TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f3ccc681001b8bc3a74e060597203a682072d6f6 / . / library / des.c
blob: d2f7662b0212a6ca589b01c4c2a2cb93139c4bc9 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]4 * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
5 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]6 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]7 * Joined copyright on original XySSL code with: Christophe Devine
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23/*
24 * DES, on which TDES is based, was originally designed by Horst Feistel
25 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
26 *
27 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
28 */
29
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]30#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
36#include <string.h>
37
38/*
39 * 32-bit integer manipulation macros (big endian)
40 */
41#ifndef GET_ULONG_BE
42#define GET_ULONG_BE(n,b,i) \
43{ \
44 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
45 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
46 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
47 | ( (unsigned long) (b)[(i) + 3] ); \
48}
49#endif
50
51#ifndef PUT_ULONG_BE
52#define PUT_ULONG_BE(n,b,i) \
53{ \
54 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
55 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
56 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
57 (b)[(i) + 3] = (unsigned char) ( (n) ); \
58}
59#endif
60
61/*
62 * Expanded DES S-boxes
63 */
64static const unsigned long SB1[64] =
65{
66 0x01010400, 0x00000000, 0x00010000, 0x01010404,
67 0x01010004, 0x00010404, 0x00000004, 0x00010000,
68 0x00000400, 0x01010400, 0x01010404, 0x00000400,
69 0x01000404, 0x01010004, 0x01000000, 0x00000004,
70 0x00000404, 0x01000400, 0x01000400, 0x00010400,
71 0x00010400, 0x01010000, 0x01010000, 0x01000404,
72 0x00010004, 0x01000004, 0x01000004, 0x00010004,
73 0x00000000, 0x00000404, 0x00010404, 0x01000000,
74 0x00010000, 0x01010404, 0x00000004, 0x01010000,
75 0x01010400, 0x01000000, 0x01000000, 0x00000400,
76 0x01010004, 0x00010000, 0x00010400, 0x01000004,
77 0x00000400, 0x00000004, 0x01000404, 0x00010404,
78 0x01010404, 0x00010004, 0x01010000, 0x01000404,
79 0x01000004, 0x00000404, 0x00010404, 0x01010400,
80 0x00000404, 0x01000400, 0x01000400, 0x00000000,
81 0x00010004, 0x00010400, 0x00000000, 0x01010004
82};
83
84static const unsigned long SB2[64] =
85{
86 0x80108020, 0x80008000, 0x00008000, 0x00108020,
87 0x00100000, 0x00000020, 0x80100020, 0x80008020,
88 0x80000020, 0x80108020, 0x80108000, 0x80000000,
89 0x80008000, 0x00100000, 0x00000020, 0x80100020,
90 0x00108000, 0x00100020, 0x80008020, 0x00000000,
91 0x80000000, 0x00008000, 0x00108020, 0x80100000,
92 0x00100020, 0x80000020, 0x00000000, 0x00108000,
93 0x00008020, 0x80108000, 0x80100000, 0x00008020,
94 0x00000000, 0x00108020, 0x80100020, 0x00100000,
95 0x80008020, 0x80100000, 0x80108000, 0x00008000,
96 0x80100000, 0x80008000, 0x00000020, 0x80108020,
97 0x00108020, 0x00000020, 0x00008000, 0x80000000,
98 0x00008020, 0x80108000, 0x00100000, 0x80000020,
99 0x00100020, 0x80008020, 0x80000020, 0x00100020,
100 0x00108000, 0x00000000, 0x80008000, 0x00008020,
101 0x80000000, 0x80100020, 0x80108020, 0x00108000
102};
103
104static const unsigned long SB3[64] =
105{
106 0x00000208, 0x08020200, 0x00000000, 0x08020008,
107 0x08000200, 0x00000000, 0x00020208, 0x08000200,
108 0x00020008, 0x08000008, 0x08000008, 0x00020000,
109 0x08020208, 0x00020008, 0x08020000, 0x00000208,
110 0x08000000, 0x00000008, 0x08020200, 0x00000200,
111 0x00020200, 0x08020000, 0x08020008, 0x00020208,
112 0x08000208, 0x00020200, 0x00020000, 0x08000208,
113 0x00000008, 0x08020208, 0x00000200, 0x08000000,
114 0x08020200, 0x08000000, 0x00020008, 0x00000208,
115 0x00020000, 0x08020200, 0x08000200, 0x00000000,
116 0x00000200, 0x00020008, 0x08020208, 0x08000200,
117 0x08000008, 0x00000200, 0x00000000, 0x08020008,
118 0x08000208, 0x00020000, 0x08000000, 0x08020208,
119 0x00000008, 0x00020208, 0x00020200, 0x08000008,
120 0x08020000, 0x08000208, 0x00000208, 0x08020000,
121 0x00020208, 0x00000008, 0x08020008, 0x00020200
122};
123
124static const unsigned long SB4[64] =
125{
126 0x00802001, 0x00002081, 0x00002081, 0x00000080,
