TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/archive/polarssl-1.2 / . / library / des.c
blob: 71f3429123c01654a807bbf1fc4fcb6d122f2b83 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
Paul Bakker530927b2015-02-13 14:24:10 +0100[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnarde12abf92015-01-28 17:13:45 +0000[diff] [blame]6 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * DES, on which TDES is based, was originally designed by Horst Feistel
24 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
25 *
26 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
27 */
28
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]29#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#include "polarssl/des.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Paul Bakker4087c472013-06-12 16:49:10 +0200[diff] [blame]35#if !defined(POLARSSL_DES_ALT)
36
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]37/* Implementation that should never be optimized out by the compiler */
38static void polarssl_zeroize( void *v, size_t n ) {
39 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
40}
41
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42/*
43 * 32-bit integer manipulation macros (big endian)
44 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]45#ifndef GET_UINT32_BE
46#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]47{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]48 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
49 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
50 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
51 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]52}
53#endif
54
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]55#ifndef PUT_UINT32_BE
56#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]57{ \
58 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
59 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
60 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
61 (b)[(i) + 3] = (unsigned char) ( (n) ); \
62}
63#endif
64
65/*
66 * Expanded DES S-boxes
67 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68static const uint32_t SB1[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]69{
70 0x01010400, 0x00000000, 0x00010000, 0x01010404,
71 0x01010004, 0x00010404, 0x00000004, 0x00010000,
72 0x00000400, 0x01010400, 0x01010404, 0x00000400,
73 0x01000404, 0x01010004, 0x01000000, 0x00000004,
74 0x00000404, 0x01000400, 0x01000400, 0x00010400,
75 0x00010400, 0x01010000, 0x01010000, 0x01000404,
76 0x00010004, 0x01000004, 0x01000004, 0x00010004,
77 0x00000000, 0x00000404, 0x00010404, 0x01000000,
78 0x00010000, 0x01010404, 0x00000004, 0x01010000,
79 0x01010400, 0x01000000, 0x01000000, 0x00000400,
80 0x01010004, 0x00010000, 0x00010400, 0x01000004,
81 0x00000400, 0x00000004, 0x01000404, 0x00010404,
82 0x01010404, 0x00010004, 0x01010000, 0x01000404,
83 0x01000004, 0x00000404, 0x00010404, 0x01010400,
84 0x00000404, 0x01000400, 0x01000400, 0x00000000,
85 0x00010004, 0x00010400, 0x00000000, 0x01010004
86};
87
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]88static const uint32_t SB2[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]89{
90 0x80108020, 0x80008000, 0x00008000, 0x00108020,
91 0x00100000, 0x00000020, 0x80100020, 0x80008020,
92 0x80000020, 0x80108020, 0x80108000, 0x80000000,
93 0x80008000, 0x00100000, 0x00000020, 0x80100020,
94 0x00108000, 0x00100020, 0x80008020, 0x00000000,
95 0x80000000, 0x00008000, 0x00108020, 0x80100000,
96 0x00100020, 0x80000020, 0x00000000, 0x00108000,
97 0x00008020, 0x80108000, 0x80100000, 0x00008020,
98 0x00000000, 0x00108020, 0x80100020, 0x00100000,
99 0x80008020, 0x80100000, 0x80108000, 0x00008000,
100 0x80100000, 0x80008000, 0x00000020, 0x80108020,
101 0x00108020, 0x00000020, 0x00008000, 0x80000000,
102 0x00008020, 0x80108000, 0x00100000, 0x80000020,
103 0x00100020, 0x80008020, 0x80000020, 0x00100020,
104 0x00108000, 0x00000000, 0x80008000, 0x00008020,
105 0x80000000, 0x80100020, 0x80108020, 0x00108000
106};
107
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]108static const uint32_t SB3[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]109{
110 0x00000208, 0x08020200, 0x00000000, 0x08020008,
111 0x08000200, 0x00000000, 0x00020208, 0x08000200,
112 0x00020008, 0x08000008, 0x08000008, 0x00020000,
113 0x08020208, 0x00020008, 0x08020000, 0x00000208,
114 0x08000000, 0x00000008, 0x08020200, 0x00000200,
115 0x00020200, 0x08020000, 0x08020008, 0x00020208,
116 0x08000208, 0x00020200, 0x00020000, 0x08000208,
117 0x00000008, 0x08020208, 0x00000200, 0x08000000,
118 0x08020200, 0x08000000, 0x00020008, 0x00000208,
119 0x00020000, 0x08020200, 0x08000200, 0x00000000,
120 0x00000200, 0x00020008, 0x08020208, 0x08000200,
121 0x08000008, 0x00000200, 0x00000000, 0x08020008,
122 0x08000208, 0x00020000, 0x08000000, 0x08020208,
123 0x00000008, 0x00020208, 0x00020200, 0x08000008,
124 0x08020000, 0x08000208, 0x00000208, 0x08020000,
125 0x00020208, 0x00000008, 0x08020008, 0x00020200
126};
127
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]128static const uint32_t SB4[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]129{
130 0x00802001, 0x00002081, 0x00002081, 0x00000080,
131 0x00802080, 0x00800081, 0x00800001, 0x00002001,
132 0x00000000, 0x00802000, 0x00802000, 0x00802081,
133 0x00000081, 0x00000000, 0x00800080, 0x00800001,
134 0x00000001, 0x00002000, 0x00800000, 0x00802001,
135 0x00000080, 0x00800000, 0x00002001, 0x00002080,
