Blame - library/des.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 6e08cf2c1d7f56777d922aa801d77418728311c0 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-46-3 compliant Triple-DES implementation
				3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	860b516	2015-01-28 17:12:07 +0000	[diff] [blame^]	6	* This file is part of mbed TLS (https://polarssl.org)
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	7	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* DES, on which TDES is based, was originally designed by Horst Feistel
				24	* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
				25	*
				26	* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
				27	*/
				28
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	29	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	30	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	31	#else
				32	#include POLARSSL_CONFIG_FILE
				33	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	34
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	35	#if defined(POLARSSL_DES_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	36
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	37	#include "polarssl/des.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	39	#if defined(POLARSSL_PLATFORM_C)
				40	#include "polarssl/platform.h"
				41	#else
				42	#define polarssl_printf printf
				43	#endif
				44
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	45	#if !defined(POLARSSL_DES_ALT)
				46
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	47	/* Implementation that should never be optimized out by the compiler */
				48	static void polarssl_zeroize( void *v, size_t n ) {
				49	volatile unsigned char p = v; while( n-- ) p++ = 0;
				50	}
				51
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	52	/*
				53	* 32-bit integer manipulation macros (big endian)
				54	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	55	#ifndef GET_UINT32_BE
				56	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	57	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	58	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				59	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				60	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				61	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	62	}
				63	#endif
				64
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	65	#ifndef PUT_UINT32_BE
				66	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	67	{ \
				68	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				69	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				70	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				71	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				72	}
				73	#endif
				74
				75	/*
				76	* Expanded DES S-boxes
				77	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	78	static const uint32_t SB1[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	79	{
				80	0x01010400, 0x00000000, 0x00010000, 0x01010404,
				81	0x01010004, 0x00010404, 0x00000004, 0x00010000,
				82	0x00000400, 0x01010400, 0x01010404, 0x00000400,
				83	0x01000404, 0x01010004, 0x01000000, 0x00000004,
				84	0x00000404, 0x01000400, 0x01000400, 0x00010400,
				85	0x00010400, 0x01010000, 0x01010000, 0x01000404,
				86	0x00010004, 0x01000004, 0x01000004, 0x00010004,
				87	0x00000000, 0x00000404, 0x00010404, 0x01000000,
				88	0x00010000, 0x01010404, 0x00000004, 0x01010000,
				89	0x01010400, 0x01000000, 0x01000000, 0x00000400,
				90	0x01010004, 0x00010000, 0x00010400, 0x01000004,
				91	0x00000400, 0x00000004, 0x01000404, 0x00010404,
				92	0x01010404, 0x00010004, 0x01010000, 0x01000404,
				93	0x01000004, 0x00000404, 0x00010404, 0x01010400,
				94	0x00000404, 0x01000400, 0x01000400, 0x00000000,
				95	0x00010004, 0x00010400, 0x00000000, 0x01010004
				96	};
				97
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	98	static const uint32_t SB2[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	99	{
				100	0x80108020, 0x80008000, 0x00008000, 0x00108020,
				101	0x00100000, 0x00000020, 0x80100020, 0x80008020,
				102	0x80000020, 0x80108020, 0x80108000, 0x80000000,
				103	0x80008000, 0x00100000, 0x00000020, 0x80100020,
				104	0x00108000, 0x00100020, 0x80008020, 0x00000000,
				105	0x80000000, 0x00008000, 0x00108020, 0x80100000,
				106	0x00100020, 0x80000020, 0x00000000, 0x00108000,
				107	0x00008020, 0x80108000, 0x80100000, 0x00008020,
				108	0x00000000, 0x00108020, 0x80100020, 0x00100000,
				109	0x80008020, 0x80100000, 0x80108000, 0x00008000,
				110	0x80100000, 0x80008000, 0x00000020, 0x80108020,
				111	0x00108020, 0x00000020, 0x00008000, 0x80000000,
				112	0x00008020, 0x80108000, 0x00100000, 0x80000020,
				113	0x00100020, 0x80008020, 0x80000020, 0x00100020,
				114	0x00108000, 0x00000000, 0x80008000, 0x00008020,
				115	0x80000000, 0x80100020, 0x80108020, 0x00108000
				116	};
				117
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	118	static const uint32_t SB3[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	119	{
				120	0x00000208, 0x08020200, 0x00000000, 0x08020008,