127 0x00802080, 0x00800081, 0x00800001, 0x00002001,
128 0x00000000, 0x00802000, 0x00802000, 0x00802081,
129 0x00000081, 0x00000000, 0x00800080, 0x00800001,
130 0x00000001, 0x00002000, 0x00800000, 0x00802001,
131 0x00000080, 0x00800000, 0x00002001, 0x00002080,
132 0x00800081, 0x00000001, 0x00002080, 0x00800080,
133 0x00002000, 0x00802080, 0x00802081, 0x00000081,
134 0x00800080, 0x00800001, 0x00802000, 0x00802081,
135 0x00000081, 0x00000000, 0x00000000, 0x00802000,
136 0x00002080, 0x00800080, 0x00800081, 0x00000001,
137 0x00802001, 0x00002081, 0x00002081, 0x00000080,
138 0x00802081, 0x00000081, 0x00000001, 0x00002000,
139 0x00800001, 0x00002001, 0x00802080, 0x00800081,
140 0x00002001, 0x00002080, 0x00800000, 0x00802001,
141 0x00000080, 0x00800000, 0x00002000, 0x00802080
142};
143
144static const unsigned long SB5[64] =
145{
146 0x00000100, 0x02080100, 0x02080000, 0x42000100,
147 0x00080000, 0x00000100, 0x40000000, 0x02080000,
148 0x40080100, 0x00080000, 0x02000100, 0x40080100,
149 0x42000100, 0x42080000, 0x00080100, 0x40000000,
150 0x02000000, 0x40080000, 0x40080000, 0x00000000,
151 0x40000100, 0x42080100, 0x42080100, 0x02000100,
152 0x42080000, 0x40000100, 0x00000000, 0x42000000,
153 0x02080100, 0x02000000, 0x42000000, 0x00080100,
154 0x00080000, 0x42000100, 0x00000100, 0x02000000,
155 0x40000000, 0x02080000, 0x42000100, 0x40080100,
156 0x02000100, 0x40000000, 0x42080000, 0x02080100,
157 0x40080100, 0x00000100, 0x02000000, 0x42080000,
158 0x42080100, 0x00080100, 0x42000000, 0x42080100,
159 0x02080000, 0x00000000, 0x40080000, 0x42000000,
160 0x00080100, 0x02000100, 0x40000100, 0x00080000,
161 0x00000000, 0x40080000, 0x02080100, 0x40000100
162};
163
164static const unsigned long SB6[64] =
165{
166 0x20000010, 0x20400000, 0x00004000, 0x20404010,
167 0x20400000, 0x00000010, 0x20404010, 0x00400000,
168 0x20004000, 0x00404010, 0x00400000, 0x20000010,
169 0x00400010, 0x20004000, 0x20000000, 0x00004010,
170 0x00000000, 0x00400010, 0x20004010, 0x00004000,
171 0x00404000, 0x20004010, 0x00000010, 0x20400010,
172 0x20400010, 0x00000000, 0x00404010, 0x20404000,
173 0x00004010, 0x00404000, 0x20404000, 0x20000000,
174 0x20004000, 0x00000010, 0x20400010, 0x00404000,
175 0x20404010, 0x00400000, 0x00004010, 0x20000010,
176 0x00400000, 0x20004000, 0x20000000, 0x00004010,
177 0x20000010, 0x20404010, 0x00404000, 0x20400000,
178 0x00404010, 0x20404000, 0x00000000, 0x20400010,
179 0x00000010, 0x00004000, 0x20400000, 0x00404010,
180 0x00004000, 0x00400010, 0x20004010, 0x00000000,
181 0x20404000, 0x20000000, 0x00400010, 0x20004010
182};
183
184static const unsigned long SB7[64] =
185{
186 0x00200000, 0x04200002, 0x04000802, 0x00000000,
187 0x00000800, 0x04000802, 0x00200802, 0x04200800,
188 0x04200802, 0x00200000, 0x00000000, 0x04000002,
189 0x00000002, 0x04000000, 0x04200002, 0x00000802,
190 0x04000800, 0x00200802, 0x00200002, 0x04000800,
191 0x04000002, 0x04200000, 0x04200800, 0x00200002,
192 0x04200000, 0x00000800, 0x00000802, 0x04200802,
193 0x00200800, 0x00000002, 0x04000000, 0x00200800,
194 0x04000000, 0x00200800, 0x00200000, 0x04000802,
195 0x04000802, 0x04200002, 0x04200002, 0x00000002,
196 0x00200002, 0x04000000, 0x04000800, 0x00200000,
197 0x04200800, 0x00000802, 0x00200802, 0x04200800,
198 0x00000802, 0x04000002, 0x04200802, 0x04200000,
199 0x00200800, 0x00000000, 0x00000002, 0x04200802,
200 0x00000000, 0x00200802, 0x04200000, 0x00000800,
201 0x04000002, 0x04000800, 0x00000800, 0x00200002
202};
203
204static const unsigned long SB8[64] =
205{
206 0x10001040, 0x00001000, 0x00040000, 0x10041040,
207 0x10000000, 0x10001040, 0x00000040, 0x10000000,
208 0x00040040, 0x10040000, 0x10041040, 0x00041000,
209 0x10041000, 0x00041040, 0x00001000, 0x00000040,
210 0x10040000, 0x10000040, 0x10001000, 0x00001040,
211 0x00041000, 0x00040040, 0x10040040, 0x10041000,
212 0x00001040, 0x00000000, 0x00000000, 0x10040040,
213 0x10000040, 0x10001000, 0x00041040, 0x00040000,
214 0x00041040, 0x00040000, 0x10041000, 0x00001000,
215 0x00000040, 0x10040040, 0x00001000, 0x00041040,
216 0x10001000, 0x00000040, 0x10000040, 0x10040000,
217 0x10040040, 0x10000000, 0x00040000, 0x10001040,
218 0x00000000, 0x10041040, 0x00040040, 0x10000040,
219 0x10040000, 0x10001000, 0x10001040, 0x00000000,
220 0x10041040, 0x00041000, 0x00041000, 0x00001040,
