TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 90995b5ce3295685586b740aa6f511cef05d51f1 / . / library / des.c
blob: 0cf4b3d50dd060d6c39cfe64c8a60a6aa635436c [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame^]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame^]38#if !defined(POLARSSL_DES_ALT)
39
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40/*
41 * 32-bit integer manipulation macros (big endian)
42 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]43#ifndef GET_UINT32_BE
44#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]45{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]46 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]50}
51#endif
52
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]53#ifndef PUT_UINT32_BE
54#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]55{ \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60}
61#endif
62
63/*
64 * Expanded DES S-boxes
65 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66static const uint32_t SB1[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]67{
68 0x01010400, 0x00000000, 0x00010000, 0x01010404,
69 0x01010004, 0x00010404, 0x00000004, 0x00010000,
70 0x00000400, 0x01010400, 0x01010404, 0x00000400,
71 0x01000404, 0x01010004, 0x01000000, 0x00000004,
72 0x00000404, 0x01000400, 0x01000400, 0x00010400,
73 0x00010400, 0x01010000, 0x01010000, 0x01000404,
74 0x00010004, 0x01000004, 0x01000004, 0x00010004,
75 0x00000000, 0x00000404, 0x00010404, 0x01000000,
76 0x00010000, 0x01010404, 0x00000004, 0x01010000,
77 0x01010400, 0x01000000, 0x01000000, 0x00000400,
78 0x01010004, 0x00010000, 0x00010400, 0x01000004,
79 0x00000400, 0x00000004, 0x01000404, 0x00010404,
80 0x01010404, 0x00010004, 0x01010000, 0x01000404,
81 0x01000004, 0x00000404, 0x00010404, 0x01010400,
82 0x00000404, 0x01000400, 0x01000400, 0x00000000,
83 0x00010004, 0x00010400, 0x00000000, 0x01010004
84};
85
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]86static const uint32_t SB2[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]87{
88 0x80108020, 0x80008000, 0x00008000, 0x00108020,
89 0x00100000, 0x00000020, 0x80100020, 0x80008020,
90 0x80000020, 0x80108020, 0x80108000, 0x80000000,
91 0x80008000, 0x00100000, 0x00000020, 0x80100020,
92 0x00108000, 0x00100020, 0x80008020, 0x00000000,
93 0x80000000, 0x00008000, 0x00108020, 0x80100000,
94 0x00100020, 0x80000020, 0x00000000, 0x00108000,
95 0x00008020, 0x80108000, 0x80100000, 0x00008020,
96 0x00000000, 0x00108020, 0x80100020, 0x00100000,
97 0x80008020, 0x80100000, 0x80108000, 0x00008000,
98 0x80100000, 0x80008000, 0x00000020, 0x80108020,
99 0x00108020, 0x00000020, 0x00008000, 0x80000000,
100 0x00008020, 0x80108000, 0x00100000, 0x80000020,
101 0x00100020, 0x80008020, 0x80000020, 0x00100020,
102 0x00108000, 0x00000000, 0x80008000, 0x00008020,
103 0x80000000, 0x80100020, 0x80108020, 0x00108000
104};
105
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]106static const uint32_t SB3[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]107{
108 0x00000208, 0x08020200, 0x00000000, 0x08020008,
109 0x08000200, 0x00000000, 0x00020208, 0x08000200,
110 0x00020008, 0x08000008, 0x08000008, 0x00020000,
111 0x08020208, 0x00020008, 0x08020000, 0x00000208,
112 0x08000000, 0x00000008, 0x08020200, 0x00000200,
113 0x00020200, 0x08020000, 0x08020008, 0x00020208,
114 0x08000208, 0x00020200, 0x00020000, 0x08000208,
115 0x00000008, 0x08020208, 0x00000200, 0x08000000,
116 0x08020200, 0x08000000, 0x00020008, 0x00000208,
117 0x00020000, 0x08020200, 0x08000200, 0x00000000,
118 0x00000200, 0x00020008, 0x08020208, 0x08000200,
119 0x08000008, 0x00000200, 0x00000000, 0x08020008,
120 0x08000208, 0x00020000, 0x08000000, 0x08020208,
121 0x00000008, 0x00020208, 0x00020200, 0x08000008,
122 0x08020000, 0x08000208, 0x00000208, 0x08020000,
123 0x00020208, 0x00000008, 0x08020008, 0x00020200
124};
125
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]126static const uint32_t SB4[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]127{
128 0x00802001, 0x00002081, 0x00002081, 0x00000080,
129 0x00802080, 0x00800081, 0x00800001, 0x00002001,
130 0x00000000, 0x00802000, 0x00802000, 0x00802081,
131 0x00000081, 0x00000000, 0x00800080, 0x00800001,
132 0x00000001, 0x00002000, 0x00800000, 0x00802001,
133 0x00000080, 0x00800000, 0x00002001, 0x00002080,
134 0x00800081, 0x00000001, 0x00002080, 0x00800080,
135 0x00002000, 0x00802080, 0x00802081, 0x00000081,
136 0x00800080, 0x00800001, 0x00802000, 0x00802081,
137 0x00000081, 0x00000000, 0x00000000, 0x00802000,
138 0x00002080, 0x00800080, 0x00800081, 0x00000001,
139 0x00802001, 0x00002081, 0x00002081, 0x00000080,
140 0x00802081, 0x00000081, 0x00000001, 0x00002000,
141 0x00800001, 0x00002001, 0x00802080, 0x00800081,
142 0x00002001, 0x00002080, 0x00800000, 0x00802001,
143 0x00000080, 0x00800000, 0x00002000, 0x00802080
144};
145
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]146static const uint32_t SB5[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]147{
148 0x00000100, 0x02080100, 0x02080000, 0x42000100,
149 0x00080000, 0x00000100, 0x40000000, 0x02080000,
150 0x40080100, 0x00080000, 0x02000100, 0x40080100,