				121	0x08000200, 0x00000000, 0x00020208, 0x08000200,
				122	0x00020008, 0x08000008, 0x08000008, 0x00020000,
				123	0x08020208, 0x00020008, 0x08020000, 0x00000208,
				124	0x08000000, 0x00000008, 0x08020200, 0x00000200,
				125	0x00020200, 0x08020000, 0x08020008, 0x00020208,
				126	0x08000208, 0x00020200, 0x00020000, 0x08000208,
				127	0x00000008, 0x08020208, 0x00000200, 0x08000000,
				128	0x08020200, 0x08000000, 0x00020008, 0x00000208,
				129	0x00020000, 0x08020200, 0x08000200, 0x00000000,
				130	0x00000200, 0x00020008, 0x08020208, 0x08000200,
				131	0x08000008, 0x00000200, 0x00000000, 0x08020008,
				132	0x08000208, 0x00020000, 0x08000000, 0x08020208,
				133	0x00000008, 0x00020208, 0x00020200, 0x08000008,
				134	0x08020000, 0x08000208, 0x00000208, 0x08020000,
				135	0x00020208, 0x00000008, 0x08020008, 0x00020200
				136	};
				137
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	138	static const uint32_t SB4[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	139	{
				140	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				141	0x00802080, 0x00800081, 0x00800001, 0x00002001,
				142	0x00000000, 0x00802000, 0x00802000, 0x00802081,
				143	0x00000081, 0x00000000, 0x00800080, 0x00800001,
				144	0x00000001, 0x00002000, 0x00800000, 0x00802001,
				145	0x00000080, 0x00800000, 0x00002001, 0x00002080,
				146	0x00800081, 0x00000001, 0x00002080, 0x00800080,
				147	0x00002000, 0x00802080, 0x00802081, 0x00000081,
				148	0x00800080, 0x00800001, 0x00802000, 0x00802081,
				149	0x00000081, 0x00000000, 0x00000000, 0x00802000,
				150	0x00002080, 0x00800080, 0x00800081, 0x00000001,
				151	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				152	0x00802081, 0x00000081, 0x00000001, 0x00002000,
				153	0x00800001, 0x00002001, 0x00802080, 0x00800081,
				154	0x00002001, 0x00002080, 0x00800000, 0x00802001,
				155	0x00000080, 0x00800000, 0x00002000, 0x00802080
				156	};
				157
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	158	static const uint32_t SB5[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	159	{
				160	0x00000100, 0x02080100, 0x02080000, 0x42000100,
				161	0x00080000, 0x00000100, 0x40000000, 0x02080000,
				162	0x40080100, 0x00080000, 0x02000100, 0x40080100,
				163	0x42000100, 0x42080000, 0x00080100, 0x40000000,
				164	0x02000000, 0x40080000, 0x40080000, 0x00000000,
				165	0x40000100, 0x42080100, 0x42080100, 0x02000100,
				166	0x42080000, 0x40000100, 0x00000000, 0x42000000,
				167	0x02080100, 0x02000000, 0x42000000, 0x00080100,
				168	0x00080000, 0x42000100, 0x00000100, 0x02000000,
				169	0x40000000, 0x02080000, 0x42000100, 0x40080100,
				170	0x02000100, 0x40000000, 0x42080000, 0x02080100,
				171	0x40080100, 0x00000100, 0x02000000, 0x42080000,
				172	0x42080100, 0x00080100, 0x42000000, 0x42080100,
				173	0x02080000, 0x00000000, 0x40080000, 0x42000000,
				174	0x00080100, 0x02000100, 0x40000100, 0x00080000,
				175	0x00000000, 0x40080000, 0x02080100, 0x40000100
				176	};
				177
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	178	static const uint32_t SB6[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	179	{
				180	0x20000010, 0x20400000, 0x00004000, 0x20404010,
				181	0x20400000, 0x00000010, 0x20404010, 0x00400000,
				182	0x20004000, 0x00404010, 0x00400000, 0x20000010,
				183	0x00400010, 0x20004000, 0x20000000, 0x00004010,
				184	0x00000000, 0x00400010, 0x20004010, 0x00004000,
				185	0x00404000, 0x20004010, 0x00000010, 0x20400010,
				186	0x20400010, 0x00000000, 0x00404010, 0x20404000,
				187	0x00004010, 0x00404000, 0x20404000, 0x20000000,
				188	0x20004000, 0x00000010, 0x20400010, 0x00404000,
				189	0x20404010, 0x00400000, 0x00004010, 0x20000010,
				190	0x00400000, 0x20004000, 0x20000000, 0x00004010,
				191	0x20000010, 0x20404010, 0x00404000, 0x20400000,
				192	0x00404010, 0x20404000, 0x00000000, 0x20400010,
				193	0x00000010, 0x00004000, 0x20400000, 0x00404010,
				194	0x00004000, 0x00400010, 0x20004010, 0x00000000,
				195	0x20404000, 0x20000000, 0x00400010, 0x20004010
				196	};
				197
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	198	static const uint32_t SB7[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	199	{
				200	0x00200000, 0x04200002, 0x04000802, 0x00000000,
				201	0x00000800, 0x04000802, 0x00200802, 0x04200800,
				202	0x04200802, 0x00200000, 0x00000000, 0x04000002,
				203	0x00000002, 0x04000000, 0x04200002, 0x00000802,
				204	0x04000800, 0x00200802, 0x00200002, 0x04000800,
				205	0x04000002, 0x04200000, 0x04200800, 0x00200002,
				206	0x04200000, 0x00000800, 0x00000802, 0x04200802,
				207	0x00200800, 0x00000002, 0x04000000, 0x00200800,
				208	0x04000000, 0x00200800, 0x00200000, 0x04000802,
				209	0x04000802, 0x04200002, 0x04200002, 0x00000002,
				210	0x00200002, 0x04000000, 0x04000800, 0x00200000,
				211	0x04200800, 0x00000802, 0x00200802, 0x04200800,
				212	0x00000802, 0x04000002, 0x04200802, 0x04200000,
				213	0x00200800, 0x00000000, 0x00000002, 0x04200802,
				214	0x00000000, 0x00200802, 0x04200000, 0x00000800,
				215	0x04000002, 0x04000800, 0x00000800, 0x00200002
