TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d64359279d58ce509861604752a60f1d04e9d15b / . / library / des.c
blob: 37fd34548607e8e86653e38da979e60675d6871b [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker4087c472013-06-12 16:49:10 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Paul Bakker4087c472013-06-12 16:49:10 +0200[diff] [blame]38#if !defined(POLARSSL_DES_ALT)
39
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]40/* Implementation that should never be optimized out by the compiler */
41static void polarssl_zeroize( void *v, size_t n ) {
42 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
43}
44
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]45/*
46 * 32-bit integer manipulation macros (big endian)
47 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]48#ifndef GET_UINT32_BE
49#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]50{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]51 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
52 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
53 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
54 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]55}
56#endif
57
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58#ifndef PUT_UINT32_BE
59#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60{ \
61 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
62 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
63 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
64 (b)[(i) + 3] = (unsigned char) ( (n) ); \
65}
66#endif
67
68/*
69 * Expanded DES S-boxes
70 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]71static const uint32_t SB1[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]72{
73 0x01010400, 0x00000000, 0x00010000, 0x01010404,
74 0x01010004, 0x00010404, 0x00000004, 0x00010000,
75 0x00000400, 0x01010400, 0x01010404, 0x00000400,
76 0x01000404, 0x01010004, 0x01000000, 0x00000004,
77 0x00000404, 0x01000400, 0x01000400, 0x00010400,
78 0x00010400, 0x01010000, 0x01010000, 0x01000404,
79 0x00010004, 0x01000004, 0x01000004, 0x00010004,
80 0x00000000, 0x00000404, 0x00010404, 0x01000000,
81 0x00010000, 0x01010404, 0x00000004, 0x01010000,
82 0x01010400, 0x01000000, 0x01000000, 0x00000400,
83 0x01010004, 0x00010000, 0x00010400, 0x01000004,
84 0x00000400, 0x00000004, 0x01000404, 0x00010404,
85 0x01010404, 0x00010004, 0x01010000, 0x01000404,
86 0x01000004, 0x00000404, 0x00010404, 0x01010400,
87 0x00000404, 0x01000400, 0x01000400, 0x00000000,
88 0x00010004, 0x00010400, 0x00000000, 0x01010004
89};
90
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]91static const uint32_t SB2[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92{
93 0x80108020, 0x80008000, 0x00008000, 0x00108020,
94 0x00100000, 0x00000020, 0x80100020, 0x80008020,
95 0x80000020, 0x80108020, 0x80108000, 0x80000000,
96 0x80008000, 0x00100000, 0x00000020, 0x80100020,
97 0x00108000, 0x00100020, 0x80008020, 0x00000000,
98 0x80000000, 0x00008000, 0x00108020, 0x80100000,
99 0x00100020, 0x80000020, 0x00000000, 0x00108000,
100 0x00008020, 0x80108000, 0x80100000, 0x00008020,
101 0x00000000, 0x00108020, 0x80100020, 0x00100000,
102 0x80008020, 0x80100000, 0x80108000, 0x00008000,
103 0x80100000, 0x80008000, 0x00000020, 0x80108020,
104 0x00108020, 0x00000020, 0x00008000, 0x80000000,
105 0x00008020, 0x80108000, 0x00100000, 0x80000020,
106 0x00100020, 0x80008020, 0x80000020, 0x00100020,
107 0x00108000, 0x00000000, 0x80008000, 0x00008020,
108 0x80000000, 0x80100020, 0x80108020, 0x00108000
109};
110
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]111static const uint32_t SB3[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]112{
113 0x00000208, 0x08020200, 0x00000000, 0x08020008,
114 0x08000200, 0x00000000, 0x00020208, 0x08000200,
115 0x00020008, 0x08000008, 0x08000008, 0x00020000,
116 0x08020208, 0x00020008, 0x08020000, 0x00000208,
117 0x08000000, 0x00000008, 0x08020200, 0x00000200,
118 0x00020200, 0x08020000, 0x08020008, 0x00020208,
119 0x08000208, 0x00020200, 0x00020000, 0x08000208,
120 0x00000008, 0x08020208, 0x00000200, 0x08000000,
121 0x08020200, 0x08000000, 0x00020008, 0x00000208,
122 0x00020000, 0x08020200, 0x08000200, 0x00000000,
123 0x00000200, 0x00020008, 0x08020208, 0x08000200,
124 0x08000008, 0x00000200, 0x00000000, 0x08020008,
125 0x08000208, 0x00020000, 0x08000000, 0x08020208,
126 0x00000008, 0x00020208, 0x00020200, 0x08000008,
127 0x08020000, 0x08000208, 0x00000208, 0x08020000,
128 0x00020208, 0x00000008, 0x08020008, 0x00020200
129};
130
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]131static const uint32_t SB4[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]132{
133 0x00802001, 0x00002081, 0x00002081, 0x00000080,
134 0x00802080, 0x00800081, 0x00800001, 0x00002001,
135 0x00000000, 0x00802000, 0x00802000, 0x00802081,
136 0x00000081, 0x00000000, 0x00800080, 0x00800001,
137 0x00000001, 0x00002000, 0x00800000, 0x00802001,
138 0x00000080, 0x00800000, 0x00002001, 0x00002080,
139 0x00800081, 0x00000001, 0x00002080, 0x00800080,
140 0x00002000, 0x00802080, 0x00802081, 0x00000081,
141 0x00800080, 0x00800001, 0x00802000, 0x00802081,
142 0x00000081, 0x00000000, 0x00000000, 0x00802000,
143 0x00002080, 0x00800080, 0x00800081, 0x00000001,
144 0x00802001, 0x00002081, 0x00002081, 0x00000080,
145 0x00802081, 0x00000081, 0x00000001, 0x00002000,
146 0x00800001, 0x00002001, 0x00802080, 0x00800081,