151 0x42000100, 0x42080000, 0x00080100, 0x40000000,
152 0x02000000, 0x40080000, 0x40080000, 0x00000000,
153 0x40000100, 0x42080100, 0x42080100, 0x02000100,
154 0x42080000, 0x40000100, 0x00000000, 0x42000000,
155 0x02080100, 0x02000000, 0x42000000, 0x00080100,
156 0x00080000, 0x42000100, 0x00000100, 0x02000000,
157 0x40000000, 0x02080000, 0x42000100, 0x40080100,
158 0x02000100, 0x40000000, 0x42080000, 0x02080100,
159 0x40080100, 0x00000100, 0x02000000, 0x42080000,
160 0x42080100, 0x00080100, 0x42000000, 0x42080100,
161 0x02080000, 0x00000000, 0x40080000, 0x42000000,
162 0x00080100, 0x02000100, 0x40000100, 0x00080000,
163 0x00000000, 0x40080000, 0x02080100, 0x40000100
164};
165
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]166static const uint32_t SB6[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]167{
168 0x20000010, 0x20400000, 0x00004000, 0x20404010,
169 0x20400000, 0x00000010, 0x20404010, 0x00400000,
170 0x20004000, 0x00404010, 0x00400000, 0x20000010,
171 0x00400010, 0x20004000, 0x20000000, 0x00004010,
172 0x00000000, 0x00400010, 0x20004010, 0x00004000,
173 0x00404000, 0x20004010, 0x00000010, 0x20400010,
174 0x20400010, 0x00000000, 0x00404010, 0x20404000,
175 0x00004010, 0x00404000, 0x20404000, 0x20000000,
176 0x20004000, 0x00000010, 0x20400010, 0x00404000,
177 0x20404010, 0x00400000, 0x00004010, 0x20000010,
178 0x00400000, 0x20004000, 0x20000000, 0x00004010,
179 0x20000010, 0x20404010, 0x00404000, 0x20400000,
180 0x00404010, 0x20404000, 0x00000000, 0x20400010,
181 0x00000010, 0x00004000, 0x20400000, 0x00404010,
182 0x00004000, 0x00400010, 0x20004010, 0x00000000,
183 0x20404000, 0x20000000, 0x00400010, 0x20004010
184};
185
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]186static const uint32_t SB7[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]187{
188 0x00200000, 0x04200002, 0x04000802, 0x00000000,
189 0x00000800, 0x04000802, 0x00200802, 0x04200800,
190 0x04200802, 0x00200000, 0x00000000, 0x04000002,
191 0x00000002, 0x04000000, 0x04200002, 0x00000802,
192 0x04000800, 0x00200802, 0x00200002, 0x04000800,
193 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802,
195 0x00200800, 0x00000002, 0x04000000, 0x00200800,
196 0x04000000, 0x00200800, 0x00200000, 0x04000802,
197 0x04000802, 0x04200002, 0x04200002, 0x00000002,
198 0x00200002, 0x04000000, 0x04000800, 0x00200000,
199 0x04200800, 0x00000802, 0x00200802, 0x04200800,
200 0x00000802, 0x04000002, 0x04200802, 0x04200000,
201 0x00200800, 0x00000000, 0x00000002, 0x04200802,
202 0x00000000, 0x00200802, 0x04200000, 0x00000800,
203 0x04000002, 0x04000800, 0x00000800, 0x00200002
204};
205
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]206static const uint32_t SB8[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]207{
208 0x10001040, 0x00001000, 0x00040000, 0x10041040,
209 0x10000000, 0x10001040, 0x00000040, 0x10000000,
210 0x00040040, 0x10040000, 0x10041040, 0x00041000,
211 0x10041000, 0x00041040, 0x00001000, 0x00000040,
212 0x10040000, 0x10000040, 0x10001000, 0x00001040,
213 0x00041000, 0x00040040, 0x10040040, 0x10041000,
214 0x00001040, 0x00000000, 0x00000000, 0x10040040,
215 0x10000040, 0x10001000, 0x00041040, 0x00040000,
216 0x00041040, 0x00040000, 0x10041000, 0x00001000,
217 0x00000040, 0x10040040, 0x00001000, 0x00041040,
218 0x10001000, 0x00000040, 0x10000040, 0x10040000,
219 0x10040040, 0x10000000, 0x00040000, 0x10001040,
220 0x00000000, 0x10041040, 0x00040040, 0x10000040,
221 0x10040000, 0x10001000, 0x10001040, 0x00000000,
222 0x10041040, 0x00041000, 0x00041000, 0x00001040,
223 0x00001040, 0x00040040, 0x10000000, 0x10041000
224};
225
226/*
227 * PC1: left and right halves bit-swap
228 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]229static const uint32_t LHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]230{
231 0x00000000, 0x00000001, 0x00000100, 0x00000101,
232 0x00010000, 0x00010001, 0x00010100, 0x00010101,
233 0x01000000, 0x01000001, 0x01000100, 0x01000101,
234 0x01010000, 0x01010001, 0x01010100, 0x01010101
235};
236
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]237static const uint32_t RHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]238{
239 0x00000000, 0x01000000, 0x00010000, 0x01010000,
240 0x00000100, 0x01000100, 0x00010100, 0x01010100,
241 0x00000001, 0x01000001, 0x00010001, 0x01010001,
242 0x00000101, 0x01000101, 0x00010101, 0x01010101,
243};
244
245/*
246 * Initial Permutation macro
247 */
248#define DES_IP(X,Y) \
249{ \
250 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257}
258
259/*
260 * Final Permutation macro
261 */
262#define DES_FP(X,Y) \
263{ \
264 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271}
272
273/*
274 * DES round macro
275 */
276#define DES_ROUND(X,Y) \
277{ \
278 T = *SK++ ^ X; \
279 Y ^= SB8[ (T ) & 0x3F ] ^ \
280 SB6[ (T >> 8) & 0x3F ] ^ \
281 SB4[ (T >> 16) & 0x3F ] ^ \
282 SB2[ (T >> 24) & 0x3F ]; \
283 \
284 T = *SK++ ^ ((X << 28) | (X >> 4)); \
285 Y ^= SB7[ (T ) & 0x3F ] ^ \
286 SB5[ (T >> 8) & 0x3F ] ^ \
287 SB3[ (T >> 16) & 0x3F ] ^ \
288 SB1[ (T >> 24) & 0x3F ]; \
289}
290
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]291#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]292