				216	};
				217
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	218	static const uint32_t SB8[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	219	{
				220	0x10001040, 0x00001000, 0x00040000, 0x10041040,
				221	0x10000000, 0x10001040, 0x00000040, 0x10000000,
				222	0x00040040, 0x10040000, 0x10041040, 0x00041000,
				223	0x10041000, 0x00041040, 0x00001000, 0x00000040,
				224	0x10040000, 0x10000040, 0x10001000, 0x00001040,
				225	0x00041000, 0x00040040, 0x10040040, 0x10041000,
				226	0x00001040, 0x00000000, 0x00000000, 0x10040040,
				227	0x10000040, 0x10001000, 0x00041040, 0x00040000,
				228	0x00041040, 0x00040000, 0x10041000, 0x00001000,
				229	0x00000040, 0x10040040, 0x00001000, 0x00041040,
				230	0x10001000, 0x00000040, 0x10000040, 0x10040000,
				231	0x10040040, 0x10000000, 0x00040000, 0x10001040,
				232	0x00000000, 0x10041040, 0x00040040, 0x10000040,
				233	0x10040000, 0x10001000, 0x10001040, 0x00000000,
				234	0x10041040, 0x00041000, 0x00041000, 0x00001040,
				235	0x00001040, 0x00040040, 0x10000000, 0x10041000
				236	};
				237
				238	/*
				239	* PC1: left and right halves bit-swap
				240	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	241	static const uint32_t LHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	242	{
				243	0x00000000, 0x00000001, 0x00000100, 0x00000101,
				244	0x00010000, 0x00010001, 0x00010100, 0x00010101,
				245	0x01000000, 0x01000001, 0x01000100, 0x01000101,
				246	0x01010000, 0x01010001, 0x01010100, 0x01010101
				247	};
				248
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	249	static const uint32_t RHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	250	{
				251	0x00000000, 0x01000000, 0x00010000, 0x01010000,
				252	0x00000100, 0x01000100, 0x00010100, 0x01010100,
				253	0x00000001, 0x01000001, 0x00010001, 0x01010001,
				254	0x00000101, 0x01000101, 0x00010101, 0x01010101,
				255	};
				256
				257	/*
				258	* Initial Permutation macro
				259	*/
				260	#define DES_IP(X,Y) \
				261	{ \
				262	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				263	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				264	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				265	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				266	Y = ((Y << 1) \| (Y >> 31)) & 0xFFFFFFFF; \
				267	T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
				268	X = ((X << 1) \| (X >> 31)) & 0xFFFFFFFF; \
				269	}
				270
				271	/*
				272	* Final Permutation macro
				273	*/
				274	#define DES_FP(X,Y) \
				275	{ \
				276	X = ((X << 31) \| (X >> 1)) & 0xFFFFFFFF; \
				277	T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
				278	Y = ((Y << 31) \| (Y >> 1)) & 0xFFFFFFFF; \
				279	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				280	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				281	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				282	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				283	}
				284
				285	/*
				286	* DES round macro
				287	*/
				288	#define DES_ROUND(X,Y) \
				289	{ \
				290	T = *SK++ ^ X; \
				291	Y ^= SB8[ (T ) & 0x3F ] ^ \
				292	SB6[ (T >> 8) & 0x3F ] ^ \
				293	SB4[ (T >> 16) & 0x3F ] ^ \
				294	SB2[ (T >> 24) & 0x3F ]; \
				295	\
				296	T = *SK++ ^ ((X << 28) \| (X >> 4)); \
				297	Y ^= SB7[ (T ) & 0x3F ] ^ \
				298	SB5[ (T >> 8) & 0x3F ] ^ \
				299	SB3[ (T >> 16) & 0x3F ] ^ \
				300	SB1[ (T >> 24) & 0x3F ]; \
				301	}
				302
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	303	#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	304
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	305	void des_init( des_context *ctx )
				306	{
				307	memset( ctx, 0, sizeof( des_context ) );
				308	}
				309
				310	void des_free( des_context *ctx )
				311	{
				312	if( ctx == NULL )
				313	return;
				314
				315	polarssl_zeroize( ctx, sizeof( des_context ) );
				316	}
				317
				318	void des3_init( des3_context *ctx )
				319	{
				320	memset( ctx, 0, sizeof( des3_context ) );
				321	}
				322
				323	void des3_free( des3_context *ctx )
				324	{
				325	if( ctx == NULL )
				326	return;
				327
				328	polarssl_zeroize( ctx, sizeof( des3_context ) );
				329	}
				330
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	331	static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
				332	11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
				333	47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
				334	82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
				335	115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
				336	143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
				337	171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
				338	199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
				339	227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
				340	254 };
				341
				342	void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
				343	{
				344	int i;
				345
				346	for( i = 0; i < DES_KEY_SIZE; i++ )
				347	key[i] = odd_parity_table[key[i] / 2];
				348	}
				349
				350	/*