221 0x00001040, 0x00040040, 0x10000000, 0x10041000
222};
223
224/*
225 * PC1: left and right halves bit-swap
226 */
227static const unsigned long LHs[16] =
228{
229 0x00000000, 0x00000001, 0x00000100, 0x00000101,
230 0x00010000, 0x00010001, 0x00010100, 0x00010101,
231 0x01000000, 0x01000001, 0x01000100, 0x01000101,
232 0x01010000, 0x01010001, 0x01010100, 0x01010101
233};
234
235static const unsigned long RHs[16] =
236{
237 0x00000000, 0x01000000, 0x00010000, 0x01010000,
238 0x00000100, 0x01000100, 0x00010100, 0x01010100,
239 0x00000001, 0x01000001, 0x00010001, 0x01010001,
240 0x00000101, 0x01000101, 0x00010101, 0x01010101,
241};
242
243/*
244 * Initial Permutation macro
245 */
246#define DES_IP(X,Y) \
247{ \
248 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
249 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
250 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
251 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
252 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
253 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
254 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
255}
256
257/*
258 * Final Permutation macro
259 */
260#define DES_FP(X,Y) \
261{ \
262 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
263 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
264 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
265 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
266 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
267 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
268 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
269}
270
271/*
272 * DES round macro
273 */
274#define DES_ROUND(X,Y) \
275{ \
276 T = *SK++ ^ X; \
277 Y ^= SB8[ (T ) & 0x3F ] ^ \
278 SB6[ (T >> 8) & 0x3F ] ^ \
279 SB4[ (T >> 16) & 0x3F ] ^ \
280 SB2[ (T >> 24) & 0x3F ]; \
281 \
282 T = *SK++ ^ ((X << 28) | (X >> 4)); \
283 Y ^= SB7[ (T ) & 0x3F ] ^ \
284 SB5[ (T >> 8) & 0x3F ] ^ \
285 SB3[ (T >> 16) & 0x3F ] ^ \
286 SB1[ (T >> 24) & 0x3F ]; \
287}
288
289#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
290
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]291static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]292{
293 int i;
294 unsigned long X, Y, T;
295
296 GET_ULONG_BE( X, key, 0 );
297 GET_ULONG_BE( Y, key, 4 );
298
299 /*
300 * Permuted Choice 1
301 */
302 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
303 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
304
305 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
306 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
307 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
308 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
309
310 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
311 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
312 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
313 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
314
315 X &= 0x0FFFFFFF;
316 Y &= 0x0FFFFFFF;
317
318 /*
319 * calculate subkeys
320 */
321 for( i = 0; i < 16; i++ )
322 {
323 if( i < 2 || i == 8 || i == 15 )
324 {
325 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
326 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
327 }
328 else
329 {
330 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
331 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
332 }
333
334 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
335 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
336 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
337 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
338 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
339 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
340 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
341 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
342 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
343 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
344 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
345
346 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
347 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
348 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
349 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
350 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
