Blame - library/des.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 79c81bc2f10f2457833559c1bb281c5b86df187d [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-46-3 compliant Triple-DES implementation
				3	*
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	4	* Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* DES, on which TDES is based, was originally designed by Horst Feistel
				27	* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
				28	*
				29	* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
				30	*/
				31
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	32	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	33	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	34	#else
				35	#include POLARSSL_CONFIG_FILE
				36	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	38	#if defined(POLARSSL_DES_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	39
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	40	#include "polarssl/des.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	41
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	42	#if defined(POLARSSL_PLATFORM_C)
				43	#include "polarssl/platform.h"
				44	#else
				45	#define polarssl_printf printf
				46	#endif
				47
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	48	#if !defined(POLARSSL_DES_ALT)
				49
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	50	/*
				51	* 32-bit integer manipulation macros (big endian)
				52	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	53	#ifndef GET_UINT32_BE
				54	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	55	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	56	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				57	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				58	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				59	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	60	}
				61	#endif
				62
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	63	#ifndef PUT_UINT32_BE
				64	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	65	{ \
				66	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				67	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				68	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				69	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				70	}
				71	#endif
				72
				73	/*
				74	* Expanded DES S-boxes
				75	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	76	static const uint32_t SB1[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	77	{
				78	0x01010400, 0x00000000, 0x00010000, 0x01010404,
				79	0x01010004, 0x00010404, 0x00000004, 0x00010000,
				80	0x00000400, 0x01010400, 0x01010404, 0x00000400,
				81	0x01000404, 0x01010004, 0x01000000, 0x00000004,
				82	0x00000404, 0x01000400, 0x01000400, 0x00010400,
				83	0x00010400, 0x01010000, 0x01010000, 0x01000404,
				84	0x00010004, 0x01000004, 0x01000004, 0x00010004,
				85	0x00000000, 0x00000404, 0x00010404, 0x01000000,
				86	0x00010000, 0x01010404, 0x00000004, 0x01010000,
				87	0x01010400, 0x01000000, 0x01000000, 0x00000400,
				88	0x01010004, 0x00010000, 0x00010400, 0x01000004,
				89	0x00000400, 0x00000004, 0x01000404, 0x00010404,
				90	0x01010404, 0x00010004, 0x01010000, 0x01000404,
				91	0x01000004, 0x00000404, 0x00010404, 0x01010400,
				92	0x00000404, 0x01000400, 0x01000400, 0x00000000,
				93	0x00010004, 0x00010400, 0x00000000, 0x01010004
				94	};
				95
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	96	static const uint32_t SB2[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	97	{
				98	0x80108020, 0x80008000, 0x00008000, 0x00108020,
				99	0x00100000, 0x00000020, 0x80100020, 0x80008020,
				100	0x80000020, 0x80108020, 0x80108000, 0x80000000,
				101	0x80008000, 0x00100000, 0x00000020, 0x80100020,
				102	0x00108000, 0x00100020, 0x80008020, 0x00000000,
				103	0x80000000, 0x00008000, 0x00108020, 0x80100000,
				104	0x00100020, 0x80000020, 0x00000000, 0x00108000,
				105	0x00008020, 0x80108000, 0x80100000, 0x00008020,
				106	0x00000000, 0x00108020, 0x80100020, 0x00100000,
				107	0x80008020, 0x80100000, 0x80108000, 0x00008000,
				108	0x80100000, 0x80008000, 0x00000020, 0x80108020,
				109	0x00108020, 0x00000020, 0x00008000, 0x80000000,
				110	0x00008020, 0x80108000, 0x00100000, 0x80000020,
				111	0x00100020, 0x80008020, 0x80000020, 0x00100020,
				112	0x00108000, 0x00000000, 0x80008000, 0x00008020,
				113	0x80000000, 0x80100020, 0x80108020, 0x00108000
				114	};
				115
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	116	static const uint32_t SB3[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	117	{
				118	0x00000208, 0x08020200, 0x00000000, 0x08020008,
				119	0x08000200, 0x00000000, 0x00020208, 0x08000200,
				120	0x00020008, 0x08000008, 0x08000008, 0x00020000,
				121	0x08020208, 0x00020008, 0x08020000, 0x00000208,