				351	* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
				352	*/
				353	int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
				354	{
				355	int i;
				356
				357	for( i = 0; i < DES_KEY_SIZE; i++ )
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	358	if( key[i] != odd_parity_table[key[i] / 2] )
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	359	return( 1 );
				360
				361	return( 0 );
				362	}
				363
				364	/*
				365	* Table of weak and semi-weak keys
				366	*
				367	* Source: http://en.wikipedia.org/wiki/Weak_key
				368	*
				369	* Weak:
				370	* Alternating ones + zeros (0x0101010101010101)
				371	* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
				372	* '0xE0E0E0E0F1F1F1F1'
				373	* '0x1F1F1F1F0E0E0E0E'
				374	*
				375	* Semi-weak:
				376	* 0x011F011F010E010E and 0x1F011F010E010E01
				377	* 0x01E001E001F101F1 and 0xE001E001F101F101
				378	* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
				379	* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
				380	* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
				381	* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
				382	*
				383	*/
				384
				385	#define WEAK_KEY_COUNT 16
				386
				387	static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
				388	{
				389	{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
				390	{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
				391	{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
				392	{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
				393
				394	{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
				395	{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
				396	{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
				397	{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
				398	{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
				399	{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
				400	{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
				401	{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
				402	{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
				403	{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
				404	{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
				405	{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
				406	};
				407
				408	int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
				409	{
				410	int i;
				411
				412	for( i = 0; i < WEAK_KEY_COUNT; i++ )
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	413	if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0 )
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	414	return( 1 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	415
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	416	return( 0 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	417	}
				418
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	419	static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	420	{
				421	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	422	uint32_t X, Y, T;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	423
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	424	GET_UINT32_BE( X, key, 0 );
				425	GET_UINT32_BE( Y, key, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	426
				427	/*
				428	* Permuted Choice 1
				429	*/
				430	T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
				431	T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
				432
				433	X = (LHs[ (X ) & 0xF] << 3) \| (LHs[ (X >> 8) & 0xF ] << 2)
				434	\| (LHs[ (X >> 16) & 0xF] << 1) \| (LHs[ (X >> 24) & 0xF ] )
				435	\| (LHs[ (X >> 5) & 0xF] << 7) \| (LHs[ (X >> 13) & 0xF ] << 6)
				436	\| (LHs[ (X >> 21) & 0xF] << 5) \| (LHs[ (X >> 29) & 0xF ] << 4);
				437
				438	Y = (RHs[ (Y >> 1) & 0xF] << 3) \| (RHs[ (Y >> 9) & 0xF ] << 2)
				439	\| (RHs[ (Y >> 17) & 0xF] << 1) \| (RHs[ (Y >> 25) & 0xF ] )
				440	\| (RHs[ (Y >> 4) & 0xF] << 7) \| (RHs[ (Y >> 12) & 0xF ] << 6)
				441	\| (RHs[ (Y >> 20) & 0xF] << 5) \| (RHs[ (Y >> 28) & 0xF ] << 4);
				442
				443	X &= 0x0FFFFFFF;
				444	Y &= 0x0FFFFFFF;
				445
				446	/*
				447	* calculate subkeys
				448	*/
				449	for( i = 0; i < 16; i++ )
				450	{
				451	if( i < 2 \|\| i == 8 \|\| i == 15 )
				452	{
				453	X = ((X << 1) \| (X >> 27)) & 0x0FFFFFFF;
				454	Y = ((Y << 1) \| (Y >> 27)) & 0x0FFFFFFF;
				455	}
				456	else
				457	{
				458	X = ((X << 2) \| (X >> 26)) & 0x0FFFFFFF;
				459	Y = ((Y << 2) \| (Y >> 26)) & 0x0FFFFFFF;
				460	}
				461
				462	*SK++ = ((X << 4) & 0x24000000) \| ((X << 28) & 0x10000000)
				463	\| ((X << 14) & 0x08000000) \| ((X << 18) & 0x02080000)
				464	\| ((X << 6) & 0x01000000) \| ((X << 9) & 0x00200000)
				465	\| ((X >> 1) & 0x00100000) \| ((X << 10) & 0x00040000)
				466	\| ((X << 2) & 0x00020000) \| ((X >> 10) & 0x00010000)
				467	\| ((Y >> 13) & 0x00002000) \| ((Y >> 4) & 0x00001000)
				468	\| ((Y << 6) & 0x00000800) \| ((Y >> 1) & 0x00000400)
				469	\| ((Y >> 14) & 0x00000200) \| ((Y ) & 0x00000100)
				470	\| ((Y >> 5) & 0x00000020) \| ((Y >> 10) & 0x00000010)
