TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / b96f154e51ed3aaca328257d74cae0a517ed31e0 / . / library / des.c
blob: 33c94596ceecf7314a87a82db4d377d5b269f71a [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame^]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame^]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
38#include <string.h>
39
40/*
41 * 32-bit integer manipulation macros (big endian)
42 */
43#ifndef GET_ULONG_BE
44#define GET_ULONG_BE(n,b,i) \
45{ \
46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
49 | ( (unsigned long) (b)[(i) + 3] ); \
50}
51#endif
52
53#ifndef PUT_ULONG_BE
54#define PUT_ULONG_BE(n,b,i) \
55{ \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60}
61#endif
62
63/*
64 * Expanded DES S-boxes
65 */
66static const unsigned long SB1[64] =
67{
68 0x01010400, 0x00000000, 0x00010000, 0x01010404,
69 0x01010004, 0x00010404, 0x00000004, 0x00010000,
70 0x00000400, 0x01010400, 0x01010404, 0x00000400,
71 0x01000404, 0x01010004, 0x01000000, 0x00000004,
72 0x00000404, 0x01000400, 0x01000400, 0x00010400,
73 0x00010400, 0x01010000, 0x01010000, 0x01000404,
74 0x00010004, 0x01000004, 0x01000004, 0x00010004,
75 0x00000000, 0x00000404, 0x00010404, 0x01000000,
76 0x00010000, 0x01010404, 0x00000004, 0x01010000,
77 0x01010400, 0x01000000, 0x01000000, 0x00000400,
78 0x01010004, 0x00010000, 0x00010400, 0x01000004,
79 0x00000400, 0x00000004, 0x01000404, 0x00010404,
80 0x01010404, 0x00010004, 0x01010000, 0x01000404,
81 0x01000004, 0x00000404, 0x00010404, 0x01010400,
82 0x00000404, 0x01000400, 0x01000400, 0x00000000,
83 0x00010004, 0x00010400, 0x00000000, 0x01010004
84};
85
86static const unsigned long SB2[64] =
87{
88 0x80108020, 0x80008000, 0x00008000, 0x00108020,
89 0x00100000, 0x00000020, 0x80100020, 0x80008020,
90 0x80000020, 0x80108020, 0x80108000, 0x80000000,
91 0x80008000, 0x00100000, 0x00000020, 0x80100020,
92 0x00108000, 0x00100020, 0x80008020, 0x00000000,
93 0x80000000, 0x00008000, 0x00108020, 0x80100000,
94 0x00100020, 0x80000020, 0x00000000, 0x00108000,
95 0x00008020, 0x80108000, 0x80100000, 0x00008020,
96 0x00000000, 0x00108020, 0x80100020, 0x00100000,
97 0x80008020, 0x80100000, 0x80108000, 0x00008000,
98 0x80100000, 0x80008000, 0x00000020, 0x80108020,
99 0x00108020, 0x00000020, 0x00008000, 0x80000000,
100 0x00008020, 0x80108000, 0x00100000, 0x80000020,
101 0x00100020, 0x80008020, 0x80000020, 0x00100020,
102 0x00108000, 0x00000000, 0x80008000, 0x00008020,
103 0x80000000, 0x80100020, 0x80108020, 0x00108000
104};
105
106static const unsigned long SB3[64] =
107{
108 0x00000208, 0x08020200, 0x00000000, 0x08020008,
109 0x08000200, 0x00000000, 0x00020208, 0x08000200,
110 0x00020008, 0x08000008, 0x08000008, 0x00020000,
111 0x08020208, 0x00020008, 0x08020000, 0x00000208,
112 0x08000000, 0x00000008, 0x08020200, 0x00000200,
113 0x00020200, 0x08020000, 0x08020008, 0x00020208,
114 0x08000208, 0x00020200, 0x00020000, 0x08000208,
115 0x00000008, 0x08020208, 0x00000200, 0x08000000,
116 0x08020200, 0x08000000, 0x00020008, 0x00000208,
117 0x00020000, 0x08020200, 0x08000200, 0x00000000,
118 0x00000200, 0x00020008, 0x08020208, 0x08000200,
119 0x08000008, 0x00000200, 0x00000000, 0x08020008,
120 0x08000208, 0x00020000, 0x08000000, 0x08020208,
121 0x00000008, 0x00020208, 0x00020200, 0x08000008,
122 0x08020000, 0x08000208, 0x00000208, 0x08020000,
123 0x00020208, 0x00000008, 0x08020008, 0x00020200
124};
125
126static const unsigned long SB4[64] =
127{
128 0x00802001, 0x00002081, 0x00002081, 0x00000080,
129 0x00802080, 0x00800081, 0x00800001, 0x00002001,
130 0x00000000, 0x00802000, 0x00802000, 0x00802081,
131 0x00000081, 0x00000000, 0x00800080, 0x00800001,
132 0x00000001, 0x00002000, 0x00800000, 0x00802001,
133 0x00000080, 0x00800000, 0x00002001, 0x00002080,
134 0x00800081, 0x00000001, 0x00002080, 0x00800080,
135 0x00002000, 0x00802080, 0x00802081, 0x00000081,
136 0x00800080, 0x00800001, 0x00802000, 0x00802081,
137 0x00000081, 0x00000000, 0x00000000, 0x00802000,
138 0x00002080, 0x00800080, 0x00800081, 0x00000001,
139 0x00802001, 0x00002081, 0x00002081, 0x00000080,