136 0x00800081, 0x00000001, 0x00002080, 0x00800080,
137 0x00002000, 0x00802080, 0x00802081, 0x00000081,
138 0x00800080, 0x00800001, 0x00802000, 0x00802081,
139 0x00000081, 0x00000000, 0x00000000, 0x00802000,
140 0x00002080, 0x00800080, 0x00800081, 0x00000001,
141 0x00802001, 0x00002081, 0x00002081, 0x00000080,
142 0x00802081, 0x00000081, 0x00000001, 0x00002000,
143 0x00800001, 0x00002001, 0x00802080, 0x00800081,
144 0x00002001, 0x00002080, 0x00800000, 0x00802001,
145 0x00000080, 0x00800000, 0x00002000, 0x00802080
146};
147
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]148static const uint32_t SB5[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]149{
150 0x00000100, 0x02080100, 0x02080000, 0x42000100,
151 0x00080000, 0x00000100, 0x40000000, 0x02080000,
152 0x40080100, 0x00080000, 0x02000100, 0x40080100,
153 0x42000100, 0x42080000, 0x00080100, 0x40000000,
154 0x02000000, 0x40080000, 0x40080000, 0x00000000,
155 0x40000100, 0x42080100, 0x42080100, 0x02000100,
156 0x42080000, 0x40000100, 0x00000000, 0x42000000,
157 0x02080100, 0x02000000, 0x42000000, 0x00080100,
158 0x00080000, 0x42000100, 0x00000100, 0x02000000,
159 0x40000000, 0x02080000, 0x42000100, 0x40080100,
160 0x02000100, 0x40000000, 0x42080000, 0x02080100,
161 0x40080100, 0x00000100, 0x02000000, 0x42080000,
162 0x42080100, 0x00080100, 0x42000000, 0x42080100,
163 0x02080000, 0x00000000, 0x40080000, 0x42000000,
164 0x00080100, 0x02000100, 0x40000100, 0x00080000,
165 0x00000000, 0x40080000, 0x02080100, 0x40000100
166};
167
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]168static const uint32_t SB6[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]169{
170 0x20000010, 0x20400000, 0x00004000, 0x20404010,
171 0x20400000, 0x00000010, 0x20404010, 0x00400000,
172 0x20004000, 0x00404010, 0x00400000, 0x20000010,
173 0x00400010, 0x20004000, 0x20000000, 0x00004010,
174 0x00000000, 0x00400010, 0x20004010, 0x00004000,
175 0x00404000, 0x20004010, 0x00000010, 0x20400010,
176 0x20400010, 0x00000000, 0x00404010, 0x20404000,
177 0x00004010, 0x00404000, 0x20404000, 0x20000000,
178 0x20004000, 0x00000010, 0x20400010, 0x00404000,
179 0x20404010, 0x00400000, 0x00004010, 0x20000010,
180 0x00400000, 0x20004000, 0x20000000, 0x00004010,
181 0x20000010, 0x20404010, 0x00404000, 0x20400000,
182 0x00404010, 0x20404000, 0x00000000, 0x20400010,
183 0x00000010, 0x00004000, 0x20400000, 0x00404010,
184 0x00004000, 0x00400010, 0x20004010, 0x00000000,
185 0x20404000, 0x20000000, 0x00400010, 0x20004010
186};
187
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]188static const uint32_t SB7[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]189{
190 0x00200000, 0x04200002, 0x04000802, 0x00000000,
191 0x00000800, 0x04000802, 0x00200802, 0x04200800,
192 0x04200802, 0x00200000, 0x00000000, 0x04000002,
193 0x00000002, 0x04000000, 0x04200002, 0x00000802,
194 0x04000800, 0x00200802, 0x00200002, 0x04000800,
195 0x04000002, 0x04200000, 0x04200800, 0x00200002,
196 0x04200000, 0x00000800, 0x00000802, 0x04200802,
197 0x00200800, 0x00000002, 0x04000000, 0x00200800,
198 0x04000000, 0x00200800, 0x00200000, 0x04000802,
199 0x04000802, 0x04200002, 0x04200002, 0x00000002,
200 0x00200002, 0x04000000, 0x04000800, 0x00200000,
201 0x04200800, 0x00000802, 0x00200802, 0x04200800,
202 0x00000802, 0x04000002, 0x04200802, 0x04200000,
203 0x00200800, 0x00000000, 0x00000002, 0x04200802,
204 0x00000000, 0x00200802, 0x04200000, 0x00000800,
205 0x04000002, 0x04000800, 0x00000800, 0x00200002
206};
207
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]208static const uint32_t SB8[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]209{
210 0x10001040, 0x00001000, 0x00040000, 0x10041040,
211 0x10000000, 0x10001040, 0x00000040, 0x10000000,
212 0x00040040, 0x10040000, 0x10041040, 0x00041000,
213 0x10041000, 0x00041040, 0x00001000, 0x00000040,
214 0x10040000, 0x10000040, 0x10001000, 0x00001040,
215 0x00041000, 0x00040040, 0x10040040, 0x10041000,
216 0x00001040, 0x00000000, 0x00000000, 0x10040040,
217 0x10000040, 0x10001000, 0x00041040, 0x00040000,
218 0x00041040, 0x00040000, 0x10041000, 0x00001000,
219 0x00000040, 0x10040040, 0x00001000, 0x00041040,
220 0x10001000, 0x00000040, 0x10000040, 0x10040000,
221 0x10040040, 0x10000000, 0x00040000, 0x10001040,
222 0x00000000, 0x10041040, 0x00040040, 0x10000040,
223 0x10040000, 0x10001000, 0x10001040, 0x00000000,
224 0x10041040, 0x00041000, 0x00041000, 0x00001040,
225 0x00001040, 0x00040040, 0x10000000, 0x10041000
226};
227
228/*
229 * PC1: left and right halves bit-swap
230 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]231static const uint32_t LHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]232{
233 0x00000000, 0x00000001, 0x00000100, 0x00000101,
234 0x00010000, 0x00010001, 0x00010100, 0x00010101,
235 0x01000000, 0x01000001, 0x01000100, 0x01000101,
236 0x01010000, 0x01010001, 0x01010100, 0x01010101
237};
238
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]239static const uint32_t RHs[16] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]240{
241 0x00000000, 0x01000000, 0x00010000, 0x01010000,
242 0x00000100, 0x01000100, 0x00010100, 0x01010100,
243 0x00000001, 0x01000001, 0x00010001, 0x01010001,
244 0x00000101, 0x01000101, 0x00010101, 0x01010101,
245};
246
247/*
248 * Initial Permutation macro
249 */
250#define DES_IP(X,Y) \
251{ \
252 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
253 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