				471	\| ((Y >> 3) & 0x00000008) \| ((Y >> 18) & 0x00000004)
				472	\| ((Y >> 26) & 0x00000002) \| ((Y >> 24) & 0x00000001);
				473
				474	*SK++ = ((X << 15) & 0x20000000) \| ((X << 17) & 0x10000000)
				475	\| ((X << 10) & 0x08000000) \| ((X << 22) & 0x04000000)
				476	\| ((X >> 2) & 0x02000000) \| ((X << 1) & 0x01000000)
				477	\| ((X << 16) & 0x00200000) \| ((X << 11) & 0x00100000)
				478	\| ((X << 3) & 0x00080000) \| ((X >> 6) & 0x00040000)
				479	\| ((X << 15) & 0x00020000) \| ((X >> 4) & 0x00010000)
				480	\| ((Y >> 2) & 0x00002000) \| ((Y << 8) & 0x00001000)
				481	\| ((Y >> 14) & 0x00000808) \| ((Y >> 9) & 0x00000400)
				482	\| ((Y ) & 0x00000200) \| ((Y << 7) & 0x00000100)
				483	\| ((Y >> 7) & 0x00000020) \| ((Y >> 3) & 0x00000011)
				484	\| ((Y << 2) & 0x00000004) \| ((Y >> 21) & 0x00000002);
				485	}
				486	}
				487
				488	/*
				489	* DES key schedule (56-bit, encryption)
				490	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	491	int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	492	{
				493	des_setkey( ctx->sk, key );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	494
				495	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	496	}
				497
				498	/*
				499	* DES key schedule (56-bit, decryption)
				500	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	501	int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	502	{
				503	int i;
				504
				505	des_setkey( ctx->sk, key );
				506
				507	for( i = 0; i < 16; i += 2 )
				508	{
				509	SWAP( ctx->sk[i ], ctx->sk[30 - i] );
				510	SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
				511	}
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	512
				513	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	514	}
				515
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	516	static void des3_set2key( uint32_t esk[96],
				517	uint32_t dsk[96],
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	518	const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	519	{
				520	int i;
				521
				522	des_setkey( esk, key );
				523	des_setkey( dsk + 32, key + 8 );
				524
				525	for( i = 0; i < 32; i += 2 )
				526	{
				527	dsk[i ] = esk[30 - i];
				528	dsk[i + 1] = esk[31 - i];
				529
				530	esk[i + 32] = dsk[62 - i];
				531	esk[i + 33] = dsk[63 - i];
				532
				533	esk[i + 64] = esk[i ];
				534	esk[i + 65] = esk[i + 1];
				535
				536	dsk[i + 64] = dsk[i ];
				537	dsk[i + 65] = dsk[i + 1];
				538	}
				539	}
				540
				541	/*
				542	* Triple-DES key schedule (112-bit, encryption)
				543	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	544	int des3_set2key_enc( des3_context *ctx,
				545	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	546	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	547	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	548
				549	des3_set2key( ctx->sk, sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	550	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	551
				552	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	553	}
				554
				555	/*
				556	* Triple-DES key schedule (112-bit, decryption)
				557	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	558	int des3_set2key_dec( des3_context *ctx,
				559	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	560	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	561	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	562
				563	des3_set2key( sk, ctx->sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	564	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	565
				566	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	567	}
				568
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	569	static void des3_set3key( uint32_t esk[96],
				570	uint32_t dsk[96],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	571	const unsigned char key[24] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	572	{
				573	int i;
				574
				575	des_setkey( esk, key );
				576	des_setkey( dsk + 32, key + 8 );
				577	des_setkey( esk + 64, key + 16 );
				578
				579	for( i = 0; i < 32; i += 2 )
				580	{
				581	dsk[i ] = esk[94 - i];
				582	dsk[i + 1] = esk[95 - i];
				583
				584	esk[i + 32] = dsk[62 - i];
				585	esk[i + 33] = dsk[63 - i];
				586
				587	dsk[i + 64] = esk[30 - i];
				588	dsk[i + 65] = esk[31 - i];
				589	}
				590	}
				591
				592	/*
				593	* Triple-DES key schedule (168-bit, encryption)
				594	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	595	int des3_set3key_enc( des3_context *ctx,
				596	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	597	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	598	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	599
				600	des3_set3key( ctx->sk, sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	601	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	602
				603	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	604	}
				605
				606	/*
				607	* Triple-DES key schedule (168-bit, decryption)
				608	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	609	int des3_set3key_dec( des3_context *ctx,