147 0x00002001, 0x00002080, 0x00800000, 0x00802001,
148 0x00000080, 0x00800000, 0x00002000, 0x00802080
149};
150
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]151static const uint32_t SB5[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]152{
153 0x00000100, 0x02080100, 0x02080000, 0x42000100,
154 0x00080000, 0x00000100, 0x40000000, 0x02080000,
155 0x40080100, 0x00080000, 0x02000100, 0x40080100,
156 0x42000100, 0x42080000, 0x00080100, 0x40000000,
157 0x02000000, 0x40080000, 0x40080000, 0x00000000,
158 0x40000100, 0x42080100, 0x42080100, 0x02000100,
159 0x42080000, 0x40000100, 0x00000000, 0x42000000,
160 0x02080100, 0x02000000, 0x42000000, 0x00080100,
161 0x00080000, 0x42000100, 0x00000100, 0x02000000,
162 0x40000000, 0x02080000, 0x42000100, 0x40080100,
163 0x02000100, 0x40000000, 0x42080000, 0x02080100,
164 0x40080100, 0x00000100, 0x02000000, 0x42080000,
165 0x42080100, 0x00080100, 0x42000000, 0x42080100,
166 0x02080000, 0x00000000, 0x40080000, 0x42000000,
167 0x00080100, 0x02000100, 0x40000100, 0x00080000,
168 0x00000000, 0x40080000, 0x02080100, 0x40000100
169};
170
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]171static const uint32_t SB6[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]172{
173 0x20000010, 0x20400000, 0x00004000, 0x20404010,
174 0x20400000, 0x00000010, 0x20404010, 0x00400000,
175 0x20004000, 0x00404010, 0x00400000, 0x20000010,
176 0x00400010, 0x20004000, 0x20000000, 0x00004010,
177 0x00000000, 0x00400010, 0x20004010, 0x00004000,
178 0x00404000, 0x20004010, 0x00000010, 0x20400010,
179 0x20400010, 0x00000000, 0x00404010, 0x20404000,
180 0x00004010, 0x00404000, 0x20404000, 0x20000000,
181 0x20004000, 0x00000010, 0x20400010, 0x00404000,
182 0x20404010, 0x00400000, 0x00004010, 0x20000010,
183 0x00400000, 0x20004000, 0x20000000, 0x00004010,
184 0x20000010, 0x20404010, 0x00404000, 0x20400000,
185 0x00404010, 0x20404000, 0x00000000, 0x20400010,
186 0x00000010, 0x00004000, 0x20400000, 0x00404010,
187 0x00004000, 0x00400010, 0x20004010, 0x00000000,
188 0x20404000, 0x20000000, 0x00400010, 0x20004010
189};
190
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]191static const uint32_t SB7[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]192{
193 0x00200000, 0x04200002, 0x04000802, 0x00000000,
194 0x00000800, 0x04000802, 0x00200802, 0x04200800,
195 0x04200802, 0x00200000, 0x00000000, 0x04000002,
196 0x00000002, 0x04000000, 0x04200002, 0x00000802,
197 0x04000800, 0x00200802, 0x00200002, 0x04000800,
198 0x04000002, 0x04200000, 0x04200800, 0x00200002,
199 0x04200000, 0x00000800, 0x00000802, 0x04200802,
200 0x00200800, 0x00000002, 0x04000000, 0x00200800,
201 0x04000000, 0x00200800, 0x00200000, 0x04000802,
202 0x04000802, 0x04200002, 0x04200002, 0x00000002,
203 0x00200002, 0x04000000, 0x04000800, 0x00200000,
204 0x04200800, 0x00000802, 0x00200802, 0x04200800,
205 0x00000802, 0x04000002, 0x04200802, 0x04200000,
206 0x00200800, 0x00000000, 0x00000002, 0x04200802,
207 0x00000000, 0x00200802, 0x04200000, 0x00000800,
208 0x04000002, 0x04000800, 0x00000800, 0x00200002
209};
210
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]211static const uint32_t SB8[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]212{
213 0x10001040, 0x00001000, 0x00040000, 0x10041040,
214 0x10000000, 0x10001040, 0x00000040, 0x10000000,
215 0x00040040, 0x10040000, 0x10041040, 0x00041000,
216 0x10041000, 0x00041040, 0x00001000, 0x00000040,
217 0x10040000, 0x10000040, 0x10001000, 0x00001040,
218 0x00041000, 0x00040040, 0x10040040, 0x10041000,
219 0x00001040, 0x00000000, 0x00000000, 0x10040040,
220 0x10000040, 0x10001000, 0x00041040, 0x00040000,
221 0x00041040, 0x00040000, 0x10041000, 0x00001000,
222 0x00000040, 0x10040040, 0x00001000, 0x00041040,
223 0x10001000, 0x00000040, 0x10000040, 0x10040000,
224 0x10040040, 0x10000000, 0x00040000, 0x10001040,
225 0x00000000, 0x10041040, 0x00040040, 0x10000040,
226 0x10040000, 0x10001000, 0x10001040, 0x00000000,
227 0x10041040, 0x00041000, 0x00041000, 0x00001040,
228 0x00001040, 0x00040040, 0x10000000, 0x10041000
229};
230
231/*
232 * PC1: left and right halves bit-swap
233 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]234static const uint32_t LHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]235{
236 0x00000000, 0x00000001, 0x00000100, 0x00000101,
237 0x00010000, 0x00010001, 0x00010100, 0x00010101,
238 0x01000000, 0x01000001, 0x01000100, 0x01000101,
239 0x01010000, 0x01010001, 0x01010100, 0x01010101
240};
241
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]242static const uint32_t RHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]243{
244 0x00000000, 0x01000000, 0x00010000, 0x01010000,
245 0x00000100, 0x01000100, 0x00010100, 0x01010100,
246 0x00000001, 0x01000001, 0x00010001, 0x01010001,
247 0x00000101, 0x01000101, 0x00010101, 0x01010101,
248};
249
250/*
251 * Initial Permutation macro
252 */
253#define DES_IP(X,Y) \
254{ \
255 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
256 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
257 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
258 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
259 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
260 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
261 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
262}
263
264/*
265 * Final Permutation macro
266 */
267#define DES_FP(X,Y) \
268{ \