254 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
255 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
256 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
257 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
258 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
259}
260
261/*
262 * Final Permutation macro
263 */
264#define DES_FP(X,Y) \
265{ \
266 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
267 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
268 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
269 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
270 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
271 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
272 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
273}
274
275/*
276 * DES round macro
277 */
278#define DES_ROUND(X,Y) \
279{ \
280 T = *SK++ ^ X; \
281 Y ^= SB8[ (T ) & 0x3F ] ^ \
282 SB6[ (T >> 8) & 0x3F ] ^ \
283 SB4[ (T >> 16) & 0x3F ] ^ \
284 SB2[ (T >> 24) & 0x3F ]; \
285 \
286 T = *SK++ ^ ((X << 28) | (X >> 4)); \
287 Y ^= SB7[ (T ) & 0x3F ] ^ \
288 SB5[ (T >> 8) & 0x3F ] ^ \
289 SB3[ (T >> 16) & 0x3F ] ^ \
290 SB1[ (T >> 24) & 0x3F ]; \
291}
292
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]293#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]295static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
296 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
297 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
298 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
299 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
300 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
301 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
302 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
303 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
304 254 };
305
306void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
307{
308 int i;
309
310 for( i = 0; i < DES_KEY_SIZE; i++ )
311 key[i] = odd_parity_table[key[i] / 2];
312}
313
314/*
315 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
316 */
317int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
318{
319 int i;
320
321 for( i = 0; i < DES_KEY_SIZE; i++ )
322 if ( key[i] != odd_parity_table[key[i] / 2] )
323 return( 1 );
324
325 return( 0 );
326}
327
328/*
329 * Table of weak and semi-weak keys
330 *
331 * Source: http://en.wikipedia.org/wiki/Weak_key
332 *
333 * Weak:
334 * Alternating ones + zeros (0x0101010101010101)
335 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
336 * '0xE0E0E0E0F1F1F1F1'
337 * '0x1F1F1F1F0E0E0E0E'
338 *
339 * Semi-weak:
340 * 0x011F011F010E010E and 0x1F011F010E010E01
341 * 0x01E001E001F101F1 and 0xE001E001F101F101
342 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
343 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
344 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
345 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
346 *
347 */
348
349#define WEAK_KEY_COUNT 16
350
351static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
352{
353 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
354 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
355 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
356 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
357
358 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
359 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
360 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
361 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
362 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
363 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
364 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
365 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
366 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
367 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
368 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
369 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
370};
371
372int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
373{
374 int i;
375
376 for( i = 0; i < WEAK_KEY_COUNT; i++ )
377 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]378 return( 1 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]379
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]380 return( 0 );
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]381}
382
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]383static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]384{
385 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]386 uint32_t X, Y, T;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]388 GET_UINT32_BE( X, key, 0 );
389 GET_UINT32_BE( Y, key, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390
391 /*
392 * Permuted Choice 1
393 */
394 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
395 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
396
397 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
398 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
399 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
400 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
401
402 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
403 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
404 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
405 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
406
407 X &= 0x0FFFFFFF;
408 Y &= 0x0FFFFFFF;
409
410 /*
411 * calculate subkeys