				122	0x08000000, 0x00000008, 0x08020200, 0x00000200,
				123	0x00020200, 0x08020000, 0x08020008, 0x00020208,
				124	0x08000208, 0x00020200, 0x00020000, 0x08000208,
				125	0x00000008, 0x08020208, 0x00000200, 0x08000000,
				126	0x08020200, 0x08000000, 0x00020008, 0x00000208,
				127	0x00020000, 0x08020200, 0x08000200, 0x00000000,
				128	0x00000200, 0x00020008, 0x08020208, 0x08000200,
				129	0x08000008, 0x00000200, 0x00000000, 0x08020008,
				130	0x08000208, 0x00020000, 0x08000000, 0x08020208,
				131	0x00000008, 0x00020208, 0x00020200, 0x08000008,
				132	0x08020000, 0x08000208, 0x00000208, 0x08020000,
				133	0x00020208, 0x00000008, 0x08020008, 0x00020200
				134	};
				135
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	136	static const uint32_t SB4[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	137	{
				138	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				139	0x00802080, 0x00800081, 0x00800001, 0x00002001,
				140	0x00000000, 0x00802000, 0x00802000, 0x00802081,
				141	0x00000081, 0x00000000, 0x00800080, 0x00800001,
				142	0x00000001, 0x00002000, 0x00800000, 0x00802001,
				143	0x00000080, 0x00800000, 0x00002001, 0x00002080,
				144	0x00800081, 0x00000001, 0x00002080, 0x00800080,
				145	0x00002000, 0x00802080, 0x00802081, 0x00000081,
				146	0x00800080, 0x00800001, 0x00802000, 0x00802081,
				147	0x00000081, 0x00000000, 0x00000000, 0x00802000,
				148	0x00002080, 0x00800080, 0x00800081, 0x00000001,
				149	0x00802001, 0x00002081, 0x00002081, 0x00000080,
				150	0x00802081, 0x00000081, 0x00000001, 0x00002000,
				151	0x00800001, 0x00002001, 0x00802080, 0x00800081,
				152	0x00002001, 0x00002080, 0x00800000, 0x00802001,
				153	0x00000080, 0x00800000, 0x00002000, 0x00802080
				154	};
				155
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	156	static const uint32_t SB5[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	157	{
				158	0x00000100, 0x02080100, 0x02080000, 0x42000100,
				159	0x00080000, 0x00000100, 0x40000000, 0x02080000,
				160	0x40080100, 0x00080000, 0x02000100, 0x40080100,
				161	0x42000100, 0x42080000, 0x00080100, 0x40000000,
				162	0x02000000, 0x40080000, 0x40080000, 0x00000000,
				163	0x40000100, 0x42080100, 0x42080100, 0x02000100,
				164	0x42080000, 0x40000100, 0x00000000, 0x42000000,
				165	0x02080100, 0x02000000, 0x42000000, 0x00080100,
				166	0x00080000, 0x42000100, 0x00000100, 0x02000000,
				167	0x40000000, 0x02080000, 0x42000100, 0x40080100,
				168	0x02000100, 0x40000000, 0x42080000, 0x02080100,
				169	0x40080100, 0x00000100, 0x02000000, 0x42080000,
				170	0x42080100, 0x00080100, 0x42000000, 0x42080100,
				171	0x02080000, 0x00000000, 0x40080000, 0x42000000,
				172	0x00080100, 0x02000100, 0x40000100, 0x00080000,
				173	0x00000000, 0x40080000, 0x02080100, 0x40000100
				174	};
				175
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	176	static const uint32_t SB6[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	177	{
				178	0x20000010, 0x20400000, 0x00004000, 0x20404010,
				179	0x20400000, 0x00000010, 0x20404010, 0x00400000,
				180	0x20004000, 0x00404010, 0x00400000, 0x20000010,
				181	0x00400010, 0x20004000, 0x20000000, 0x00004010,
				182	0x00000000, 0x00400010, 0x20004010, 0x00004000,
				183	0x00404000, 0x20004010, 0x00000010, 0x20400010,
				184	0x20400010, 0x00000000, 0x00404010, 0x20404000,
				185	0x00004010, 0x00404000, 0x20404000, 0x20000000,
				186	0x20004000, 0x00000010, 0x20400010, 0x00404000,
				187	0x20404010, 0x00400000, 0x00004010, 0x20000010,
				188	0x00400000, 0x20004000, 0x20000000, 0x00004010,
				189	0x20000010, 0x20404010, 0x00404000, 0x20400000,
				190	0x00404010, 0x20404000, 0x00000000, 0x20400010,
				191	0x00000010, 0x00004000, 0x20400000, 0x00404010,
				192	0x00004000, 0x00400010, 0x20004010, 0x00000000,
				193	0x20404000, 0x20000000, 0x00400010, 0x20004010
				194	};
				195
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	196	static const uint32_t SB7[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	197	{
				198	0x00200000, 0x04200002, 0x04000802, 0x00000000,
				199	0x00000800, 0x04000802, 0x00200802, 0x04200800,
				200	0x04200802, 0x00200000, 0x00000000, 0x04000002,
				201	0x00000002, 0x04000000, 0x04200002, 0x00000802,
				202	0x04000800, 0x00200802, 0x00200002, 0x04000800,
				203	0x04000002, 0x04200000, 0x04200800, 0x00200002,
				204	0x04200000, 0x00000800, 0x00000802, 0x04200802,
				205	0x00200800, 0x00000002, 0x04000000, 0x00200800,
				206	0x04000000, 0x00200800, 0x00200000, 0x04000802,
				207	0x04000802, 0x04200002, 0x04200002, 0x00000002,
				208	0x00200002, 0x04000000, 0x04000800, 0x00200000,
				209	0x04200800, 0x00000802, 0x00200802, 0x04200800,
				210	0x00000802, 0x04000002, 0x04200802, 0x04200000,
				211	0x00200800, 0x00000000, 0x00000002, 0x04200802,
				212	0x00000000, 0x00200802, 0x04200000, 0x00000800,
				213	0x04000002, 0x04000800, 0x00000800, 0x00200002