				610	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	611	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	612	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	613
				614	des3_set3key( sk, ctx->sk, key );
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	615	polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	616
				617	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	618	}
				619
				620	/*
				621	* DES-ECB block encryption/decryption
				622	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	623	int des_crypt_ecb( des_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	624	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	625	unsigned char output[8] )
				626	{
				627	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	628	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	629
				630	SK = ctx->sk;
				631
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	632	GET_UINT32_BE( X, input, 0 );
				633	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	634
				635	DES_IP( X, Y );
				636
				637	for( i = 0; i < 8; i++ )
				638	{
				639	DES_ROUND( Y, X );
				640	DES_ROUND( X, Y );
				641	}
				642
				643	DES_FP( Y, X );
				644
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	645	PUT_UINT32_BE( Y, output, 0 );
				646	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	647
				648	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	649	}
				650
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	651	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	652	/*
				653	* DES-CBC buffer encryption/decryption
				654	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	655	int des_crypt_cbc( des_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	656	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	657	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	658	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	659	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	660	unsigned char *output )
				661	{
				662	int i;
				663	unsigned char temp[8];
				664
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	665	if( length % 8 )
				666	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				667
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	668	if( mode == DES_ENCRYPT )
				669	{
				670	while( length > 0 )
				671	{
				672	for( i = 0; i < 8; i++ )
				673	output[i] = (unsigned char)( input[i] ^ iv[i] );
				674
				675	des_crypt_ecb( ctx, output, output );
				676	memcpy( iv, output, 8 );
				677
				678	input += 8;
				679	output += 8;
				680	length -= 8;
				681	}
				682	}
				683	else /* DES_DECRYPT */
				684	{
				685	while( length > 0 )
				686	{
				687	memcpy( temp, input, 8 );
				688	des_crypt_ecb( ctx, input, output );
				689
				690	for( i = 0; i < 8; i++ )
				691	output[i] = (unsigned char)( output[i] ^ iv[i] );
				692
				693	memcpy( iv, temp, 8 );
				694
				695	input += 8;
				696	output += 8;
				697	length -= 8;
				698	}
				699	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	700
				701	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	702	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	703	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	704
				705	/*
				706	* 3DES-ECB block encryption/decryption
				707	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	708	int des3_crypt_ecb( des3_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	709	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	710	unsigned char output[8] )
				711	{
				712	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	713	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	714
				715	SK = ctx->sk;
				716
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	717	GET_UINT32_BE( X, input, 0 );
				718	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	719
				720	DES_IP( X, Y );
				721
				722	for( i = 0; i < 8; i++ )
				723	{
				724	DES_ROUND( Y, X );
				725	DES_ROUND( X, Y );
				726	}
				727
				728	for( i = 0; i < 8; i++ )
				729	{
				730	DES_ROUND( X, Y );
				731	DES_ROUND( Y, X );
				732	}
				733
				734	for( i = 0; i < 8; i++ )
				735	{
				736	DES_ROUND( Y, X );
				737	DES_ROUND( X, Y );
				738	}
				739
				740	DES_FP( Y, X );
				741
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	742	PUT_UINT32_BE( Y, output, 0 );
				743	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	744
				745	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	746	}
				747
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	748	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	749	/*
				750	* 3DES-CBC buffer encryption/decryption
				751	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	752	int des3_crypt_cbc( des3_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	753	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	754	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	755	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	756	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	757	unsigned char *output )
				758	{