412 */
413 for( i = 0; i < 16; i++ )
414 {
415 if( i < 2 || i == 8 || i == 15 )
416 {
417 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
418 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
419 }
420 else
421 {
422 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
423 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
424 }
425
426 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
427 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
428 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
429 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
430 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
431 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
432 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
433 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
434 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
435 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
436 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
437
438 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
439 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
440 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
441 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
442 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
443 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
444 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
445 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
446 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
447 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
448 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
449 }
450}
451
452/*
453 * DES key schedule (56-bit, encryption)
454 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]455int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456{
457 des_setkey( ctx->sk, key );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]458
459 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460}
461
462/*
463 * DES key schedule (56-bit, decryption)
464 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]465int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]466{
467 int i;
468
469 des_setkey( ctx->sk, key );
470
471 for( i = 0; i < 16; i += 2 )
472 {
473 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
474 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
475 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]476
477 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]478}
479
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]480static void des3_set2key( uint32_t esk[96],
481 uint32_t dsk[96],
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]482 const unsigned char key[DES_KEY_SIZE*2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]483{
484 int i;
485
486 des_setkey( esk, key );
487 des_setkey( dsk + 32, key + 8 );
488
489 for( i = 0; i < 32; i += 2 )
490 {
491 dsk[i ] = esk[30 - i];
492 dsk[i + 1] = esk[31 - i];
493
494 esk[i + 32] = dsk[62 - i];
495 esk[i + 33] = dsk[63 - i];
496
497 esk[i + 64] = esk[i ];
498 esk[i + 65] = esk[i + 1];
499
500 dsk[i + 64] = dsk[i ];
501 dsk[i + 65] = dsk[i + 1];
502 }
503}
504
505/*
506 * Triple-DES key schedule (112-bit, encryption)
507 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]508int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]509{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]510 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]511
512 des3_set2key( ctx->sk, sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]513 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]514
515 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]516}
517
518/*
519 * Triple-DES key schedule (112-bit, decryption)
520 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]521int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]522{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]523 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]524
525 des3_set2key( sk, ctx->sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]526 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]527
528 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]529}
530
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]531static void des3_set3key( uint32_t esk[96],
532 uint32_t dsk[96],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]533 const unsigned char key[24] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]534{
535 int i;
536
537 des_setkey( esk, key );
538 des_setkey( dsk + 32, key + 8 );
539 des_setkey( esk + 64, key + 16 );
540
541 for( i = 0; i < 32; i += 2 )
542 {
543 dsk[i ] = esk[94 - i];
544 dsk[i + 1] = esk[95 - i];
545
546 esk[i + 32] = dsk[62 - i];
547 esk[i + 33] = dsk[63 - i];
548
549 dsk[i + 64] = esk[30 - i];
550 dsk[i + 65] = esk[31 - i];
551 }
552}
553
554/*
555 * Triple-DES key schedule (168-bit, encryption)
556 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]557int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]558{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]559 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]560
561 des3_set3key( ctx->sk, sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]562 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]563
564 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]565}
566
567/*
568 * Triple-DES key schedule (168-bit, decryption)
569 */