				214	};
				215
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	216	static const uint32_t SB8[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	217	{
				218	0x10001040, 0x00001000, 0x00040000, 0x10041040,
				219	0x10000000, 0x10001040, 0x00000040, 0x10000000,
				220	0x00040040, 0x10040000, 0x10041040, 0x00041000,
				221	0x10041000, 0x00041040, 0x00001000, 0x00000040,
				222	0x10040000, 0x10000040, 0x10001000, 0x00001040,
				223	0x00041000, 0x00040040, 0x10040040, 0x10041000,
				224	0x00001040, 0x00000000, 0x00000000, 0x10040040,
				225	0x10000040, 0x10001000, 0x00041040, 0x00040000,
				226	0x00041040, 0x00040000, 0x10041000, 0x00001000,
				227	0x00000040, 0x10040040, 0x00001000, 0x00041040,
				228	0x10001000, 0x00000040, 0x10000040, 0x10040000,
				229	0x10040040, 0x10000000, 0x00040000, 0x10001040,
				230	0x00000000, 0x10041040, 0x00040040, 0x10000040,
				231	0x10040000, 0x10001000, 0x10001040, 0x00000000,
				232	0x10041040, 0x00041000, 0x00041000, 0x00001040,
				233	0x00001040, 0x00040040, 0x10000000, 0x10041000
				234	};
				235
				236	/*
				237	* PC1: left and right halves bit-swap
				238	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	239	static const uint32_t LHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	240	{
				241	0x00000000, 0x00000001, 0x00000100, 0x00000101,
				242	0x00010000, 0x00010001, 0x00010100, 0x00010101,
				243	0x01000000, 0x01000001, 0x01000100, 0x01000101,
				244	0x01010000, 0x01010001, 0x01010100, 0x01010101
				245	};
				246
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	247	static const uint32_t RHs[16] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	248	{
				249	0x00000000, 0x01000000, 0x00010000, 0x01010000,
				250	0x00000100, 0x01000100, 0x00010100, 0x01010100,
				251	0x00000001, 0x01000001, 0x00010001, 0x01010001,
				252	0x00000101, 0x01000101, 0x00010101, 0x01010101,
				253	};
				254
				255	/*
				256	* Initial Permutation macro
				257	*/
				258	#define DES_IP(X,Y) \
				259	{ \
				260	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				261	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				262	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				263	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				264	Y = ((Y << 1) \| (Y >> 31)) & 0xFFFFFFFF; \
				265	T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
				266	X = ((X << 1) \| (X >> 31)) & 0xFFFFFFFF; \
				267	}
				268
				269	/*
				270	* Final Permutation macro
				271	*/
				272	#define DES_FP(X,Y) \
				273	{ \
				274	X = ((X << 31) \| (X >> 1)) & 0xFFFFFFFF; \
				275	T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
				276	Y = ((Y << 31) \| (Y >> 1)) & 0xFFFFFFFF; \
				277	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
				278	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
				279	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
				280	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
				281	}
				282
				283	/*
				284	* DES round macro
				285	*/
				286	#define DES_ROUND(X,Y) \
				287	{ \
				288	T = *SK++ ^ X; \
				289	Y ^= SB8[ (T ) & 0x3F ] ^ \
				290	SB6[ (T >> 8) & 0x3F ] ^ \
				291	SB4[ (T >> 16) & 0x3F ] ^ \
				292	SB2[ (T >> 24) & 0x3F ]; \
				293	\
				294	T = *SK++ ^ ((X << 28) \| (X >> 4)); \
				295	Y ^= SB7[ (T ) & 0x3F ] ^ \
				296	SB5[ (T >> 8) & 0x3F ] ^ \
				297	SB3[ (T >> 16) & 0x3F ] ^ \
				298	SB1[ (T >> 24) & 0x3F ]; \
				299	}
				300
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	301	#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	302
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	303	static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
				304	11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
				305	47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
				306	82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
				307	115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
				308	143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
				309	171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
				310	199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
				311	227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
				312	254 };
				313
				314	void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
				315	{
				316	int i;
				317
				318	for( i = 0; i < DES_KEY_SIZE; i++ )
				319	key[i] = odd_parity_table[key[i] / 2];
				320	}
				321
				322	/*
				323	* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
				324	*/
				325	int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
				326	{
				327	int i;
				328
				329	for( i = 0; i < DES_KEY_SIZE; i++ )
				330	if ( key[i] != odd_parity_table[key[i] / 2] )
				331	return( 1 );
				332
				333	return( 0 );
				334	}
				335
				336	/*
				337	* Table of weak and semi-weak keys
				338	*