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]293static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
294 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
295 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
296 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
297 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
298 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
299 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
300 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
301 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
302 254 };
303
304void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
305{
306 int i;
307
308 for( i = 0; i < DES_KEY_SIZE; i++ )
309 key[i] = odd_parity_table[key[i] / 2];
310}
311
312/*
313 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
314 */
315int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
316{
317 int i;
318
319 for( i = 0; i < DES_KEY_SIZE; i++ )
320 if ( key[i] != odd_parity_table[key[i] / 2] )
321 return( 1 );
322
323 return( 0 );
324}
325
326/*
327 * Table of weak and semi-weak keys
328 *
329 * Source: http://en.wikipedia.org/wiki/Weak_key
330 *
331 * Weak:
332 * Alternating ones + zeros (0x0101010101010101)
333 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
334 * '0xE0E0E0E0F1F1F1F1'
335 * '0x1F1F1F1F0E0E0E0E'
336 *
337 * Semi-weak:
338 * 0x011F011F010E010E and 0x1F011F010E010E01
339 * 0x01E001E001F101F1 and 0xE001E001F101F101
340 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
341 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
342 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
343 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
344 *
345 */
346
347#define WEAK_KEY_COUNT 16
348
349static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
350{
351 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
352 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
353 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
354 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
355
356 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
357 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
358 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
359 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
360 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
361 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
362 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
363 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
364 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
365 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
366 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
367 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
368};
369
370int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
371{
372 int i;
373
374 for( i = 0; i < WEAK_KEY_COUNT; i++ )
375 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]376 return( 1 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]377
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]378 return( 0 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]379}
380
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]381static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382{
383 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]384 uint32_t X, Y, T;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]386 GET_UINT32_BE( X, key, 0 );
387 GET_UINT32_BE( Y, key, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]388
389 /*
390 * Permuted Choice 1
391 */
392 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
393 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
394
395 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
396 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
397 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
398 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
399
400 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
401 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
402 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
403 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
404
405 X &= 0x0FFFFFFF;
406 Y &= 0x0FFFFFFF;
407
408 /*
409 * calculate subkeys
410 */
411 for( i = 0; i < 16; i++ )
412 {
413 if( i < 2 || i == 8 || i == 15 )
414 {
415 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
416 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
417 }
418 else
419 {
420 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
421 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
422 }
423
424 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
425 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
426 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
427 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
428 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
429 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
430 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
431 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
432 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
433 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