140 0x00802081, 0x00000081, 0x00000001, 0x00002000,
141 0x00800001, 0x00002001, 0x00802080, 0x00800081,
142 0x00002001, 0x00002080, 0x00800000, 0x00802001,
143 0x00000080, 0x00800000, 0x00002000, 0x00802080
144};
145
146static const unsigned long SB5[64] =
147{
148 0x00000100, 0x02080100, 0x02080000, 0x42000100,
149 0x00080000, 0x00000100, 0x40000000, 0x02080000,
150 0x40080100, 0x00080000, 0x02000100, 0x40080100,
151 0x42000100, 0x42080000, 0x00080100, 0x40000000,
152 0x02000000, 0x40080000, 0x40080000, 0x00000000,
153 0x40000100, 0x42080100, 0x42080100, 0x02000100,
154 0x42080000, 0x40000100, 0x00000000, 0x42000000,
155 0x02080100, 0x02000000, 0x42000000, 0x00080100,
156 0x00080000, 0x42000100, 0x00000100, 0x02000000,
157 0x40000000, 0x02080000, 0x42000100, 0x40080100,
158 0x02000100, 0x40000000, 0x42080000, 0x02080100,
159 0x40080100, 0x00000100, 0x02000000, 0x42080000,
160 0x42080100, 0x00080100, 0x42000000, 0x42080100,
161 0x02080000, 0x00000000, 0x40080000, 0x42000000,
162 0x00080100, 0x02000100, 0x40000100, 0x00080000,
163 0x00000000, 0x40080000, 0x02080100, 0x40000100
164};
165
166static const unsigned long SB6[64] =
167{
168 0x20000010, 0x20400000, 0x00004000, 0x20404010,
169 0x20400000, 0x00000010, 0x20404010, 0x00400000,
170 0x20004000, 0x00404010, 0x00400000, 0x20000010,
171 0x00400010, 0x20004000, 0x20000000, 0x00004010,
172 0x00000000, 0x00400010, 0x20004010, 0x00004000,
173 0x00404000, 0x20004010, 0x00000010, 0x20400010,
174 0x20400010, 0x00000000, 0x00404010, 0x20404000,
175 0x00004010, 0x00404000, 0x20404000, 0x20000000,
176 0x20004000, 0x00000010, 0x20400010, 0x00404000,
177 0x20404010, 0x00400000, 0x00004010, 0x20000010,
178 0x00400000, 0x20004000, 0x20000000, 0x00004010,
179 0x20000010, 0x20404010, 0x00404000, 0x20400000,
180 0x00404010, 0x20404000, 0x00000000, 0x20400010,
181 0x00000010, 0x00004000, 0x20400000, 0x00404010,
182 0x00004000, 0x00400010, 0x20004010, 0x00000000,
183 0x20404000, 0x20000000, 0x00400010, 0x20004010
184};
185
186static const unsigned long SB7[64] =
187{
188 0x00200000, 0x04200002, 0x04000802, 0x00000000,
189 0x00000800, 0x04000802, 0x00200802, 0x04200800,
190 0x04200802, 0x00200000, 0x00000000, 0x04000002,
191 0x00000002, 0x04000000, 0x04200002, 0x00000802,
192 0x04000800, 0x00200802, 0x00200002, 0x04000800,
193 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802,
195 0x00200800, 0x00000002, 0x04000000, 0x00200800,
196 0x04000000, 0x00200800, 0x00200000, 0x04000802,
197 0x04000802, 0x04200002, 0x04200002, 0x00000002,
198 0x00200002, 0x04000000, 0x04000800, 0x00200000,
199 0x04200800, 0x00000802, 0x00200802, 0x04200800,
200 0x00000802, 0x04000002, 0x04200802, 0x04200000,
201 0x00200800, 0x00000000, 0x00000002, 0x04200802,
202 0x00000000, 0x00200802, 0x04200000, 0x00000800,
203 0x04000002, 0x04000800, 0x00000800, 0x00200002
204};
205
206static const unsigned long SB8[64] =
207{
208 0x10001040, 0x00001000, 0x00040000, 0x10041040,
209 0x10000000, 0x10001040, 0x00000040, 0x10000000,
210 0x00040040, 0x10040000, 0x10041040, 0x00041000,
211 0x10041000, 0x00041040, 0x00001000, 0x00000040,
212 0x10040000, 0x10000040, 0x10001000, 0x00001040,
213 0x00041000, 0x00040040, 0x10040040, 0x10041000,
214 0x00001040, 0x00000000, 0x00000000, 0x10040040,
215 0x10000040, 0x10001000, 0x00041040, 0x00040000,
216 0x00041040, 0x00040000, 0x10041000, 0x00001000,
217 0x00000040, 0x10040040, 0x00001000, 0x00041040,
218 0x10001000, 0x00000040, 0x10000040, 0x10040000,
219 0x10040040, 0x10000000, 0x00040000, 0x10001040,
220 0x00000000, 0x10041040, 0x00040040, 0x10000040,
221 0x10040000, 0x10001000, 0x10001040, 0x00000000,
222 0x10041040, 0x00041000, 0x00041000, 0x00001040,
223 0x00001040, 0x00040040, 0x10000000, 0x10041000
224};
225
226/*
227 * PC1: left and right halves bit-swap
228 */
229static const unsigned long LHs[16] =
230{
231 0x00000000, 0x00000001, 0x00000100, 0x00000101,
232 0x00010000, 0x00010001, 0x00010100, 0x00010101,
233 0x01000000, 0x01000001, 0x01000100, 0x01000101,
234 0x01010000, 0x01010001, 0x01010100, 0x01010101