				339	* Source: http://en.wikipedia.org/wiki/Weak_key
				340	*
				341	* Weak:
				342	* Alternating ones + zeros (0x0101010101010101)
				343	* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
				344	* '0xE0E0E0E0F1F1F1F1'
				345	* '0x1F1F1F1F0E0E0E0E'
				346	*
				347	* Semi-weak:
				348	* 0x011F011F010E010E and 0x1F011F010E010E01
				349	* 0x01E001E001F101F1 and 0xE001E001F101F101
				350	* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
				351	* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
				352	* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
				353	* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
				354	*
				355	*/
				356
				357	#define WEAK_KEY_COUNT 16
				358
				359	static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
				360	{
				361	{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
				362	{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
				363	{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
				364	{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
				365
				366	{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
				367	{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
				368	{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
				369	{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
				370	{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
				371	{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
				372	{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
				373	{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
				374	{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
				375	{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
				376	{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
				377	{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
				378	};
				379
				380	int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
				381	{
				382	int i;
				383
				384	for( i = 0; i < WEAK_KEY_COUNT; i++ )
				385	if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	386	return( 1 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	387
Paul Bakker	7320695	2011-07-06 14:37:33 +0000	[diff] [blame]	388	return( 0 );
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	389	}
				390
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	391	static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	392	{
				393	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	394	uint32_t X, Y, T;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	395
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	396	GET_UINT32_BE( X, key, 0 );
				397	GET_UINT32_BE( Y, key, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	398
				399	/*
				400	* Permuted Choice 1
				401	*/
				402	T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
				403	T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
				404
				405	X = (LHs[ (X ) & 0xF] << 3) \| (LHs[ (X >> 8) & 0xF ] << 2)
				406	\| (LHs[ (X >> 16) & 0xF] << 1) \| (LHs[ (X >> 24) & 0xF ] )
				407	\| (LHs[ (X >> 5) & 0xF] << 7) \| (LHs[ (X >> 13) & 0xF ] << 6)
				408	\| (LHs[ (X >> 21) & 0xF] << 5) \| (LHs[ (X >> 29) & 0xF ] << 4);
				409
				410	Y = (RHs[ (Y >> 1) & 0xF] << 3) \| (RHs[ (Y >> 9) & 0xF ] << 2)
				411	\| (RHs[ (Y >> 17) & 0xF] << 1) \| (RHs[ (Y >> 25) & 0xF ] )
				412	\| (RHs[ (Y >> 4) & 0xF] << 7) \| (RHs[ (Y >> 12) & 0xF ] << 6)
				413	\| (RHs[ (Y >> 20) & 0xF] << 5) \| (RHs[ (Y >> 28) & 0xF ] << 4);
				414
				415	X &= 0x0FFFFFFF;
				416	Y &= 0x0FFFFFFF;
				417
				418	/*
				419	* calculate subkeys
				420	*/
				421	for( i = 0; i < 16; i++ )
				422	{
				423	if( i < 2 \|\| i == 8 \|\| i == 15 )
				424	{
				425	X = ((X << 1) \| (X >> 27)) & 0x0FFFFFFF;
				426	Y = ((Y << 1) \| (Y >> 27)) & 0x0FFFFFFF;
				427	}
				428	else
				429	{
				430	X = ((X << 2) \| (X >> 26)) & 0x0FFFFFFF;
				431	Y = ((Y << 2) \| (Y >> 26)) & 0x0FFFFFFF;
				432	}
				433
				434	*SK++ = ((X << 4) & 0x24000000) \| ((X << 28) & 0x10000000)
				435	\| ((X << 14) & 0x08000000) \| ((X << 18) & 0x02080000)
				436	\| ((X << 6) & 0x01000000) \| ((X << 9) & 0x00200000)
				437	\| ((X >> 1) & 0x00100000) \| ((X << 10) & 0x00040000)
				438	\| ((X << 2) & 0x00020000) \| ((X >> 10) & 0x00010000)
				439	\| ((Y >> 13) & 0x00002000) \| ((Y >> 4) & 0x00001000)
				440	\| ((Y << 6) & 0x00000800) \| ((Y >> 1) & 0x00000400)
				441	\| ((Y >> 14) & 0x00000200) \| ((Y ) & 0x00000100)
				442	\| ((Y >> 5) & 0x00000020) \| ((Y >> 10) & 0x00000010)
				443	\| ((Y >> 3) & 0x00000008) \| ((Y >> 18) & 0x00000004)
				444	\| ((Y >> 26) & 0x00000002) \| ((Y >> 24) & 0x00000001);
				445
				446	*SK++ = ((X << 15) & 0x20000000) \| ((X << 17) & 0x10000000)
				447	\| ((X << 10) & 0x08000000) \| ((X << 22) & 0x04000000)
				448	\| ((X >> 2) & 0x02000000) \| ((X << 1) & 0x01000000)
				449	\| ((X << 16) & 0x00200000) \| ((X << 11) & 0x00100000)