434 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
435
436 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
437 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
438 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
439 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
440 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
441 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
442 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
443 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
444 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
445 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
446 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
447 }
448}
449
450/*
451 * DES key schedule (56-bit, encryption)
452 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]453int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454{
455 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]456
457 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]458}
459
460/*
461 * DES key schedule (56-bit, decryption)
462 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]463int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]464{
465 int i;
466
467 des_setkey( ctx->sk, key );
468
469 for( i = 0; i < 16; i += 2 )
470 {
471 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
472 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
473 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]474
475 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476}
477
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]478static void des3_set2key( uint32_t esk[96],
479 uint32_t dsk[96],
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]480 const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481{
482 int i;
483
484 des_setkey( esk, key );
485 des_setkey( dsk + 32, key + 8 );
486
487 for( i = 0; i < 32; i += 2 )
488 {
489 dsk[i ] = esk[30 - i];
490 dsk[i + 1] = esk[31 - i];
491
492 esk[i + 32] = dsk[62 - i];
493 esk[i + 33] = dsk[63 - i];
494
495 esk[i + 64] = esk[i ];
496 esk[i + 65] = esk[i + 1];
497
498 dsk[i + 64] = dsk[i ];
499 dsk[i + 65] = dsk[i + 1];
500 }
501}
502
503/*
504 * Triple-DES key schedule (112-bit, encryption)
505 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]506int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]507{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]508 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]509
510 des3_set2key( ctx->sk, sk, key );
511 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]512
513 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]514}
515
516/*
517 * Triple-DES key schedule (112-bit, decryption)
518 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]519int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]520{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]521 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]522
523 des3_set2key( sk, ctx->sk, key );
524 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]525
526 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]527}
528
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]529static void des3_set3key( uint32_t esk[96],
530 uint32_t dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]531 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]532{
533 int i;
534
535 des_setkey( esk, key );
536 des_setkey( dsk + 32, key + 8 );
537 des_setkey( esk + 64, key + 16 );
538
539 for( i = 0; i < 32; i += 2 )
540 {
541 dsk[i ] = esk[94 - i];
542 dsk[i + 1] = esk[95 - i];
543
544 esk[i + 32] = dsk[62 - i];
545 esk[i + 33] = dsk[63 - i];
546
547 dsk[i + 64] = esk[30 - i];
548 dsk[i + 65] = esk[31 - i];
549 }
550}
551
552/*
553 * Triple-DES key schedule (168-bit, encryption)
554 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]555int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]556{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]557 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]558
559 des3_set3key( ctx->sk, sk, key );
560 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]561
562 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]563}
564
565/*
566 * Triple-DES key schedule (168-bit, decryption)
567 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]568int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]569{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]570 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]571
572 des3_set3key( sk, ctx->sk, key );
573 memset( sk, 0, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]574
575 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]576}
577
578/*
579 * DES-ECB block encryption/decryption
580 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]581int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]582 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]583 unsigned char output[8] )
584{
585 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]586 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]587
588 SK = ctx->sk;
589
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]590 GET_UINT32_BE( X, input, 0 );
591 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]592
