 des_crypt_ecb( ctx, input, output );
542
543 for( i = 0; i < 8; i++ )
544 output[i] = (unsigned char)( output[i] ^ iv[i] );
545
546 memcpy( iv, temp, 8 );
547
548 input += 8;
549 output += 8;
550 length -= 8;
551 }
552 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]553
554 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]555}
556
557/*
558 * 3DES-ECB block encryption/decryption
559 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]560int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]561 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]562 unsigned char output[8] )
563{
564 int i;
565 unsigned long X, Y, T, *SK;
566
567 SK = ctx->sk;
568
569 GET_ULONG_BE( X, input, 0 );
570 GET_ULONG_BE( Y, input, 4 );
571
572 DES_IP( X, Y );
573
574 for( i = 0; i < 8; i++ )
575 {
576 DES_ROUND( Y, X );
577 DES_ROUND( X, Y );
578 }
579
580 for( i = 0; i < 8; i++ )
581 {
582 DES_ROUND( X, Y );
583 DES_ROUND( Y, X );
584 }
585
586 for( i = 0; i < 8; i++ )
587 {
588 DES_ROUND( Y, X );
589 DES_ROUND( X, Y );
590 }
591
592 DES_FP( Y, X );
593
594 PUT_ULONG_BE( Y, output, 0 );
595 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]596
597 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]598}
599
600/*
601 * 3DES-CBC buffer encryption/decryption
602 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]603int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]604 int mode,
605 int length,
606 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]607 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]608 unsigned char *output )
609{
610 int i;
611 unsigned char temp[8];
612
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]613 if( length % 8 )
614 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
615
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]616 if( mode == DES_ENCRYPT )
617 {
618 while( length > 0 )
619 {
620 for( i = 0; i < 8; i++ )
621 output[i] = (unsigned char)( input[i] ^ iv[i] );
622
623 des3_crypt_ecb( ctx, output, output );
624 memcpy( iv, output, 8 );
625
626 input += 8;
627 output += 8;
628 length -= 8;
629 }
630 }
631 else /* DES_DECRYPT */
632 {
633 while( length > 0 )
634 {
635 memcpy( temp, input, 8 );
636 des3_crypt_ecb( ctx, input, output );
637
638 for( i = 0; i < 8; i++ )
639 output[i] = (unsigned char)( output[i] ^ iv[i] );
640
641 memcpy( iv, temp, 8 );
642
643 input += 8;
644 output += 8;
645 length -= 8;
646 }
647 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]648
649 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]650}
651
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]652#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]653
654#include <stdio.h>
655
656/*
657 * DES and 3DES test vectors from:
658 *
659 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
660 */
661static const unsigned char des3_test_keys[24] =
662{
663 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
664 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
665 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
666};
667
668static const unsigned char des3_test_iv[8] =
669{
670 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
671};
672
673static const unsigned char des3_test_buf[8] =
674{
675 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
676};
677
678static const unsigned char des3_test_ecb_dec[3][8] =
679{
680 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
681 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
682 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
683};
684
685static const unsigned char des3_test_ecb_enc[3][8] =
686{
687 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
688 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
689 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
690};
691
692static const unsigned char des3_test_cbc_dec[3][8] =
693{
694 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
695 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
696 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
697};
698
699static const unsigned char des3_test_cbc_enc[3][8] =
700{
701 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
702 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
703 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
704};
705
706/*
707 * Checkup routine
708 */
709int des_self_test( int verbose )
710{
711 int i, j, u, v;
712 des_context ctx;
713 des3_context ctx3;
714 unsigned char key[24];
715 unsigned char buf[8];
716 unsigned char prv[8];
717 unsigned char iv[8];
718
719 memset( key, 0, 24 );
720
721 /*
722 * ECB mode
723 */
724 for( i = 0; i < 6; i++ )
725 {
726 u = i >> 1;
727 v = i & 1;
728
729 if( verbose != 0 )
730 printf( " DES%c-ECB-%3d (%s): ",
731 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
732 ( v == DES_DECRYPT ) ? "dec" : "enc" );
733
734 memcpy( buf, des3_test_buf, 8 );
735
736 switch( i )
737 {
738 case 0:
739 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
740 break;
741
742 case 1:
743 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
744 break;
745
746 case 2:
747 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
748 break;
749
750 case 3:
751 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
752 break;
753
754 case 4:
755 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
756 break;
757
758 case 5:
759 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
760 break;
761
762 default:
763 return( 1 );
764 }
765
766 for( j = 0; j < 10000; j++ )
767 {
768 if( u == 0 )
769 des_crypt_ecb( &ctx, buf, buf );
770 else
771 des3_crypt_ecb( &ctx3, buf, buf );
772 }
773
774 if( ( v == DES_DECRYPT &&
775 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
776 ( v != DES_DECRYPT &&
777 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
778 {
779 if( verbose != 0 )
780 printf( "failed\n" );
781
782 return( 1 );
783 }
784
785 if( verbose != 0 )
786 printf( "passed\n" );
787 }
788
789 if( verbose != 0 )
790 printf( "\n" );
791
792 /*
793 * CBC mode
794 */
795 for( i = 0; i < 6; i++ )
796 {
797 u = i >> 1;
798 v = i & 1;
799
800 if( verbose != 0 )
801 printf( " DES%c-CBC-%3d (%s): ",
802 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
803 ( v == DES_DECRYPT ) ? "dec" : "enc" );
804
805 memcpy( iv, des3_test_iv, 8 );
806 memcpy( prv, des3_test_iv, 8 );
807 memcpy( buf, des3_test_buf, 8 );
808
809 switch( i )
810 {
811 case 0:
812 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
813 break;
814
815 case 1:
816 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
817 break;
818
819 case 2:
820 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
821 break;
822
823 case 3:
824 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
825 break;
826
827 case 4:
828 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
829 break;
830
831 case 5:
832 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
833 break;
834
835 default:
836 return( 1 );
837 }
838
839 if( v == DES_DECRYPT )
840 {
841 for( j = 0; j < 10000; j++ )
842 {
843 if( u == 0 )
844 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
845 else
846 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
847 }
848 }
849 else
850 {
851 for( j = 0; j < 10000; j++ )
852 {
853 unsigned char tmp[8];
854
855 if( u == 0 )
856 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
857 else
858 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
859
860 memcpy( tmp, prv, 8 );
861 memcpy( prv, buf, 8 );
862 memcpy( buf, tmp, 8 );
863 }
864
865 memcpy( buf, prv, 8 );
866 }
867
868 if( ( v == DES_DECRYPT &&
869 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
870 ( v != DES_DECRYPT &&
871 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
872 {
873 if( verbose != 0 )
874 printf( "failed\n" );
875
876 return( 1 );
877 }
878
879 if( verbose != 0 )
880 printf( "passed\n" );
881 }
882
883 if( verbose != 0 )
884 printf( "\n" );
885
886 return( 0 );
887}
888
889#endif
890
891#endif