235};
236
237static const unsigned long RHs[16] =
238{
239 0x00000000, 0x01000000, 0x00010000, 0x01010000,
240 0x00000100, 0x01000100, 0x00010100, 0x01010100,
241 0x00000001, 0x01000001, 0x00010001, 0x01010001,
242 0x00000101, 0x01000101, 0x00010101, 0x01010101,
243};
244
245/*
246 * Initial Permutation macro
247 */
248#define DES_IP(X,Y) \
249{ \
250 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257}
258
259/*
260 * Final Permutation macro
261 */
262#define DES_FP(X,Y) \
263{ \
264 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271}
272
273/*
274 * DES round macro
275 */
276#define DES_ROUND(X,Y) \
277{ \
278 T = *SK++ ^ X; \
279 Y ^= SB8[ (T ) & 0x3F ] ^ \
280 SB6[ (T >> 8) & 0x3F ] ^ \
281 SB4[ (T >> 16) & 0x3F ] ^ \
282 SB2[ (T >> 24) & 0x3F ]; \
283 \
284 T = *SK++ ^ ((X << 28) | (X >> 4)); \
285 Y ^= SB7[ (T ) & 0x3F ] ^ \
286 SB5[ (T >> 8) & 0x3F ] ^ \
287 SB3[ (T >> 16) & 0x3F ] ^ \
288 SB1[ (T >> 24) & 0x3F ]; \
289}
290
291#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
292
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]293static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294{
295 int i;
296 unsigned long X, Y, T;
297
298 GET_ULONG_BE( X, key, 0 );
299 GET_ULONG_BE( Y, key, 4 );
300
301 /*
302 * Permuted Choice 1
303 */
304 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
305 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
306
307 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
308 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
309 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
310 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
311
312 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
313 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
314 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
315 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
316
317 X &= 0x0FFFFFFF;
318 Y &= 0x0FFFFFFF;
319
320 /*
321 * calculate subkeys
322 */
323 for( i = 0; i < 16; i++ )
324 {
325 if( i < 2 || i == 8 || i == 15 )
326 {
327 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
328 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
329 }
330 else
331 {
332 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
333 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
334 }
335
336 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
337 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
338 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
339 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
340 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
341 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
342 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
343 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
344 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
345 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
346 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
347
348 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
349 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
350 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
351 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
352 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
353 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
354 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
355 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
356 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
357 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
358 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
359 }
360}
361
362/*
363 * DES key schedule (56-bit, encryption)
364 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]365void des_setkey_enc( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366{
367 des_setkey( ctx->sk, key );
368}
369
370/*
371 * DES key schedule (56-bit, decryption)
372 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]373void des_setkey_dec( des_context *ctx, const unsigned char key[8] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]374{