593 DES_IP( X, Y );
594
595 for( i = 0; i < 8; i++ )
596 {
597 DES_ROUND( Y, X );
598 DES_ROUND( X, Y );
599 }
600
601 DES_FP( Y, X );
602
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]603 PUT_UINT32_BE( Y, output, 0 );
604 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]605
606 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]607}
608
609/*
610 * DES-CBC buffer encryption/decryption
611 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]612int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]613 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]614 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]615 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]616 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]617 unsigned char *output )
618{
619 int i;
620 unsigned char temp[8];
621
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]622 if( length % 8 )
623 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
624
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]625 if( mode == DES_ENCRYPT )
626 {
627 while( length > 0 )
628 {
629 for( i = 0; i < 8; i++ )
630 output[i] = (unsigned char)( input[i] ^ iv[i] );
631
632 des_crypt_ecb( ctx, output, output );
633 memcpy( iv, output, 8 );
634
635 input += 8;
636 output += 8;
637 length -= 8;
638 }
639 }
640 else /* DES_DECRYPT */
641 {
642 while( length > 0 )
643 {
644 memcpy( temp, input, 8 );
645 des_crypt_ecb( ctx, input, output );
646
647 for( i = 0; i < 8; i++ )
648 output[i] = (unsigned char)( output[i] ^ iv[i] );
649
650 memcpy( iv, temp, 8 );
651
652 input += 8;
653 output += 8;
654 length -= 8;
655 }
656 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]657
658 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]659}
660
661/*
662 * 3DES-ECB block encryption/decryption
663 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]664int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]665 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]666 unsigned char output[8] )
667{
668 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]669 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]670
671 SK = ctx->sk;
672
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]673 GET_UINT32_BE( X, input, 0 );
674 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]675
676 DES_IP( X, Y );
677
678 for( i = 0; i < 8; i++ )
679 {
680 DES_ROUND( Y, X );
681 DES_ROUND( X, Y );
682 }
683
684 for( i = 0; i < 8; i++ )
685 {
686 DES_ROUND( X, Y );
687 DES_ROUND( Y, X );
688 }
689
690 for( i = 0; i < 8; i++ )
691 {
692 DES_ROUND( Y, X );
693 DES_ROUND( X, Y );
694 }
695
696 DES_FP( Y, X );
697
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]698 PUT_UINT32_BE( Y, output, 0 );
699 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]700
701 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]702}
703
704/*
705 * 3DES-CBC buffer encryption/decryption
706 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]707int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]708 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]709 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]710 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]711 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]712 unsigned char *output )
713{
714 int i;
715 unsigned char temp[8];
716
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]717 if( length % 8 )
718 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
719
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]720 if( mode == DES_ENCRYPT )
721 {
722 while( length > 0 )
723 {
724 for( i = 0; i < 8; i++ )
725 output[i] = (unsigned char)( input[i] ^ iv[i] );
726
727 des3_crypt_ecb( ctx, output, output );
728 memcpy( iv, output, 8 );
729
730 input += 8;
731 output += 8;
732 length -= 8;
733 }
734 }
735 else /* DES_DECRYPT */
736 {
737 while( length > 0 )
738 {
739 memcpy( temp, input, 8 );
740 des3_crypt_ecb( ctx, input, output );
741
742 for( i = 0; i < 8; i++ )
743 output[i] = (unsigned char)( output[i] ^ iv[i] );
744
745 memcpy( iv, temp, 8 );
746
747 input += 8;
748 output += 8;
749 length -= 8;
750 }
751 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]752
753 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]754}
755
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame^]756#endif /* !POLARSSL_DES_ALT */
757
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]758#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]759
760#include <stdio.h>
761
762/*
763 * DES and 3DES test vectors from:
764 *
765 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
766 */
767static const unsigned char des3_test_keys[24] =
768{
769 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
770 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
771 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
772};
773
774static const unsigned char des3_test_iv[8] =
775{
776 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
777};
778
779static const unsigned char des3_test_buf[8] =
780{
781 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
782};
783
784static const unsigned char des3_test_ecb_dec[3][8] =
785{