				450	\| ((X << 3) & 0x00080000) \| ((X >> 6) & 0x00040000)
				451	\| ((X << 15) & 0x00020000) \| ((X >> 4) & 0x00010000)
				452	\| ((Y >> 2) & 0x00002000) \| ((Y << 8) & 0x00001000)
				453	\| ((Y >> 14) & 0x00000808) \| ((Y >> 9) & 0x00000400)
				454	\| ((Y ) & 0x00000200) \| ((Y << 7) & 0x00000100)
				455	\| ((Y >> 7) & 0x00000020) \| ((Y >> 3) & 0x00000011)
				456	\| ((Y << 2) & 0x00000004) \| ((Y >> 21) & 0x00000002);
				457	}
				458	}
				459
				460	/*
				461	* DES key schedule (56-bit, encryption)
				462	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	463	int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	464	{
				465	des_setkey( ctx->sk, key );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	466
				467	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	468	}
				469
				470	/*
				471	* DES key schedule (56-bit, decryption)
				472	*/
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	473	int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	474	{
				475	int i;
				476
				477	des_setkey( ctx->sk, key );
				478
				479	for( i = 0; i < 16; i += 2 )
				480	{
				481	SWAP( ctx->sk[i ], ctx->sk[30 - i] );
				482	SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
				483	}
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	484
				485	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	486	}
				487
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	488	static void des3_set2key( uint32_t esk[96],
				489	uint32_t dsk[96],
Paul Bakker	1f87fb6	2011-01-15 17:32:24 +0000	[diff] [blame]	490	const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	491	{
				492	int i;
				493
				494	des_setkey( esk, key );
				495	des_setkey( dsk + 32, key + 8 );
				496
				497	for( i = 0; i < 32; i += 2 )
				498	{
				499	dsk[i ] = esk[30 - i];
				500	dsk[i + 1] = esk[31 - i];
				501
				502	esk[i + 32] = dsk[62 - i];
				503	esk[i + 33] = dsk[63 - i];
				504
				505	esk[i + 64] = esk[i ];
				506	esk[i + 65] = esk[i + 1];
				507
				508	dsk[i + 64] = dsk[i ];
				509	dsk[i + 65] = dsk[i + 1];
				510	}
				511	}
				512
				513	/*
				514	* Triple-DES key schedule (112-bit, encryption)
				515	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame^]	516	int des3_set2key_enc( des3_context *ctx,
				517	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	518	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	519	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	520
				521	des3_set2key( ctx->sk, sk, key );
				522	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	523
				524	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	525	}
				526
				527	/*
				528	* Triple-DES key schedule (112-bit, decryption)
				529	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame^]	530	int des3_set2key_dec( des3_context *ctx,
				531	const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	532	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	533	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	534
				535	des3_set2key( sk, ctx->sk, key );
				536	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	537
				538	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	539	}
				540
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	541	static void des3_set3key( uint32_t esk[96],
				542	uint32_t dsk[96],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	543	const unsigned char key[24] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	544	{
				545	int i;
				546
				547	des_setkey( esk, key );
				548	des_setkey( dsk + 32, key + 8 );
				549	des_setkey( esk + 64, key + 16 );
				550
				551	for( i = 0; i < 32; i += 2 )
				552	{
				553	dsk[i ] = esk[94 - i];
				554	dsk[i + 1] = esk[95 - i];
				555
				556	esk[i + 32] = dsk[62 - i];
				557	esk[i + 33] = dsk[63 - i];
				558
				559	dsk[i + 64] = esk[30 - i];
				560	dsk[i + 65] = esk[31 - i];
				561	}
				562	}
				563
				564	/*
				565	* Triple-DES key schedule (168-bit, encryption)
				566	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame^]	567	int des3_set3key_enc( des3_context *ctx,
				568	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	569	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	570	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	571
				572	des3_set3key( ctx->sk, sk, key );
				573	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	574
				575	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	576	}
				577
				578	/*
				579	* Triple-DES key schedule (168-bit, decryption)
				580	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame^]	581	int des3_set3key_dec( des3_context *ctx,
				582	const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	583	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	584	uint32_t sk[96];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	585
				586	des3_set3key( sk, ctx->sk, key );