375 int i;
376
377 des_setkey( ctx->sk, key );
378
379 for( i = 0; i < 16; i += 2 )
380 {
381 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
382 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
383 }
384}
385
386static void des3_set2key( unsigned long esk[96],
387 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]388 const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]389{
390 int i;
391
392 des_setkey( esk, key );
393 des_setkey( dsk + 32, key + 8 );
394
395 for( i = 0; i < 32; i += 2 )
396 {
397 dsk[i ] = esk[30 - i];
398 dsk[i + 1] = esk[31 - i];
399
400 esk[i + 32] = dsk[62 - i];
401 esk[i + 33] = dsk[63 - i];
402
403 esk[i + 64] = esk[i ];
404 esk[i + 65] = esk[i + 1];
405
406 dsk[i + 64] = dsk[i ];
407 dsk[i + 65] = dsk[i + 1];
408 }
409}
410
411/*
412 * Triple-DES key schedule (112-bit, encryption)
413 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]414void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]415{
416 unsigned long sk[96];
417
418 des3_set2key( ctx->sk, sk, key );
419 memset( sk, 0, sizeof( sk ) );
420}
421
422/*
423 * Triple-DES key schedule (112-bit, decryption)
424 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]425void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426{
427 unsigned long sk[96];
428
429 des3_set2key( sk, ctx->sk, key );
430 memset( sk, 0, sizeof( sk ) );
431}
432
433static void des3_set3key( unsigned long esk[96],
434 unsigned long dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]435 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]436{
437 int i;
438
439 des_setkey( esk, key );
440 des_setkey( dsk + 32, key + 8 );
441 des_setkey( esk + 64, key + 16 );
442
443 for( i = 0; i < 32; i += 2 )
444 {
445 dsk[i ] = esk[94 - i];
446 dsk[i + 1] = esk[95 - i];
447
448 esk[i + 32] = dsk[62 - i];
449 esk[i + 33] = dsk[63 - i];
450
451 dsk[i + 64] = esk[30 - i];
452 dsk[i + 65] = esk[31 - i];
453 }
454}
455
456/*
457 * Triple-DES key schedule (168-bit, encryption)
458 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]459void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460{
461 unsigned long sk[96];
462
463 des3_set3key( ctx->sk, sk, key );
464 memset( sk, 0, sizeof( sk ) );
465}
466
467/*
468 * Triple-DES key schedule (168-bit, decryption)
469 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]470void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]471{
472 unsigned long sk[96];
473
474 des3_set3key( sk, ctx->sk, key );
475 memset( sk, 0, sizeof( sk ) );
476}
477
478/*
479 * DES-ECB block encryption/decryption
480 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]481int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]482 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]483 unsigned char output[8] )
484{
485 int i;
486 unsigned long X, Y, T, *SK;
487
488 SK = ctx->sk;
489
490 GET_ULONG_BE( X, input, 0 );
491 GET_ULONG_BE( Y, input, 4 );
492
493 DES_IP( X, Y );
494
495 for( i = 0; i < 8; i++ )
496 {
497 DES_ROUND( Y, X );
498 DES_ROUND( X, Y );
499 }
500
501 DES_FP( Y, X );
502
503 PUT_ULONG_BE( Y, output, 0 );
504 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]505
506 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]507}
508
509/*
510 * DES-CBC buffer encryption/decryption
511 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]512int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]513 int mode,
514 int length,
515 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]516 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]517 unsigned char *output )
518{
519 int i;
520 unsigned char temp[8];
521
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]522 if( length % 8 )
523 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
524
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]525 if( mode == DES_ENCRYPT )
526 {
527 while( length > 0 )
528 {
529 for( i = 0; i < 8; i++ )
530 output[i] = (unsigned char)( input[i] ^ iv[i] );
531
532 des_crypt_ecb( ctx, output, output );