269 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
270 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
271 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
272 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
273 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
274 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
275 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
276}
277
278/*
279 * DES round macro
280 */
281#define DES_ROUND(X,Y) \
282{ \
283 T = *SK++ ^ X; \
284 Y ^= SB8[ (T ) & 0x3F ] ^ \
285 SB6[ (T >> 8) & 0x3F ] ^ \
286 SB4[ (T >> 16) & 0x3F ] ^ \
287 SB2[ (T >> 24) & 0x3F ]; \
288 \
289 T = *SK++ ^ ((X << 28) | (X >> 4)); \
290 Y ^= SB7[ (T ) & 0x3F ] ^ \
291 SB5[ (T >> 8) & 0x3F ] ^ \
292 SB3[ (T >> 16) & 0x3F ] ^ \
293 SB1[ (T >> 24) & 0x3F ]; \
294}
295
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]296#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]298static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
299 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
300 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
301 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
302 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
303 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
304 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
305 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
306 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
307 254 };
308
309void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
310{
311 int i;
312
313 for( i = 0; i < DES_KEY_SIZE; i++ )
314 key[i] = odd_parity_table[key[i] / 2];
315}
316
317/*
318 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
319 */
320int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
321{
322 int i;
323
324 for( i = 0; i < DES_KEY_SIZE; i++ )
325 if ( key[i] != odd_parity_table[key[i] / 2] )
326 return( 1 );
327
328 return( 0 );
329}
330
331/*
332 * Table of weak and semi-weak keys
333 *
334 * Source: http://en.wikipedia.org/wiki/Weak_key
335 *
336 * Weak:
337 * Alternating ones + zeros (0x0101010101010101)
338 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
339 * '0xE0E0E0E0F1F1F1F1'
340 * '0x1F1F1F1F0E0E0E0E'
341 *
342 * Semi-weak:
343 * 0x011F011F010E010E and 0x1F011F010E010E01
344 * 0x01E001E001F101F1 and 0xE001E001F101F101
345 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
346 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
347 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
348 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
349 *
350 */
351
352#define WEAK_KEY_COUNT 16
353
354static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
355{
356 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
357 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
358 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
359 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
360
361 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
362 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
363 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
364 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
365 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
366 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
367 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
368 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
369 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
370 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
371 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
372 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
373};
374
375int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
376{
377 int i;
378
379 for( i = 0; i < WEAK_KEY_COUNT; i++ )
380 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]381 return( 1 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]382
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]383 return( 0 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]384}
385
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]386static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387{
388 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]389 uint32_t X, Y, T;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]391 GET_UINT32_BE( X, key, 0 );
392 GET_UINT32_BE( Y, key, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]393
394 /*
395 * Permuted Choice 1
396 */
397 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
398 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
399
400 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
401 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
402 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
403 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
404
405 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
406 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
407 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
408 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
409
410 X &= 0x0FFFFFFF;
411 Y &= 0x0FFFFFFF;
412
413 /*
414 * calculate subkeys
415 */
416 for( i = 0; i < 16; i++ )
417 {
418 if( i < 2 || i == 8 || i == 15 )
419 {
420 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
421 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
422 }
423 else
424 {
425 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
426 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
