TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c7ea99af4f62690cb7f5af05d92b8af24e097db4 / . / library / des.c
blob: 12fe4f46a66faa7533463a26d1d4c686f2a2394f [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]34#else
35#include POLARSSL_CONFIG_FILE
36#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]38#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]39
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]40#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]41
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#if defined(POLARSSL_PLATFORM_C)
43#include "polarssl/platform.h"
44#else
45#define polarssl_printf printf
46#endif
47
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]48#if !defined(POLARSSL_DES_ALT)
49
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]50/* Implementation that should never be optimized out by the compiler */
51static void polarssl_zeroize( void *v, size_t n ) {
52 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
53}
54
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]55/*
56 * 32-bit integer manipulation macros (big endian)
57 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58#ifndef GET_UINT32_BE
59#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
62 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
63 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
64 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65}
66#endif
67
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68#ifndef PUT_UINT32_BE
69#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70{ \
71 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
72 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
73 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
74 (b)[(i) + 3] = (unsigned char) ( (n) ); \
75}
76#endif
77
78/*
79 * Expanded DES S-boxes
80 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]81static const uint32_t SB1[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]82{
83 0x01010400, 0x00000000, 0x00010000, 0x01010404,
84 0x01010004, 0x00010404, 0x00000004, 0x00010000,
85 0x00000400, 0x01010400, 0x01010404, 0x00000400,
86 0x01000404, 0x01010004, 0x01000000, 0x00000004,
87 0x00000404, 0x01000400, 0x01000400, 0x00010400,
88 0x00010400, 0x01010000, 0x01010000, 0x01000404,
89 0x00010004, 0x01000004, 0x01000004, 0x00010004,
90 0x00000000, 0x00000404, 0x00010404, 0x01000000,
91 0x00010000, 0x01010404, 0x00000004, 0x01010000,
92 0x01010400, 0x01000000, 0x01000000, 0x00000400,
93 0x01010004, 0x00010000, 0x00010400, 0x01000004,
94 0x00000400, 0x00000004, 0x01000404, 0x00010404,
95 0x01010404, 0x00010004, 0x01010000, 0x01000404,
96 0x01000004, 0x00000404, 0x00010404, 0x01010400,
97 0x00000404, 0x01000400, 0x01000400, 0x00000000,
98 0x00010004, 0x00010400, 0x00000000, 0x01010004
99};
100
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]101static const uint32_t SB2[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]102{
103 0x80108020, 0x80008000, 0x00008000, 0x00108020,
104 0x00100000, 0x00000020, 0x80100020, 0x80008020,
105 0x80000020, 0x80108020, 0x80108000, 0x80000000,
106 0x80008000, 0x00100000, 0x00000020, 0x80100020,
107 0x00108000, 0x00100020, 0x80008020, 0x00000000,
108 0x80000000, 0x00008000, 0x00108020, 0x80100000,
109 0x00100020, 0x80000020, 0x00000000, 0x00108000,
110 0x00008020, 0x80108000, 0x80100000, 0x00008020,
111 0x00000000, 0x00108020, 0x80100020, 0x00100000,
112 0x80008020, 0x80100000, 0x80108000, 0x00008000,
113 0x80100000, 0x80008000, 0x00000020, 0x80108020,
114 0x00108020, 0x00000020, 0x00008000, 0x80000000,
115 0x00008020, 0x80108000, 0x00100000, 0x80000020,
116 0x00100020, 0x80008020, 0x80000020, 0x00100020,
117 0x00108000, 0x00000000, 0x80008000, 0x00008020,
118 0x80000000, 0x80100020, 0x80108020, 0x00108000
119};
120
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]121static const uint32_t SB3[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]122{
123 0x00000208, 0x08020200, 0x00000000, 0x08020008,
124 0x08000200, 0x00000000, 0x00020208, 0x08000200,
125 0x00020008, 0x08000008, 0x08000008, 0x00020000,
126 0x08020208, 0x00020008, 0x08020000, 0x00000208,
127 0x08000000, 0x00000008, 0x08020200, 0x00000200,
128 0x00020200, 0x08020000, 0x08020008, 0x00020208,
129 0x08000208, 0x00020200, 0x00020000, 0x08000208,
130 0x00000008, 0x08020208, 0x00000200, 0x08000000,
131 0x08020200, 0x08000000, 0x00020008, 0x00000208,
132 0x00020000, 0x08020200, 0x08000200, 0x00000000,
133 0x00000200, 0x00020008, 0x08020208, 0x08000200,
134 0x08000008, 0x00000200, 0x00000000, 0x08020008,
135 0x08000208, 0x00020000, 0x08000000, 0x08020208,
136 0x00000008, 0x00020208, 0x00020200, 0x08000008,
137 0x08020000, 0x08000208, 0x00000208, 0x08020000,
138 0x00020208, 0x00000008, 0x08020008, 0x00020200
139};
140
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]141static const uint32_t SB4[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]142{
143 0x00802001, 0x00002081, 0x00002081, 0x00000080,
144 0x00802080, 0x00800081, 0x00800001, 0x00002001,
145 0x00000000, 0x00802000, 0x00802000, 0x00802081,
146 0x00000081, 0x00000000, 0x00800080, 0x00800001,
147 0x00000001, 0x00002000, 0x00800000, 0x00802001,