786 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
787 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
788 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
789};
790
791static const unsigned char des3_test_ecb_enc[3][8] =
792{
793 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
794 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
795 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
796};
797
798static const unsigned char des3_test_cbc_dec[3][8] =
799{
800 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
801 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
802 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
803};
804
805static const unsigned char des3_test_cbc_enc[3][8] =
806{
807 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
808 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
809 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
810};
811
812/*
813 * Checkup routine
814 */
815int des_self_test( int verbose )
816{
817 int i, j, u, v;
818 des_context ctx;
819 des3_context ctx3;
820 unsigned char key[24];
821 unsigned char buf[8];
822 unsigned char prv[8];
823 unsigned char iv[8];
824
825 memset( key, 0, 24 );
826
827 /*
828 * ECB mode
829 */
830 for( i = 0; i < 6; i++ )
831 {
832 u = i >> 1;
833 v = i & 1;
834
835 if( verbose != 0 )
836 printf( " DES%c-ECB-%3d (%s): ",
837 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
838 ( v == DES_DECRYPT ) ? "dec" : "enc" );
839
840 memcpy( buf, des3_test_buf, 8 );
841
842 switch( i )
843 {
844 case 0:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]845 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]846 break;
847
848 case 1:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]849 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]850 break;
851
852 case 2:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]853 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]854 break;
855
856 case 3:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]857 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]858 break;
859
860 case 4:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]861 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]862 break;
863
864 case 5:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]865 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]866 break;
867
868 default:
869 return( 1 );
870 }
871
872 for( j = 0; j < 10000; j++ )
873 {
874 if( u == 0 )
875 des_crypt_ecb( &ctx, buf, buf );
876 else
877 des3_crypt_ecb( &ctx3, buf, buf );
878 }
879
880 if( ( v == DES_DECRYPT &&
881 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
882 ( v != DES_DECRYPT &&
883 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
884 {
885 if( verbose != 0 )
886 printf( "failed\n" );
887
888 return( 1 );
889 }
890
891 if( verbose != 0 )
892 printf( "passed\n" );
893 }
894
895 if( verbose != 0 )
896 printf( "\n" );
897
898 /*
899 * CBC mode
900 */
901 for( i = 0; i < 6; i++ )
902 {
903 u = i >> 1;
904 v = i & 1;
905
906 if( verbose != 0 )
907 printf( " DES%c-CBC-%3d (%s): ",
908 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
909 ( v == DES_DECRYPT ) ? "dec" : "enc" );
910
911 memcpy( iv, des3_test_iv, 8 );
912 memcpy( prv, des3_test_iv, 8 );
913 memcpy( buf, des3_test_buf, 8 );
914
915 switch( i )
916 {
917 case 0:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]918 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]919 break;
920
921 case 1:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]922 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]923 break;
924
925 case 2:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]926 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]927 break;
928
929 case 3:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]930 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]931 break;
932
933 case 4:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]934 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]935 break;
936
937 case 5:
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]938 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]939 break;
940
941 default:
942 return( 1 );
943 }
944
945 if( v == DES_DECRYPT )
946 {
947 for( j = 0; j < 10000; j++ )
948 {
949 if( u == 0 )
950 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
951 else
952 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
953 }
954 }
955 else
956 {
957 for( j = 0; j < 10000; j++ )
958 {
959 unsigned char tmp[8];
960
961 if( u == 0 )
962 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
963 else
964 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
965
966 memcpy( tmp, prv, 8 );
967 memcpy( prv, buf, 8 );
968 memcpy( buf, tmp, 8 );
969 }
970
971 memcpy( buf, prv, 8 );
972 }
973
974 if( ( v == DES_DECRYPT &&
975 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
976 ( v != DES_DECRYPT &&
977 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
978 {
979 if( verbose != 0 )
980 printf( "failed\n" );
981
982 return( 1 );
983 }
984
985 if( verbose != 0 )
986 printf( "passed\n" );
987 }
988
989 if( verbose != 0 )
990 printf( "\n" );
991
992 return( 0 );
993}
994
995#endif
996
997#endif