427 }
428
429 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
430 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
431 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
432 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
433 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
434 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
435 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
436 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
437 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
438 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
439 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
440
441 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
442 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
443 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
444 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
445 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
446 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
447 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
448 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
449 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
450 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
451 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
452 }
453}
454
455/*
456 * DES key schedule (56-bit, encryption)
457 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]458int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]459{
460 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]461
462 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463}
464
465/*
466 * DES key schedule (56-bit, decryption)
467 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]468int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469{
470 int i;
471
472 des_setkey( ctx->sk, key );
473
474 for( i = 0; i < 16; i += 2 )
475 {
476 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
477 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
478 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]479
480 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481}
482
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]483static void des3_set2key( uint32_t esk[96],
484 uint32_t dsk[96],
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]485 const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]486{
487 int i;
488
489 des_setkey( esk, key );
490 des_setkey( dsk + 32, key + 8 );
491
492 for( i = 0; i < 32; i += 2 )
493 {
494 dsk[i ] = esk[30 - i];
495 dsk[i + 1] = esk[31 - i];
496
497 esk[i + 32] = dsk[62 - i];
498 esk[i + 33] = dsk[63 - i];
499
500 esk[i + 64] = esk[i ];
501 esk[i + 65] = esk[i + 1];
502
503 dsk[i + 64] = dsk[i ];
504 dsk[i + 65] = dsk[i + 1];
505 }
506}
507
508/*
509 * Triple-DES key schedule (112-bit, encryption)
510 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]511int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]512{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]513 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]514
515 des3_set2key( ctx->sk, sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]516 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]517
518 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]519}
520
521/*
522 * Triple-DES key schedule (112-bit, decryption)
523 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]524int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]525{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]526 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]527
528 des3_set2key( sk, ctx->sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]529 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]530
531 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]532}
533
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]534static void des3_set3key( uint32_t esk[96],
535 uint32_t dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]536 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]537{
538 int i;
539
540 des_setkey( esk, key );
541 des_setkey( dsk + 32, key + 8 );
542 des_setkey( esk + 64, key + 16 );
543
544 for( i = 0; i < 32; i += 2 )
545 {
546 dsk[i ] = esk[94 - i];
547 dsk[i + 1] = esk[95 - i];
548
549 esk[i + 32] = dsk[62 - i];
550 esk[i + 33] = dsk[63 - i];
551
552 dsk[i + 64] = esk[30 - i];
553 dsk[i + 65] = esk[31 - i];
554 }
555}
556
557/*
558 * Triple-DES key schedule (168-bit, encryption)
559 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]560int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]561{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]562 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]563
564 des3_set3key( ctx->sk, sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]565 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]566
567 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]568}
569
570/*
571 * Triple-DES key schedule (168-bit, decryption)
572 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]573int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]574{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]575 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]576
577 des3_set3key( sk, ctx->sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]578 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]579
580 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]581}
582
583/*