148 0x00000080, 0x00800000, 0x00002001, 0x00002080,
149 0x00800081, 0x00000001, 0x00002080, 0x00800080,
150 0x00002000, 0x00802080, 0x00802081, 0x00000081,
151 0x00800080, 0x00800001, 0x00802000, 0x00802081,
152 0x00000081, 0x00000000, 0x00000000, 0x00802000,
153 0x00002080, 0x00800080, 0x00800081, 0x00000001,
154 0x00802001, 0x00002081, 0x00002081, 0x00000080,
155 0x00802081, 0x00000081, 0x00000001, 0x00002000,
156 0x00800001, 0x00002001, 0x00802080, 0x00800081,
157 0x00002001, 0x00002080, 0x00800000, 0x00802001,
158 0x00000080, 0x00800000, 0x00002000, 0x00802080
159};
160
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]161static const uint32_t SB5[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]162{
163 0x00000100, 0x02080100, 0x02080000, 0x42000100,
164 0x00080000, 0x00000100, 0x40000000, 0x02080000,
165 0x40080100, 0x00080000, 0x02000100, 0x40080100,
166 0x42000100, 0x42080000, 0x00080100, 0x40000000,
167 0x02000000, 0x40080000, 0x40080000, 0x00000000,
168 0x40000100, 0x42080100, 0x42080100, 0x02000100,
169 0x42080000, 0x40000100, 0x00000000, 0x42000000,
170 0x02080100, 0x02000000, 0x42000000, 0x00080100,
171 0x00080000, 0x42000100, 0x00000100, 0x02000000,
172 0x40000000, 0x02080000, 0x42000100, 0x40080100,
173 0x02000100, 0x40000000, 0x42080000, 0x02080100,
174 0x40080100, 0x00000100, 0x02000000, 0x42080000,
175 0x42080100, 0x00080100, 0x42000000, 0x42080100,
176 0x02080000, 0x00000000, 0x40080000, 0x42000000,
177 0x00080100, 0x02000100, 0x40000100, 0x00080000,
178 0x00000000, 0x40080000, 0x02080100, 0x40000100
179};
180
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]181static const uint32_t SB6[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]182{
183 0x20000010, 0x20400000, 0x00004000, 0x20404010,
184 0x20400000, 0x00000010, 0x20404010, 0x00400000,
185 0x20004000, 0x00404010, 0x00400000, 0x20000010,
186 0x00400010, 0x20004000, 0x20000000, 0x00004010,
187 0x00000000, 0x00400010, 0x20004010, 0x00004000,
188 0x00404000, 0x20004010, 0x00000010, 0x20400010,
189 0x20400010, 0x00000000, 0x00404010, 0x20404000,
190 0x00004010, 0x00404000, 0x20404000, 0x20000000,
191 0x20004000, 0x00000010, 0x20400010, 0x00404000,
192 0x20404010, 0x00400000, 0x00004010, 0x20000010,
193 0x00400000, 0x20004000, 0x20000000, 0x00004010,
194 0x20000010, 0x20404010, 0x00404000, 0x20400000,
195 0x00404010, 0x20404000, 0x00000000, 0x20400010,
196 0x00000010, 0x00004000, 0x20400000, 0x00404010,
197 0x00004000, 0x00400010, 0x20004010, 0x00000000,
198 0x20404000, 0x20000000, 0x00400010, 0x20004010
199};
200
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]201static const uint32_t SB7[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]202{
203 0x00200000, 0x04200002, 0x04000802, 0x00000000,
204 0x00000800, 0x04000802, 0x00200802, 0x04200800,
205 0x04200802, 0x00200000, 0x00000000, 0x04000002,
206 0x00000002, 0x04000000, 0x04200002, 0x00000802,
207 0x04000800, 0x00200802, 0x00200002, 0x04000800,
208 0x04000002, 0x04200000, 0x04200800, 0x00200002,
209 0x04200000, 0x00000800, 0x00000802, 0x04200802,
210 0x00200800, 0x00000002, 0x04000000, 0x00200800,
211 0x04000000, 0x00200800, 0x00200000, 0x04000802,
212 0x04000802, 0x04200002, 0x04200002, 0x00000002,
213 0x00200002, 0x04000000, 0x04000800, 0x00200000,
214 0x04200800, 0x00000802, 0x00200802, 0x04200800,
215 0x00000802, 0x04000002, 0x04200802, 0x04200000,
216 0x00200800, 0x00000000, 0x00000002, 0x04200802,
217 0x00000000, 0x00200802, 0x04200000, 0x00000800,
218 0x04000002, 0x04000800, 0x00000800, 0x00200002
219};
220
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]221static const uint32_t SB8[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]222{
223 0x10001040, 0x00001000, 0x00040000, 0x10041040,
224 0x10000000, 0x10001040, 0x00000040, 0x10000000,
225 0x00040040, 0x10040000, 0x10041040, 0x00041000,
226 0x10041000, 0x00041040, 0x00001000, 0x00000040,
227 0x10040000, 0x10000040, 0x10001000, 0x00001040,
228 0x00041000, 0x00040040, 0x10040040, 0x10041000,
229 0x00001040, 0x00000000, 0x00000000, 0x10040040,
230 0x10000040, 0x10001000, 0x00041040, 0x00040000,
231 0x00041040, 0x00040000, 0x10041000, 0x00001000,
232 0x00000040, 0x10040040, 0x00001000, 0x00041040,
233 0x10001000, 0x00000040, 0x10000040, 0x10040000,
234 0x10040040, 0x10000000, 0x00040000, 0x10001040,
235 0x00000000, 0x10041040, 0x00040040, 0x10000040,
236 0x10040000, 0x10001000, 0x10001040, 0x00000000,
237 0x10041040, 0x00041000, 0x00041000, 0x00001040,
238 0x00001040, 0x00040040, 0x10000000, 0x10041000
239};
240
241/*
242 * PC1: left and right halves bit-swap
243 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]244static const uint32_t LHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]245{
246 0x00000000, 0x00000001, 0x00000100, 0x00000101,
247 0x00010000, 0x00010001, 0x00010100, 0x00010101,
248 0x01000000, 0x01000001, 0x01000100, 0x01000101,
249 0x01010000, 0x01010001, 0x01010100, 0x01010101
250};
251
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]252static const uint32_t RHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253{
254 0x00000000, 0x01000000, 0x00010000, 0x01010000,
255 0x00000100, 0x01000100, 0x00010100, 0x01010100,
256 0x00000001, 0x01000001, 0x00010001, 0x01010001,