351 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
352 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
353 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
354 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
355 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
356 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
357 }
358}
359
360/*
361 * DES key schedule (56-bit, encryption)
362 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]363void des_setkey_enc( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364{
365 des_setkey( ctx->sk, key );
366}
367
368/*
369 * DES key schedule (56-bit, decryption)
370 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]371void des_setkey_dec( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372{
373 int i;
374
375 des_setkey( ctx->sk, key );
376
377 for( i = 0; i < 16; i += 2 )
378 {
379 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
380 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
381 }
382}
383
384static void des3_set2key( unsigned long esk[96],
385 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]386 const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387{
388 int i;
389
390 des_setkey( esk, key );
391 des_setkey( dsk + 32, key + 8 );
392
393 for( i = 0; i < 32; i += 2 )
394 {
395 dsk[i ] = esk[30 - i];
396 dsk[i + 1] = esk[31 - i];
397
398 esk[i + 32] = dsk[62 - i];
399 esk[i + 33] = dsk[63 - i];
400
401 esk[i + 64] = esk[i ];
402 esk[i + 65] = esk[i + 1];
403
404 dsk[i + 64] = dsk[i ];
405 dsk[i + 65] = dsk[i + 1];
406 }
407}
408
409/*
410 * Triple-DES key schedule (112-bit, encryption)
411 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]412void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]413{
414 unsigned long sk[96];
415
416 des3_set2key( ctx->sk, sk, key );
417 memset( sk, 0, sizeof( sk ) );
418}
419
420/*
421 * Triple-DES key schedule (112-bit, decryption)
422 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]423void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424{
425 unsigned long sk[96];
426
427 des3_set2key( sk, ctx->sk, key );
428 memset( sk, 0, sizeof( sk ) );
429}
430
431static void des3_set3key( unsigned long esk[96],
432 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]433 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]434{
435 int i;
436
437 des_setkey( esk, key );
438 des_setkey( dsk + 32, key + 8 );
439 des_setkey( esk + 64, key + 16 );
440
441 for( i = 0; i < 32; i += 2 )
442 {
443 dsk[i ] = esk[94 - i];
444 dsk[i + 1] = esk[95 - i];
445
446 esk[i + 32] = dsk[62 - i];
447 esk[i + 33] = dsk[63 - i];
448
449 dsk[i + 64] = esk[30 - i];
450 dsk[i + 65] = esk[31 - i];
451 }
452}
453
454/*
455 * Triple-DES key schedule (168-bit, encryption)
456 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]457void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]458{
459 unsigned long sk[96];
460
461 des3_set3key( ctx->sk, sk, key );
462 memset( sk, 0, sizeof( sk ) );
463}
464
465/*
466 * Triple-DES key schedule (168-bit, decryption)
467 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]468void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469{
470 unsigned long sk[96];
471
472 des3_set3key( sk, ctx->sk, key );
473 memset( sk, 0, sizeof( sk ) );
474}
475
476/*
477 * DES-ECB block encryption/decryption
478 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]479int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]480 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481 unsigned char output[8] )
482{
483 int i;
484 unsigned long X, Y, T, *SK;
485
486 SK = ctx->sk;
487
488 GET_ULONG_BE( X, input, 0 );
489 GET_ULONG_BE( Y, input, 4 );
490
491 DES_IP( X, Y );
492
493 for( i = 0; i < 8; i++ )
494 {
495 DES_ROUND( Y, X );
496 DES_ROUND( X, Y );
497 }
498
499 DES_FP( Y, X );
500
501 PUT_ULONG_BE( Y, output, 0 );
502 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]503
504 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505}
506
507/*
508 * DES-CBC buffer encryption/decryption
509 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]510int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]511 int mode,
512 int length,
513 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]514 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]515 unsigned char *output )