533 memcpy( iv, output, 8 );
534
535 input += 8;
536 output += 8;
537 length -= 8;
538 }
539 }
540 else /* DES_DECRYPT */
541 {
542 while( length > 0 )
543 {
544 memcpy( temp, input, 8 );
545 des_crypt_ecb( ctx, input, output );
546
547 for( i = 0; i < 8; i++ )
548 output[i] = (unsigned char)( output[i] ^ iv[i] );
549
550 memcpy( iv, temp, 8 );
551
552 input += 8;
553 output += 8;
554 length -= 8;
555 }
556 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]557
558 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]559}
560
561/*
562 * 3DES-ECB block encryption/decryption
563 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]564int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]565 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]566 unsigned char output[8] )
567{
568 int i;
569 unsigned long X, Y, T, *SK;
570
571 SK = ctx->sk;
572
573 GET_ULONG_BE( X, input, 0 );
574 GET_ULONG_BE( Y, input, 4 );
575
576 DES_IP( X, Y );
577
578 for( i = 0; i < 8; i++ )
579 {
580 DES_ROUND( Y, X );
581 DES_ROUND( X, Y );
582 }
583
584 for( i = 0; i < 8; i++ )
585 {
586 DES_ROUND( X, Y );
587 DES_ROUND( Y, X );
588 }
589
590 for( i = 0; i < 8; i++ )
591 {
592 DES_ROUND( Y, X );
593 DES_ROUND( X, Y );
594 }
595
596 DES_FP( Y, X );
597
598 PUT_ULONG_BE( Y, output, 0 );
599 PUT_ULONG_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]600
601 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]602}
603
604/*
605 * 3DES-CBC buffer encryption/decryption
606 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]607int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]608 int mode,
609 int length,
610 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]611 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]612 unsigned char *output )
613{
614 int i;
615 unsigned char temp[8];
616
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]617 if( length % 8 )
618 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
619
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620 if( mode == DES_ENCRYPT )
621 {
622 while( length > 0 )
623 {
624 for( i = 0; i < 8; i++ )
625 output[i] = (unsigned char)( input[i] ^ iv[i] );
626
627 des3_crypt_ecb( ctx, output, output );
628 memcpy( iv, output, 8 );
629
630 input += 8;
631 output += 8;
632 length -= 8;
633 }
634 }
635 else /* DES_DECRYPT */
636 {
637 while( length > 0 )
638 {
639 memcpy( temp, input, 8 );
640 des3_crypt_ecb( ctx, input, output );
641
642 for( i = 0; i < 8; i++ )
643 output[i] = (unsigned char)( output[i] ^ iv[i] );
644
645 memcpy( iv, temp, 8 );
646
647 input += 8;
648 output += 8;
649 length -= 8;
650 }
651 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]652
653 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]654}
655
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]656#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]657
658#include <stdio.h>
659
660/*
661 * DES and 3DES test vectors from:
662 *
663 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
664 */
665static const unsigned char des3_test_keys[24] =
666{
667 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
668 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
669 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
670};
671
672static const unsigned char des3_test_iv[8] =
673{
674 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
675};
676
677static const unsigned char des3_test_buf[8] =
678{
679 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
680};
681
682static const unsigned char des3_test_ecb_dec[3][8] =
683{
684 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
685 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
686 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
687};
688
689static const unsigned char des3_test_ecb_enc[3][8] =
690{
691 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
692 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
693 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
694};
695
696static const unsigned char des3_test_cbc_dec[3][8] =
697{