257 0x00000101, 0x01000101, 0x00010101, 0x01010101,
258};
259
260/*
261 * Initial Permutation macro
262 */
263#define DES_IP(X,Y) \
264{ \
265 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
266 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
267 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
268 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
269 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
270 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
271 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
272}
273
274/*
275 * Final Permutation macro
276 */
277#define DES_FP(X,Y) \
278{ \
279 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
280 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
281 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
282 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
283 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
284 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
285 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
286}
287
288/*
289 * DES round macro
290 */
291#define DES_ROUND(X,Y) \
292{ \
293 T = *SK++ ^ X; \
294 Y ^= SB8[ (T ) & 0x3F ] ^ \
295 SB6[ (T >> 8) & 0x3F ] ^ \
296 SB4[ (T >> 16) & 0x3F ] ^ \
297 SB2[ (T >> 24) & 0x3F ]; \
298 \
299 T = *SK++ ^ ((X << 28) | (X >> 4)); \
300 Y ^= SB7[ (T ) & 0x3F ] ^ \
301 SB5[ (T >> 8) & 0x3F ] ^ \
302 SB3[ (T >> 16) & 0x3F ] ^ \
303 SB1[ (T >> 24) & 0x3F ]; \
304}
305
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]306#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]307
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]308void des_init( des_context *ctx )
309{
310 memset( ctx, 0, sizeof( des_context ) );
311}
312
313void des_free( des_context *ctx )
314{
315 if( ctx == NULL )
316 return;
317
318 polarssl_zeroize( ctx, sizeof( des_context ) );
319}
320
321void des3_init( des3_context *ctx )
322{
323 memset( ctx, 0, sizeof( des3_context ) );
324}
325
326void des3_free( des3_context *ctx )
327{
328 if( ctx == NULL )
329 return;
330
331 polarssl_zeroize( ctx, sizeof( des3_context ) );
332}
333
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]334static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
335 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
336 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
337 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
338 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
339 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
340 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
341 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
342 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
343 254 };
344
345void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
346{
347 int i;
348
349 for( i = 0; i < DES_KEY_SIZE; i++ )
350 key[i] = odd_parity_table[key[i] / 2];
351}
352
353/*
354 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
355 */
356int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
357{
358 int i;
359
360 for( i = 0; i < DES_KEY_SIZE; i++ )
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]361 if( key[i] != odd_parity_table[key[i] / 2] )
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]362 return( 1 );
363
364 return( 0 );
365}
366
367/*
368 * Table of weak and semi-weak keys
369 *
370 * Source: http://en.wikipedia.org/wiki/Weak_key
371 *
372 * Weak:
373 * Alternating ones + zeros (0x0101010101010101)
374 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
375 * '0xE0E0E0E0F1F1F1F1'
376 * '0x1F1F1F1F0E0E0E0E'
377 *
378 * Semi-weak:
379 * 0x011F011F010E010E and 0x1F011F010E010E01
380 * 0x01E001E001F101F1 and 0xE001E001F101F101
381 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
382 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
383 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
384 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
385 *
386 */
387
388#define WEAK_KEY_COUNT 16
389
390static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
391{
392 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
393 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
394 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
395 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
396
397 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
398 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
399 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
400 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
401 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
402 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
403 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
404 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
405 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
406 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
407 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
408 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
409};
410
411int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
412{
413 int i;
414
415 for( i = 0; i < WEAK_KEY_COUNT; i++ )
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]416 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0 )