516{
517 int i;
518 unsigned char temp[8];
519
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]520 if( length % 8 )
521 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
522
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]523 if( mode == DES_ENCRYPT )
524 {
525 while( length > 0 )
526 {
527 for( i = 0; i < 8; i++ )
528 output[i] = (unsigned char)( input[i] ^ iv[i] );
529
530 des_crypt_ecb( ctx, output, output );
531 memcpy( iv, output, 8 );
532
533 input += 8;
534 output += 8;
535 length -= 8;
536 }
537 }
538 else /* DES_DECRYPT */
539 {
540 while( length > 0 )
541 {
542 memcpy( temp, input, 8 );
543 des_crypt_ecb( ctx, input, output );
544
545 for( i = 0; i < 8; i++ )
546 output[i] = (unsigned char)( output[i] ^ iv[i] );
547
548 memcpy( iv, temp, 8 );
549
550 input += 8;
551 output += 8;
552 length -= 8;
553 }
554 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]555
556 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]557}
558
559/*
560 * 3DES-ECB block encryption/decryption
561 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]562int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]563 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]564 unsigned char output[8] )
565{
566 int i;
567 unsigned long X, Y, T, *SK;
568
569 SK = ctx->sk;
570
571 GET_ULONG_BE( X, input, 0 );
572 GET_ULONG_BE( Y, input, 4 );
573
574 DES_IP( X, Y );
575
576 for( i = 0; i < 8; i++ )
577 {
578 DES_ROUND( Y, X );
579 DES_ROUND( X, Y );
580 }
581
582 for( i = 0; i < 8; i++ )
583 {
584 DES_ROUND( X, Y );
585 DES_ROUND( Y, X );
586 }
587
588 for( i = 0; i < 8; i++ )
589 {
590 DES_ROUND( Y, X );
591 DES_ROUND( X, Y );
592 }
593
594 DES_FP( Y, X );
595
596 PUT_ULONG_BE( Y, output, 0 );
597 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]598
599 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]600}
601
602/*
603 * 3DES-CBC buffer encryption/decryption
604 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]605int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]606 int mode,
607 int length,
608 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]609 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]610 unsigned char *output )
611{
612 int i;
613 unsigned char temp[8];
614
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]615 if( length % 8 )
616 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
617
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]618 if( mode == DES_ENCRYPT )
619 {
620 while( length > 0 )
621 {
622 for( i = 0; i < 8; i++ )
623 output[i] = (unsigned char)( input[i] ^ iv[i] );
624
625 des3_crypt_ecb( ctx, output, output );
626 memcpy( iv, output, 8 );
627
628 input += 8;
629 output += 8;
630 length -= 8;
631 }
632 }
633 else /* DES_DECRYPT */
634 {
635 while( length > 0 )
636 {
637 memcpy( temp, input, 8 );
638 des3_crypt_ecb( ctx, input, output );
639
640 for( i = 0; i < 8; i++ )
641 output[i] = (unsigned char)( output[i] ^ iv[i] );
642
643 memcpy( iv, temp, 8 );
644
645 input += 8;
646 output += 8;
647 length -= 8;
648 }
649 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame^]650
651 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]652}
653
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]654#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]655
656#include <stdio.h>
657
658/*
659 * DES and 3DES test vectors from:
660 *
661 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
662 */
663static const unsigned char des3_test_keys[24] =
664{
665 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
666 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
667 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
668};
669
670static const unsigned char des3_test_iv[8] =
671{
672 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
673};
674
675static const unsigned char des3_test_buf[8] =
676{
677 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
678};
679
680static const unsigned char des3_test_ecb_dec[3][8] =
681{
682 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
683 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
684 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
685};
686
687static const unsigned char des3_test_ecb_enc[3][8] =
688{