584 * DES-ECB block encryption/decryption
585 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]586int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]587 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]588 unsigned char output[8] )
589{
590 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]591 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]592
593 SK = ctx->sk;
594
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]595 GET_UINT32_BE( X, input, 0 );
596 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]597
598 DES_IP( X, Y );
599
600 for( i = 0; i < 8; i++ )
601 {
602 DES_ROUND( Y, X );
603 DES_ROUND( X, Y );
604 }
605
606 DES_FP( Y, X );
607
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]608 PUT_UINT32_BE( Y, output, 0 );
609 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]610
611 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]612}
613
614/*
615 * DES-CBC buffer encryption/decryption
616 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]617int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]618 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]619 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]621 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]622 unsigned char *output )
623{
624 int i;
625 unsigned char temp[8];
626
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]627 if( length % 8 )
628 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
629
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]630 if( mode == DES_ENCRYPT )
631 {
632 while( length > 0 )
633 {
634 for( i = 0; i < 8; i++ )
635 output[i] = (unsigned char)( input[i] ^ iv[i] );
636
637 des_crypt_ecb( ctx, output, output );
638 memcpy( iv, output, 8 );
639
640 input += 8;
641 output += 8;
642 length -= 8;
643 }
644 }
645 else /* DES_DECRYPT */
646 {
647 while( length > 0 )
648 {
649 memcpy( temp, input, 8 );
650 des_crypt_ecb( ctx, input, output );
651
652 for( i = 0; i < 8; i++ )
653 output[i] = (unsigned char)( output[i] ^ iv[i] );
654
655 memcpy( iv, temp, 8 );
656
657 input += 8;
658 output += 8;
659 length -= 8;
660 }
661 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]662
663 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]664}
665
666/*
667 * 3DES-ECB block encryption/decryption
668 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]669int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]670 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]671 unsigned char output[8] )
672{
673 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]674 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]675
676 SK = ctx->sk;
677
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]678 GET_UINT32_BE( X, input, 0 );
679 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]680
681 DES_IP( X, Y );
682
683 for( i = 0; i < 8; i++ )
684 {
685 DES_ROUND( Y, X );
686 DES_ROUND( X, Y );
687 }
688
689 for( i = 0; i < 8; i++ )
690 {
691 DES_ROUND( X, Y );
692 DES_ROUND( Y, X );
693 }
694
695 for( i = 0; i < 8; i++ )
696 {
697 DES_ROUND( Y, X );
698 DES_ROUND( X, Y );
699 }
700
701 DES_FP( Y, X );
702
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]703 PUT_UINT32_BE( Y, output, 0 );
704 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]705
706 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]707}
708
709/*
710 * 3DES-CBC buffer encryption/decryption
711 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]712int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]713 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]714 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]715 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]716 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]717 unsigned char *output )
718{
719 int i;
720 unsigned char temp[8];
721
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]722 if( length % 8 )
723 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
724
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]725 if( mode == DES_ENCRYPT )
726 {
727 while( length > 0 )
728 {
729 for( i = 0; i < 8; i++ )
730 output[i] = (unsigned char)( input[i] ^ iv[i] );
731
732 des3_crypt_ecb( ctx, output, output );
733 memcpy( iv, output, 8 );
734
735 input += 8;
736 output += 8;
737 length -= 8;
738 }
739 }
740 else /* DES_DECRYPT */
741 {
742 while( length > 0 )
743 {
744 memcpy( temp, input, 8 );
745 des3_crypt_ecb( ctx, input, output );
746
747 for( i = 0; i < 8; i++ )
748 output[i] = (unsigned char)( output[i] ^ iv[i] );
749
750 memcpy( iv, temp, 8 );
751
752 input += 8;
753 output += 8;
754 length -= 8;
755 }
756 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]757
758 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]759}
760
Paul Bakker4087c472013-06-12 16:49:10 +0200[diff] [blame]761#endif /* !POLARSSL_DES_ALT */
762
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]763#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]764
765#include <stdio.h>
766
767/*
768 * DES and 3DES test vectors from:
769 *
770 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
771 */
772static const unsigned char des3_test_keys[24] =
773{
774 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
775 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
776 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
777};
778
779static const unsigned char des3_test_iv[8] =
780{
781 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