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]417 return( 1 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]418
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]419 return( 0 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]420}
421
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]422static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423{
424 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]425 uint32_t X, Y, T;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]427 GET_UINT32_BE( X, key, 0 );
428 GET_UINT32_BE( Y, key, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]429
430 /*
431 * Permuted Choice 1
432 */
433 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
434 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
435
436 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
437 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
438 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
439 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
440
441 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
442 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
443 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
444 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
445
446 X &= 0x0FFFFFFF;
447 Y &= 0x0FFFFFFF;
448
449 /*
450 * calculate subkeys
451 */
452 for( i = 0; i < 16; i++ )
453 {
454 if( i < 2 || i == 8 || i == 15 )
455 {
456 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
457 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
458 }
459 else
460 {
461 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
462 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
463 }
464
465 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
466 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
467 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
468 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
469 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
470 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
471 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
472 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
473 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
474 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
475 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
476
477 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
478 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
479 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
480 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
481 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
482 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
483 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
484 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
485 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
486 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
487 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
488 }
489}
490
491/*
492 * DES key schedule (56-bit, encryption)
493 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]494int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]495{
496 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]497
498 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]499}
500
501/*
502 * DES key schedule (56-bit, decryption)
503 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]504int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505{
506 int i;
507
508 des_setkey( ctx->sk, key );
509
510 for( i = 0; i < 16; i += 2 )
511 {
512 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
513 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
514 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]515
516 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]517}
518
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]519static void des3_set2key( uint32_t esk[96],
520 uint32_t dsk[96],
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]521 const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]522{
523 int i;
524
525 des_setkey( esk, key );
526 des_setkey( dsk + 32, key + 8 );
527
528 for( i = 0; i < 32; i += 2 )
529 {
530 dsk[i ] = esk[30 - i];
531 dsk[i + 1] = esk[31 - i];
532
533 esk[i + 32] = dsk[62 - i];
534 esk[i + 33] = dsk[63 - i];
535
536 esk[i + 64] = esk[i ];
537 esk[i + 65] = esk[i + 1];
538
539 dsk[i + 64] = dsk[i ];
540 dsk[i + 65] = dsk[i + 1];
541 }
542}
543
544/*
545 * Triple-DES key schedule (112-bit, encryption)
546 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]547int des3_set2key_enc( des3_context *ctx,
548 const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]549{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]550 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]551
552 des3_set2key( ctx->sk, sk, key );
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]553 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]554
555 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]556}
557
558/*
559 * Triple-DES key schedule (112-bit, decryption)
560 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]561int des3_set2key_dec( des3_context *ctx,