				587	memset( sk, 0, sizeof( sk ) );
Paul Bakker	8123e9d	2011-01-06 15:37:30 +0000	[diff] [blame]	588
				589	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	590	}
				591
				592	/*
				593	* DES-ECB block encryption/decryption
				594	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	595	int des_crypt_ecb( des_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	596	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	597	unsigned char output[8] )
				598	{
				599	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	600	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	601
				602	SK = ctx->sk;
				603
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	604	GET_UINT32_BE( X, input, 0 );
				605	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	606
				607	DES_IP( X, Y );
				608
				609	for( i = 0; i < 8; i++ )
				610	{
				611	DES_ROUND( Y, X );
				612	DES_ROUND( X, Y );
				613	}
				614
				615	DES_FP( Y, X );
				616
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	617	PUT_UINT32_BE( Y, output, 0 );
				618	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	619
				620	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	621	}
				622
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	623	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	624	/*
				625	* DES-CBC buffer encryption/decryption
				626	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	627	int des_crypt_cbc( des_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	628	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	629	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	630	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	631	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	632	unsigned char *output )
				633	{
				634	int i;
				635	unsigned char temp[8];
				636
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	637	if( length % 8 )
				638	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				639
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	640	if( mode == DES_ENCRYPT )
				641	{
				642	while( length > 0 )
				643	{
				644	for( i = 0; i < 8; i++ )
				645	output[i] = (unsigned char)( input[i] ^ iv[i] );
				646
				647	des_crypt_ecb( ctx, output, output );
				648	memcpy( iv, output, 8 );
				649
				650	input += 8;
				651	output += 8;
				652	length -= 8;
				653	}
				654	}
				655	else /* DES_DECRYPT */
				656	{
				657	while( length > 0 )
				658	{
				659	memcpy( temp, input, 8 );
				660	des_crypt_ecb( ctx, input, output );
				661
				662	for( i = 0; i < 8; i++ )
				663	output[i] = (unsigned char)( output[i] ^ iv[i] );
				664
				665	memcpy( iv, temp, 8 );
				666
				667	input += 8;
				668	output += 8;
				669	length -= 8;
				670	}
				671	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	672
				673	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	674	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	675	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	676
				677	/*
				678	* 3DES-ECB block encryption/decryption
				679	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	680	int des3_crypt_ecb( des3_context *ctx,
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	681	const unsigned char input[8],
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	682	unsigned char output[8] )
				683	{
				684	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	685	uint32_t X, Y, T, *SK;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	686
				687	SK = ctx->sk;
				688
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	689	GET_UINT32_BE( X, input, 0 );
				690	GET_UINT32_BE( Y, input, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	691
				692	DES_IP( X, Y );
				693
				694	for( i = 0; i < 8; i++ )
				695	{
				696	DES_ROUND( Y, X );
				697	DES_ROUND( X, Y );
				698	}
				699
				700	for( i = 0; i < 8; i++ )
				701	{
				702	DES_ROUND( X, Y );
				703	DES_ROUND( Y, X );
				704	}
				705
				706	for( i = 0; i < 8; i++ )
				707	{
				708	DES_ROUND( Y, X );
				709	DES_ROUND( X, Y );
				710	}
				711
				712	DES_FP( Y, X );
				713
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	714	PUT_UINT32_BE( Y, output, 0 );
				715	PUT_UINT32_BE( X, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	716
				717	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	718	}
				719
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	720	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	721	/*
				722	* 3DES-CBC buffer encryption/decryption
				723	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	724	int des3_crypt_cbc( des3_context *ctx,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	725	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	726	size_t length,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	727	unsigned char iv[8],