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]570int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]571{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]572 uint32_t sk[96];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]573
574 des3_set3key( sk, ctx->sk, key );
Paul Bakker312da332014-06-13 17:20:13 +0200[diff] [blame]575 polarssl_zeroize( sk, sizeof( sk ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]576
577 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]578}
579
580/*
581 * DES-ECB block encryption/decryption
582 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]583int des_crypt_ecb( des_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]584 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]585 unsigned char output[8] )
586{
587 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]588 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]589
590 SK = ctx->sk;
591
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]592 GET_UINT32_BE( X, input, 0 );
593 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]594
595 DES_IP( X, Y );
596
597 for( i = 0; i < 8; i++ )
598 {
599 DES_ROUND( Y, X );
600 DES_ROUND( X, Y );
601 }
602
603 DES_FP( Y, X );
604
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]605 PUT_UINT32_BE( Y, output, 0 );
606 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]607
608 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]609}
610
611/*
612 * DES-CBC buffer encryption/decryption
613 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]614int des_crypt_cbc( des_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]615 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]616 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]617 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]618 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]619 unsigned char *output )
620{
621 int i;
622 unsigned char temp[8];
623
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]624 if( length % 8 )
625 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
626
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]627 if( mode == DES_ENCRYPT )
628 {
629 while( length > 0 )
630 {
631 for( i = 0; i < 8; i++ )
632 output[i] = (unsigned char)( input[i] ^ iv[i] );
633
634 des_crypt_ecb( ctx, output, output );
635 memcpy( iv, output, 8 );
636
637 input += 8;
638 output += 8;
639 length -= 8;
640 }
641 }
642 else /* DES_DECRYPT */
643 {
644 while( length > 0 )
645 {
646 memcpy( temp, input, 8 );
647 des_crypt_ecb( ctx, input, output );
648
649 for( i = 0; i < 8; i++ )
650 output[i] = (unsigned char)( output[i] ^ iv[i] );
651
652 memcpy( iv, temp, 8 );
653
654 input += 8;
655 output += 8;
656 length -= 8;
657 }
658 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]659
660 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]661}
662
663/*
664 * 3DES-ECB block encryption/decryption
665 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]666int des3_crypt_ecb( des3_context *ctx,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]667 const unsigned char input[8],
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]668 unsigned char output[8] )
669{
670 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]671 uint32_t X, Y, T, *SK;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]672
673 SK = ctx->sk;
674
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]675 GET_UINT32_BE( X, input, 0 );
676 GET_UINT32_BE( Y, input, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]677
678 DES_IP( X, Y );
679
680 for( i = 0; i < 8; i++ )
681 {
682 DES_ROUND( Y, X );
683 DES_ROUND( X, Y );
684 }
685
686 for( i = 0; i < 8; i++ )
687 {
688 DES_ROUND( X, Y );
689 DES_ROUND( Y, X );
690 }
691
692 for( i = 0; i < 8; i++ )
693 {
694 DES_ROUND( Y, X );
695 DES_ROUND( X, Y );
696 }
697
698 DES_FP( Y, X );
699
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]700 PUT_UINT32_BE( Y, output, 0 );
701 PUT_UINT32_BE( X, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]702
703 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]704}
705
706/*
707 * 3DES-CBC buffer encryption/decryption
708 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]709int des3_crypt_cbc( des3_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]710 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]711 size_t length,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]712 unsigned char iv[8],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]713 const unsigned char *input,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]714 unsigned char *output )
715{
716 int i;
717 unsigned char temp[8];
718
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]719 if( length % 8 )
720 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
721
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]722 if( mode == DES_ENCRYPT )
723 {
724 while( length > 0 )
725 {
726 for( i = 0; i < 8; i++ )
727 output[i] = (unsigned char)( input[i] ^ iv[i] );
728
729 des3_crypt_ecb( ctx, output, output );
730 memcpy( iv, output, 8 );
731
732 input += 8;
733 output += 8;
734 length -= 8;
735 }
736 }
737 else /* DES_DECRYPT */
738 {
739 while( length > 0 )
740 {
741 memcpy( temp, input, 8 );
742 des3_crypt_ecb( ctx, input, output );
743
744 for( i = 0; i < 8; i++ )
745 output[i] = (unsigned char)( output[i] ^ iv[i] );
746
747 memcpy( iv, temp, 8 );
748
749 input += 8;
750 output += 8;
751 length -= 8;
752 }
753 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]754
755 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]756}