562 const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]563{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]564 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]565
566 des3_set2key( sk, ctx->sk, key );
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]567 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]568
569 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]570}
571
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]572static void des3_set3key( uint32_t esk[96],
573 uint32_t dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]574 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]575{
576 int i;
577
578 des_setkey( esk, key );
579 des_setkey( dsk + 32, key + 8 );
580 des_setkey( esk + 64, key + 16 );
581
582 for( i = 0; i < 32; i += 2 )
583 {
584 dsk[i ] = esk[94 - i];
585 dsk[i + 1] = esk[95 - i];
586
587 esk[i + 32] = dsk[62 - i];
588 esk[i + 33] = dsk[63 - i];
589
590 dsk[i + 64] = esk[30 - i];
591 dsk[i + 65] = esk[31 - i];
592 }
593}
594
595/*
596 * Triple-DES key schedule (168-bit, encryption)
597 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]598int des3_set3key_enc( des3_context *ctx,
599 const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]600{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]601 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]602
603 des3_set3key( ctx->sk, sk, key );
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]604 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]605
606 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]607}
608
609/*
610 * Triple-DES key schedule (168-bit, decryption)
611 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]612int des3_set3key_dec( des3_context *ctx,
613 const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]614{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]615 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]616
617 des3_set3key( sk, ctx->sk, key );
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]618 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]619
620 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]621}
622
623/*
624 * DES-ECB block encryption/decryption
625 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]626int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]627 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]628 unsigned char output[8] )
629{
630 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]631 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]632
633 SK = ctx->sk;
634
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]635 GET_UINT32_BE( X, input, 0 );
636 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]637
638 DES_IP( X, Y );
639
640 for( i = 0; i < 8; i++ )
641 {
642 DES_ROUND( Y, X );
643 DES_ROUND( X, Y );
644 }
645
646 DES_FP( Y, X );
647
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]648 PUT_UINT32_BE( Y, output, 0 );
649 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]650
651 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]652}
653
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]654#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]655/*
656 * DES-CBC buffer encryption/decryption
657 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]658int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]659 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]660 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]661 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]662 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]663 unsigned char *output )
664{
665 int i;
666 unsigned char temp[8];
667
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]668 if( length % 8 )
669 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
670
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]671 if( mode == DES_ENCRYPT )
672 {
673 while( length > 0 )
674 {
675 for( i = 0; i < 8; i++ )
676 output[i] = (unsigned char)( input[i] ^ iv[i] );
677
678 des_crypt_ecb( ctx, output, output );
679 memcpy( iv, output, 8 );
680
681 input += 8;
682 output += 8;
683 length -= 8;
684 }
685 }
686 else /* DES_DECRYPT */
687 {
688 while( length > 0 )
689 {
690 memcpy( temp, input, 8 );
691 des_crypt_ecb( ctx, input, output );
692
693 for( i = 0; i < 8; i++ )
694 output[i] = (unsigned char)( output[i] ^ iv[i] );
695
696 memcpy( iv, temp, 8 );
697
698 input += 8;
699 output += 8;
700 length -= 8;
701 }
702 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]703
704 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]705}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]706#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]707
708/*
709 * 3DES-ECB block encryption/decryption
710 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]711int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]712 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]713 unsigned char output[8] )
714{
715 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]716 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]717
718 SK = ctx->sk;
719
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]720 GET_UINT32_BE( X, input, 0 );
721 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]722
723 DES_IP( X, Y );