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	728	const unsigned char *input,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	729	unsigned char *output )
				730	{
				731	int i;
				732	unsigned char temp[8];
				733
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	734	if( length % 8 )
				735	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
				736
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	737	if( mode == DES_ENCRYPT )
				738	{
				739	while( length > 0 )
				740	{
				741	for( i = 0; i < 8; i++ )
				742	output[i] = (unsigned char)( input[i] ^ iv[i] );
				743
				744	des3_crypt_ecb( ctx, output, output );
				745	memcpy( iv, output, 8 );
				746
				747	input += 8;
				748	output += 8;
				749	length -= 8;
				750	}
				751	}
				752	else /* DES_DECRYPT */
				753	{
				754	while( length > 0 )
				755	{
				756	memcpy( temp, input, 8 );
				757	des3_crypt_ecb( ctx, input, output );
				758
				759	for( i = 0; i < 8; i++ )
				760	output[i] = (unsigned char)( output[i] ^ iv[i] );
				761
				762	memcpy( iv, temp, 8 );
				763
				764	input += 8;
				765	output += 8;
				766	length -= 8;
				767	}
				768	}
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	769
				770	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	771	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	772	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	773
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	774	#endif /* !POLARSSL_DES_ALT */
				775
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	776	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	777
				778	#include <stdio.h>
				779
				780	/*
				781	* DES and 3DES test vectors from:
				782	*
				783	* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
				784	*/
				785	static const unsigned char des3_test_keys[24] =
				786	{
				787	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
				788	0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
				789	0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
				790	};
				791
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	792	static const unsigned char des3_test_buf[8] =
				793	{
				794	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
				795	};
				796
				797	static const unsigned char des3_test_ecb_dec[3][8] =
				798	{
				799	{ 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
				800	{ 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
				801	{ 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
				802	};
				803
				804	static const unsigned char des3_test_ecb_enc[3][8] =
				805	{
				806	{ 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
				807	{ 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
				808	{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
				809	};
				810
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	811	#if defined(POLARSSL_CIPHER_MODE_CBC)
				812	static const unsigned char des3_test_iv[8] =
				813	{
				814	0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
				815	};
				816
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	817	static const unsigned char des3_test_cbc_dec[3][8] =
				818	{
				819	{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
				820	{ 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
				821	{ 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
				822	};
				823
				824	static const unsigned char des3_test_cbc_enc[3][8] =
				825	{
				826	{ 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
				827	{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
				828	{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
				829	};
Manuel Pégourié-Gonnard	29dcc0b	2014-03-10 11:32:07 +0100	[diff] [blame]	830	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	831
				832	/*
				833	* Checkup routine
				834	*/
				835	int des_self_test( int verbose )
				836	{
				837	int i, j, u, v;
				838	des_context ctx;
				839	des3_context ctx3;
				840	unsigned char key[24];
				841	unsigned char buf[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	842	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	843	unsigned char prv[8];
				844	unsigned char iv[8];
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	845	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	846
				847	memset( key, 0, 24 );
				848
				849	/*
				850	* ECB mode
				851	*/
				852	for( i = 0; i < 6; i++ )
				853	{
				854	u = i >> 1;
				855	v = i & 1;
				856
				857	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	858	polarssl_printf( " DES%c-ECB-%3d (%s): ",
				859	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				860	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	861
				862	memcpy( buf, des3_test_buf, 8 );
				863
				864	switch( i )
				865	{
				866	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	867	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	868	break;
				869