689 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
690 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
691 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
692};
693
694static const unsigned char des3_test_cbc_dec[3][8] =
695{
696 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
697 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
698 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
699};
700
701static const unsigned char des3_test_cbc_enc[3][8] =
702{
703 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
704 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
705 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
706};
707
708/*
709 * Checkup routine
710 */
711int des_self_test( int verbose )
712{
713 int i, j, u, v;
714 des_context ctx;
715 des3_context ctx3;
716 unsigned char key[24];
717 unsigned char buf[8];
718 unsigned char prv[8];
719 unsigned char iv[8];
720
721 memset( key, 0, 24 );
722
723 /*
724 * ECB mode
725 */
726 for( i = 0; i < 6; i++ )
727 {
728 u = i >> 1;
729 v = i & 1;
730
731 if( verbose != 0 )
732 printf( " DES%c-ECB-%3d (%s): ",
733 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
734 ( v == DES_DECRYPT ) ? "dec" : "enc" );
735
736 memcpy( buf, des3_test_buf, 8 );
737
738 switch( i )
739 {
740 case 0:
741 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
742 break;
743
744 case 1:
745 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
746 break;
747
748 case 2:
749 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
750 break;
751
752 case 3:
753 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
754 break;
755
756 case 4:
757 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
758 break;
759
760 case 5:
761 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
762 break;
763
764 default:
765 return( 1 );
766 }
767
768 for( j = 0; j < 10000; j++ )
769 {
770 if( u == 0 )
771 des_crypt_ecb( &ctx, buf, buf );
772 else
773 des3_crypt_ecb( &ctx3, buf, buf );
774 }
775
776 if( ( v == DES_DECRYPT &&
777 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
778 ( v != DES_DECRYPT &&
779 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
780 {
781 if( verbose != 0 )
782 printf( "failed\n" );
783
784 return( 1 );
785 }
786
787 if( verbose != 0 )
788 printf( "passed\n" );
789 }
790
791 if( verbose != 0 )
792 printf( "\n" );
793
794 /*
795 * CBC mode
796 */
797 for( i = 0; i < 6; i++ )
798 {
799 u = i >> 1;
800 v = i & 1;
801
802 if( verbose != 0 )
803 printf( " DES%c-CBC-%3d (%s): ",
804 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
805 ( v == DES_DECRYPT ) ? "dec" : "enc" );
806
807 memcpy( iv, des3_test_iv, 8 );
808 memcpy( prv, des3_test_iv, 8 );
809 memcpy( buf, des3_test_buf, 8 );
810
811 switch( i )
812 {
813 case 0:
814 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
815 break;
816
817 case 1:
818 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
819 break;
820
821 case 2:
822 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
823 break;
824
825 case 3:
826 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
827 break;
828
829 case 4:
830 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
831 break;
832
833 case 5:
834 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
835 break;
836
837 default:
838 return( 1 );
839 }
840
841 if( v == DES_DECRYPT )
842 {
843 for( j = 0; j < 10000; j++ )
844 {
845 if( u == 0 )
846 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
847 else
848 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
849 }
850 }
851 else
852 {
853 for( j = 0; j < 10000; j++ )
854 {
855 unsigned char tmp[8];
856
857 if( u == 0 )
858 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
859 else
860 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
861
862 memcpy( tmp, prv, 8 );
863 memcpy( prv, buf, 8 );
864 memcpy( buf, tmp, 8 );
865 }
866
867 memcpy( buf, prv, 8 );
868 }
869
870 if( ( v == DES_DECRYPT &&
871 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
872 ( v != DES_DECRYPT &&
873 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
874 {
875 if( verbose != 0 )
876 printf( "failed\n" );
877
878 return( 1 );
879 }
880
881 if( verbose != 0 )
882 printf( "passed\n" );
883 }
884
885 if( verbose != 0 )
886 printf( "\n" );
887
888 return( 0 );
889}
890
891#endif
892
893#endif