				759	int i;
				760	unsigned char temp[8];
				761
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	762	if( length % 8 )
				763	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				764
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	765	if( mode == DES_ENCRYPT )
				766	{
				767	while( length > 0 )
				768	{
				769	for( i = 0; i < 8; i++ )
				770	output[i] = (unsigned char)( input[i] ^ iv[i] );
				771
				772	des3_crypt_ecb( ctx, output, output );
				773	memcpy( iv, output, 8 );
				774
				775	input += 8;
				776	output += 8;
				777	length -= 8;
				778	}
				779	}
				780	else /* DES_DECRYPT */
				781	{
				782	while( length > 0 )
				783	{
				784	memcpy( temp, input, 8 );
				785	des3_crypt_ecb( ctx, input, output );
				786
				787	for( i = 0; i < 8; i++ )
				788	output[i] = (unsigned char)( output[i] ^ iv[i] );
				789
				790	memcpy( iv, temp, 8 );
				791
				792	input += 8;
				793	output += 8;
				794	length -= 8;
				795	}
				796	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	797
				798	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	799	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	800	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	801
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	802	#endif /* !POLARSSL_DES_ALT */
				803
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	804	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	805
				806	#include <stdio.h>
				807
				808	/*
				809	* DES and 3DES test vectors from:
				810	*
				811	* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
				812	*/
				813	static const unsigned char des3_test_keys[24] =
				814	{
				815	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
				816	0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
				817	0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
				818	};
				819
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	820	static const unsigned char des3_test_buf[8] =
				821	{
				822	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
				823	};
				824
				825	static const unsigned char des3_test_ecb_dec[3][8] =
				826	{
				827	{ 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
				828	{ 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
				829	{ 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
				830	};
				831
				832	static const unsigned char des3_test_ecb_enc[3][8] =
				833	{
				834	{ 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
				835	{ 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
				836	{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
				837	};
				838
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	839	#if defined(POLARSSL_CIPHER_MODE_CBC)
				840	static const unsigned char des3_test_iv[8] =
				841	{
				842	0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
				843	};
				844
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	845	static const unsigned char des3_test_cbc_dec[3][8] =
				846	{
				847	{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
				848	{ 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
				849	{ 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
				850	};
				851
				852	static const unsigned char des3_test_cbc_enc[3][8] =
				853	{
				854	{ 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
				855	{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
				856	{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
				857	};
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	858	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	859
				860	/*
				861	* Checkup routine
				862	*/
				863	int des_self_test( int verbose )
				864	{
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	865	int i, j, u, v, ret = 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	866	des_context ctx;
				867	des3_context ctx3;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	868	unsigned char buf[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	869	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	870	unsigned char prv[8];
				871	unsigned char iv[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	872	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	873
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	874	des_init( &ctx );
				875	des3_init( &ctx3 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	876	/*
				877	* ECB mode
				878	*/
				879	for( i = 0; i < 6; i++ )
				880	{
				881	u = i >> 1;
				882	v = i & 1;
				883
				884	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	885	polarssl_printf( " DES%c-ECB-%3d (%s): ",
				886	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				887	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	888
				889	memcpy( buf, des3_test_buf, 8 );
				890
				891	switch( i )
				892	{
				893	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	894	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	895	break;
				896
				897	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	898	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	899	break;