				870	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	871	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	872	break;
				873
				874	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	875	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	876	break;
				877
				878	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	879	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	880	break;
				881
				882	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	883	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	884	break;
				885
				886	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	887	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	888	break;
				889
				890	default:
				891	return( 1 );
				892	}
				893
				894	for( j = 0; j < 10000; j++ )
				895	{
				896	if( u == 0 )
				897	des_crypt_ecb( &ctx, buf, buf );
				898	else
				899	des3_crypt_ecb( &ctx3, buf, buf );
				900	}
				901
				902	if( ( v == DES_DECRYPT &&
				903	memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) \|\|
				904	( v != DES_DECRYPT &&
				905	memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
				906	{
				907	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	908	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	909
				910	return( 1 );
				911	}
				912
				913	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	914	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	915	}
				916
				917	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	918	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	919
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	920	#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	921	/*
				922	* CBC mode
				923	*/
				924	for( i = 0; i < 6; i++ )
				925	{
				926	u = i >> 1;
				927	v = i & 1;
				928
				929	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	930	polarssl_printf( " DES%c-CBC-%3d (%s): ",
				931	( u == 0 ) ? ' ' : '3', 56 + u * 56,
				932	( v == DES_DECRYPT ) ? "dec" : "enc" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	933
				934	memcpy( iv, des3_test_iv, 8 );
				935	memcpy( prv, des3_test_iv, 8 );
				936	memcpy( buf, des3_test_buf, 8 );
				937
				938	switch( i )
				939	{
				940	case 0:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	941	des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	942	break;
				943
				944	case 1:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	945	des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	946	break;
				947
				948	case 2:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	949	des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	950	break;
				951
				952	case 3:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	953	des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	954	break;
				955
				956	case 4:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	957	des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	958	break;
				959
				960	case 5:
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	961	des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	962	break;
				963
				964	default:
				965	return( 1 );
				966	}
				967
				968	if( v == DES_DECRYPT )
				969	{
				970	for( j = 0; j < 10000; j++ )
				971	{
				972	if( u == 0 )
				973	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				974	else
				975	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				976	}
				977	}
				978	else
				979	{
				980	for( j = 0; j < 10000; j++ )
				981	{
				982	unsigned char tmp[8];
				983
				984	if( u == 0 )
				985	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
				986	else
				987	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
				988
				989	memcpy( tmp, prv, 8 );
				990	memcpy( prv, buf, 8 );
				991	memcpy( buf, tmp, 8 );
				992	}
				993
				994	memcpy( buf, prv, 8 );
				995	}
				996
				997	if( ( v == DES_DECRYPT &&
				998	memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) \|\|
				999	( v != DES_DECRYPT &&
				1000	memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
				1001	{
				1002	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1003	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1004
				1005	return( 1 );
				1006	}
				1007
				1008	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1009	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1010	}
Manuel Pégourié-Gonnard	92cb1d3	2013-09-13 16:24:20 +0200	[diff] [blame]	1011	#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1012
				1013	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1014	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1015
				1016	return( 0 );
				1017	}
				1018
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1019	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1020
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1021	#endif /* POLARSSL_DES_C */