724
725 for( i = 0; i < 8; i++ )
726 {
727 DES_ROUND( Y, X );
728 DES_ROUND( X, Y );
729 }
730
731 for( i = 0; i < 8; i++ )
732 {
733 DES_ROUND( X, Y );
734 DES_ROUND( Y, X );
735 }
736
737 for( i = 0; i < 8; i++ )
738 {
739 DES_ROUND( Y, X );
740 DES_ROUND( X, Y );
741 }
742
743 DES_FP( Y, X );
744
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]745 PUT_UINT32_BE( Y, output, 0 );
746 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]747
748 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]749}
750
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]751#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]752/*
753 * 3DES-CBC buffer encryption/decryption
754 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]755int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]756 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]757 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]758 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]759 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]760 unsigned char *output )
761{
762 int i;
763 unsigned char temp[8];
764
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]765 if( length % 8 )
766 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
767
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]768 if( mode == DES_ENCRYPT )
769 {
770 while( length > 0 )
771 {
772 for( i = 0; i < 8; i++ )
773 output[i] = (unsigned char)( input[i] ^ iv[i] );
774
775 des3_crypt_ecb( ctx, output, output );
776 memcpy( iv, output, 8 );
777
778 input += 8;
779 output += 8;
780 length -= 8;
781 }
782 }
783 else /* DES_DECRYPT */
784 {
785 while( length > 0 )
786 {
787 memcpy( temp, input, 8 );
788 des3_crypt_ecb( ctx, input, output );
789
790 for( i = 0; i < 8; i++ )
791 output[i] = (unsigned char)( output[i] ^ iv[i] );
792
793 memcpy( iv, temp, 8 );
794
795 input += 8;
796 output += 8;
797 length -= 8;
798 }
799 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]800
801 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]802}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]803#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]804
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]805#endif /* !POLARSSL_DES_ALT */
806
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]807#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]808
809#include <stdio.h>
810
811/*
812 * DES and 3DES test vectors from:
813 *
814 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
815 */
816static const unsigned char des3_test_keys[24] =
817{
818 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
819 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
820 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
821};
822
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]823static const unsigned char des3_test_buf[8] =
824{
825 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
826};
827
828static const unsigned char des3_test_ecb_dec[3][8] =
829{
830 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
831 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
832 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
833};
834
835static const unsigned char des3_test_ecb_enc[3][8] =
836{
837 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
838 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
839 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
840};
841
Manuel Pégourié-Gonnard29dcc0b2014-03-10 11:32:07 +0100[diff] [blame]842#if defined(POLARSSL_CIPHER_MODE_CBC)
843static const unsigned char des3_test_iv[8] =
844{
845 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
846};
847
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]848static const unsigned char des3_test_cbc_dec[3][8] =
849{
850 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
851 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
852 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
853};
854
855static const unsigned char des3_test_cbc_enc[3][8] =
856{
857 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
858 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
859 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
860};
Manuel Pégourié-Gonnard29dcc0b2014-03-10 11:32:07 +0100[diff] [blame]861#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]862
863/*
864 * Checkup routine
865 */
866int des_self_test( int verbose )
867{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]868 int i, j, u, v, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]869 des_context ctx;
870 des3_context ctx3;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]871 unsigned char buf[8];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]872#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]873 unsigned char prv[8];
874 unsigned char iv[8];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]875#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]876
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]877 des_init( &ctx );
878 des3_init( &ctx3 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]879 /*
880 * ECB mode
881 */
882 for( i = 0; i < 6; i++ )
883 {
884 u = i >> 1;
885 v = i & 1;
886