				900
				901	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	902	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	903	break;
				904
				905	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	906	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	907	break;
				908
				909	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	910	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	911	break;
				912
				913	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	914	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	915	break;
				916
				917	default:
				918	return( 1 );
				919	}
				920
				921	for( j = 0; j < 10000; j++ )
				922	{
				923	if( u == 0 )
				924	des_crypt_ecb( &ctx, buf, buf );
				925	else
				926	des3_crypt_ecb( &ctx3, buf, buf );
				927	}
				928
				929	if( ( v == DES_DECRYPT &&
				930	memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) \|\|
				931	( v != DES_DECRYPT &&
				932	memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
				933	{
				934	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	935	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	936
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	937	ret = 1;
				938	goto exit;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	939	}
				940
				941	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	942	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	943	}
				944
				945	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	946	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	947
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	948	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	949	/*
				950	* CBC mode
				951	*/
				952	for( i = 0; i < 6; i++ )
				953	{
				954	u = i >> 1;
				955	v = i & 1;
				956
				957	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	958	polarssl_printf( " DES%c-CBC-%3d (%s): ",
				959	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				960	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	961
				962	memcpy( iv, des3_test_iv, 8 );
				963	memcpy( prv, des3_test_iv, 8 );
				964	memcpy( buf, des3_test_buf, 8 );
				965
				966	switch( i )
				967	{
				968	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	969	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	970	break;
				971
				972	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	973	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	974	break;
				975
				976	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	977	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	978	break;
				979
				980	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	981	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	982	break;
				983
				984	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	985	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	986	break;
				987
				988	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	989	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	990	break;
				991
				992	default:
				993	return( 1 );
				994	}
				995
				996	if( v == DES_DECRYPT )
				997	{
				998	for( j = 0; j < 10000; j++ )
				999	{
				1000	if( u == 0 )
				1001	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				1002	else
				1003	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				1004	}
				1005	}
				1006	else
				1007	{
				1008	for( j = 0; j < 10000; j++ )
				1009	{
				1010	unsigned char tmp[8];
				1011
				1012	if( u == 0 )
				1013	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				1014	else
				1015	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				1016
				1017	memcpy( tmp, prv, 8 );
				1018	memcpy( prv, buf, 8 );
				1019	memcpy( buf, tmp, 8 );
				1020	}
				1021
				1022	memcpy( buf, prv, 8 );
				1023	}
				1024
				1025	if( ( v == DES_DECRYPT &&
				1026	memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) \|\|
				1027	( v != DES_DECRYPT &&
				1028	memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
				1029	{
				1030	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1031	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1032
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	1033	ret = 1;
				1034	goto exit;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1035	}
				1036
				1037	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1038	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1039	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	1040	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1041
				1042	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1043	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1044
Paul Bakker	c7ea99a	2014-06-18 11:12:03 +0200	[diff] [blame]	1045	exit:
				1046	des_free( &ctx );
				1047	des3_free( &ctx3 );
				1048
				1049	return( ret );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1050	}
				1051
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1052	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1053
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1054	#endif /* POLARSSL_DES_C */