698 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
699 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
700 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
701};
702
703static const unsigned char des3_test_cbc_enc[3][8] =
704{
705 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
706 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
707 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
708};
709
710/*
711 * Checkup routine
712 */
713int des_self_test( int verbose )
714{
715 int i, j, u, v;
716 des_context ctx;
717 des3_context ctx3;
718 unsigned char key[24];
719 unsigned char buf[8];
720 unsigned char prv[8];
721 unsigned char iv[8];
722
723 memset( key, 0, 24 );
724
725 /*
726 * ECB mode
727 */
728 for( i = 0; i < 6; i++ )
729 {
730 u = i >> 1;
731 v = i & 1;
732
733 if( verbose != 0 )
734 printf( " DES%c-ECB-%3d (%s): ",
735 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
736 ( v == DES_DECRYPT ) ? "dec" : "enc" );
737
738 memcpy( buf, des3_test_buf, 8 );
739
740 switch( i )
741 {
742 case 0:
743 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
744 break;
745
746 case 1:
747 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
748 break;
749
750 case 2:
751 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
752 break;
753
754 case 3:
755 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
756 break;
757
758 case 4:
759 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
760 break;
761
762 case 5:
763 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
764 break;
765
766 default:
767 return( 1 );
768 }
769
770 for( j = 0; j < 10000; j++ )
771 {
772 if( u == 0 )
773 des_crypt_ecb( &ctx, buf, buf );
774 else
775 des3_crypt_ecb( &ctx3, buf, buf );
776 }
777
778 if( ( v == DES_DECRYPT &&
779 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
780 ( v != DES_DECRYPT &&
781 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
782 {
783 if( verbose != 0 )
784 printf( "failed\n" );
785
786 return( 1 );
787 }
788
789 if( verbose != 0 )
790 printf( "passed\n" );
791 }
792
793 if( verbose != 0 )
794 printf( "\n" );
795
796 /*
797 * CBC mode
798 */
799 for( i = 0; i < 6; i++ )
800 {
801 u = i >> 1;
802 v = i & 1;
803
804 if( verbose != 0 )
805 printf( " DES%c-CBC-%3d (%s): ",
806 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
807 ( v == DES_DECRYPT ) ? "dec" : "enc" );
808
809 memcpy( iv, des3_test_iv, 8 );
810 memcpy( prv, des3_test_iv, 8 );
811 memcpy( buf, des3_test_buf, 8 );
812
813 switch( i )
814 {
815 case 0:
816 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
817 break;
818
819 case 1:
820 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
821 break;
822
823 case 2:
824 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
825 break;
826
827 case 3:
828 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
829 break;
830
831 case 4:
832 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
833 break;
834
835 case 5:
836 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
837 break;
838
839 default:
840 return( 1 );
841 }
842
843 if( v == DES_DECRYPT )
844 {
845 for( j = 0; j < 10000; j++ )
846 {
847 if( u == 0 )
848 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
849 else
850 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
851 }
852 }
853 else
854 {
855 for( j = 0; j < 10000; j++ )
856 {
857 unsigned char tmp[8];
858
859 if( u == 0 )
860 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
861 else
862 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
863
864 memcpy( tmp, prv, 8 );
865 memcpy( prv, buf, 8 );
866 memcpy( buf, tmp, 8 );
867 }
868
869 memcpy( buf, prv, 8 );
870 }
871
872 if( ( v == DES_DECRYPT &&
873 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
874 ( v != DES_DECRYPT &&
875 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
876 {
877 if( verbose != 0 )
878 printf( "failed\n" );
879
880 return( 1 );
881 }
882
883 if( verbose != 0 )
884 printf( "passed\n" );
885 }
886
887 if( verbose != 0 )
888 printf( "\n" );
889
890 return( 0 );
891}
892
893#endif
894
895#endif