887 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]888 polarssl_printf( " DES%c-ECB-%3d (%s): ",
889 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
890 ( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]891
892 memcpy( buf, des3_test_buf, 8 );
893
894 switch( i )
895 {
896 case 0:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]897 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]898 break;
899
900 case 1:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]901 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]902 break;
903
904 case 2:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]905 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]906 break;
907
908 case 3:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]909 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]910 break;
911
912 case 4:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]913 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]914 break;
915
916 case 5:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]917 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]918 break;
919
920 default:
921 return( 1 );
922 }
923
924 for( j = 0; j < 10000; j++ )
925 {
926 if( u == 0 )
927 des_crypt_ecb( &ctx, buf, buf );
928 else
929 des3_crypt_ecb( &ctx3, buf, buf );
930 }
931
932 if( ( v == DES_DECRYPT &&
933 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
934 ( v != DES_DECRYPT &&
935 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
936 {
937 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]938 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]939
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]940 ret = 1;
941 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]942 }
943
944 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]945 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]946 }
947
948 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]949 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]950
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]951#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]952 /*
953 * CBC mode
954 */
955 for( i = 0; i < 6; i++ )
956 {
957 u = i >> 1;
958 v = i & 1;
959
960 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]961 polarssl_printf( " DES%c-CBC-%3d (%s): ",
962 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
963 ( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]964
965 memcpy( iv, des3_test_iv, 8 );
966 memcpy( prv, des3_test_iv, 8 );
967 memcpy( buf, des3_test_buf, 8 );
968
969 switch( i )
970 {
971 case 0:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]972 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]973 break;
974
975 case 1:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]976 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]977 break;
978
979 case 2:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]980 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]981 break;
982
983 case 3:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]984 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]985 break;
986
987 case 4:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]988 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]989 break;
990
991 case 5:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]992 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]993 break;
994
995 default:
996 return( 1 );
997 }
998
999 if( v == DES_DECRYPT )
1000 {
1001 for( j = 0; j < 10000; j++ )
1002 {
1003 if( u == 0 )
1004 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1005 else
1006 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1007 }
1008 }
1009 else
1010 {
1011 for( j = 0; j < 10000; j++ )
1012 {
1013 unsigned char tmp[8];
1014
1015 if( u == 0 )
1016 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
1017 else
1018 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
1019
1020 memcpy( tmp, prv, 8 );
1021 memcpy( prv, buf, 8 );
1022 memcpy( buf, tmp, 8 );
1023 }
1024
1025 memcpy( buf, prv, 8 );
1026 }
1027
1028 if( ( v == DES_DECRYPT &&
1029 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
1030 ( v != DES_DECRYPT &&
1031 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
1032 {
1033 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1034 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1035
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]1036 ret = 1;
1037 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1038 }
1039
1040 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1041 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1042 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]1043#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1044
1045 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1046 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1047
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame^]1048exit:
1049 des_free( &ctx );
1050 des3_free( &ctx3 );
1051
1052 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1053}
1054
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1055#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1056
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1057#endif /* POLARSSL_DES_C */