782};
783
784static const unsigned char des3_test_buf[8] =
785{
786 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
787};
788
789static const unsigned char des3_test_ecb_dec[3][8] =
790{
791 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
792 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
793 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
794};
795
796static const unsigned char des3_test_ecb_enc[3][8] =
797{
798 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
799 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
800 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
801};
802
803static const unsigned char des3_test_cbc_dec[3][8] =
804{
805 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
806 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
807 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
808};
809
810static const unsigned char des3_test_cbc_enc[3][8] =
811{
812 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
813 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
814 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
815};
816
817/*
818 * Checkup routine
819 */
820int des_self_test( int verbose )
821{
822 int i, j, u, v;
823 des_context ctx;
824 des3_context ctx3;
825 unsigned char key[24];
826 unsigned char buf[8];
827 unsigned char prv[8];
828 unsigned char iv[8];
829
830 memset( key, 0, 24 );
831
832 /*
833 * ECB mode
834 */
835 for( i = 0; i < 6; i++ )
836 {
837 u = i >> 1;
838 v = i & 1;
839
840 if( verbose != 0 )
841 printf( " DES%c-ECB-%3d (%s): ",
842 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
843 ( v == DES_DECRYPT ) ? "dec" : "enc" );
844
845 memcpy( buf, des3_test_buf, 8 );
846
847 switch( i )
848 {
849 case 0:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]850 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]851 break;
852
853 case 1:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]854 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]855 break;
856
857 case 2:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]858 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]859 break;
860
861 case 3:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]862 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]863 break;
864
865 case 4:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]866 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]867 break;
868
869 case 5:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]870 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]871 break;
872
873 default:
874 return( 1 );
875 }
876
877 for( j = 0; j < 10000; j++ )
878 {
879 if( u == 0 )
880 des_crypt_ecb( &ctx, buf, buf );
881 else
882 des3_crypt_ecb( &ctx3, buf, buf );
883 }
884
885 if( ( v == DES_DECRYPT &&
886 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
887 ( v != DES_DECRYPT &&
888 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
889 {
890 if( verbose != 0 )
891 printf( "failed\n" );
892
893 return( 1 );
894 }
895
896 if( verbose != 0 )
897 printf( "passed\n" );
898 }
899
900 if( verbose != 0 )
901 printf( "\n" );
902
903 /*
904 * CBC mode
905 */
906 for( i = 0; i < 6; i++ )
907 {
908 u = i >> 1;
909 v = i & 1;
910
911 if( verbose != 0 )
912 printf( " DES%c-CBC-%3d (%s): ",
913 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
914 ( v == DES_DECRYPT ) ? "dec" : "enc" );
915
916 memcpy( iv, des3_test_iv, 8 );
917 memcpy( prv, des3_test_iv, 8 );
918 memcpy( buf, des3_test_buf, 8 );
919
920 switch( i )
921 {
922 case 0:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]923 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]924 break;
925
926 case 1:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]927 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]928 break;
929
930 case 2:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]931 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]932 break;
933
934 case 3:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]935 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]936 break;
937
938 case 4:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]939 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]940 break;
941
942 case 5:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]943 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]944 break;
945
946 default:
947 return( 1 );
948 }
949
950 if( v == DES_DECRYPT )
951 {
952 for( j = 0; j < 10000; j++ )
953 {
954 if( u == 0 )
955 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
956 else
957 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
958 }
959 }
960 else
961 {
962 for( j = 0; j < 10000; j++ )
963 {
964 unsigned char tmp[8];
965
966 if( u == 0 )
967 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
968 else
969 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
970
971 memcpy( tmp, prv, 8 );
972 memcpy( prv, buf, 8 );
973 memcpy( buf, tmp, 8 );
974 }
975
976 memcpy( buf, prv, 8 );
977 }
978
979 if( ( v == DES_DECRYPT &&
980 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
981 ( v != DES_DECRYPT &&
982 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
983 {
984 if( verbose != 0 )
985 printf( "failed\n" );
986
987 return( 1 );
988 }
989
990 if( verbose != 0 )
991 printf( "passed\n" );
992 }
993
994 if( verbose != 0 )
995 printf( "\n" );
996
997 return( 0 );
998}
999
1000#endif
1001
1002#endif