757
Paul Bakker4087c472013-06-12 16:49:10 +0200[diff] [blame]758#endif /* !POLARSSL_DES_ALT */
759
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]760#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]761
762#include <stdio.h>
763
764/*
765 * DES and 3DES test vectors from:
766 *
767 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
768 */
769static const unsigned char des3_test_keys[24] =
770{
771 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
772 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
773 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
774};
775
776static const unsigned char des3_test_iv[8] =
777{
778 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
779};
780
781static const unsigned char des3_test_buf[8] =
782{
783 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
784};
785
786static const unsigned char des3_test_ecb_dec[3][8] =
787{
788 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
789 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
790 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
791};
792
793static const unsigned char des3_test_ecb_enc[3][8] =
794{
795 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
796 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
797 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
798};
799
800static const unsigned char des3_test_cbc_dec[3][8] =
801{
802 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
803 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
804 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
805};
806
807static const unsigned char des3_test_cbc_enc[3][8] =
808{
809 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
810 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
811 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
812};
813
814/*
815 * Checkup routine
816 */
817int des_self_test( int verbose )
818{
819 int i, j, u, v;
820 des_context ctx;
821 des3_context ctx3;
822 unsigned char key[24];
823 unsigned char buf[8];
824 unsigned char prv[8];
825 unsigned char iv[8];
826
827 memset( key, 0, 24 );
828
829 /*
830 * ECB mode
831 */
832 for( i = 0; i < 6; i++ )
833 {
834 u = i >> 1;
835 v = i & 1;
836
837 if( verbose != 0 )
838 printf( " DES%c-ECB-%3d (%s): ",
839 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
840 ( v == DES_DECRYPT ) ? "dec" : "enc" );
841
842 memcpy( buf, des3_test_buf, 8 );
843
844 switch( i )
845 {
846 case 0:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]847 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]848 break;
849
850 case 1:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]851 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]852 break;
853
854 case 2:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]855 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]856 break;
857
858 case 3:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]859 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]860 break;
861
862 case 4:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]863 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]864 break;
865
866 case 5:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]867 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]868 break;
869
870 default:
871 return( 1 );
872 }
873
874 for( j = 0; j < 10000; j++ )
875 {
876 if( u == 0 )
877 des_crypt_ecb( &ctx, buf, buf );
878 else
879 des3_crypt_ecb( &ctx3, buf, buf );
880 }
881
882 if( ( v == DES_DECRYPT &&
883 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
884 ( v != DES_DECRYPT &&
885 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
886 {
887 if( verbose != 0 )
888 printf( "failed\n" );
889
890 return( 1 );
891 }
892
893 if( verbose != 0 )
894 printf( "passed\n" );
895 }
896
897 if( verbose != 0 )
898 printf( "\n" );
899
900 /*
901 * CBC mode
902 */
903 for( i = 0; i < 6; i++ )
904 {
905 u = i >> 1;
906 v = i & 1;
907
908 if( verbose != 0 )
909 printf( " DES%c-CBC-%3d (%s): ",
910 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
911 ( v == DES_DECRYPT ) ? "dec" : "enc" );
912
913 memcpy( iv, des3_test_iv, 8 );
914 memcpy( prv, des3_test_iv, 8 );
915 memcpy( buf, des3_test_buf, 8 );
916
917 switch( i )
918 {
919 case 0:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]920 des_setkey_dec( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]921 break;
922
923 case 1:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]924 des_setkey_enc( &ctx, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]925 break;
926
927 case 2:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]928 des3_set2key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]929 break;
930
931 case 3:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]932 des3_set2key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]933 break;
934
935 case 4:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]936 des3_set3key_dec( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]937 break;
938
939 case 5:
Paul Bakkereae09db2013-06-06 12:35:54 +0200[diff] [blame]940 des3_set3key_enc( &ctx3, des3_test_keys );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]941 break;
942
943 default:
944 return( 1 );
945 }
946
947 if( v == DES_DECRYPT )
948 {
949 for( j = 0; j < 10000; j++ )
950 {
951 if( u == 0 )
952 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
953 else
954 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
955 }
956 }
957 else
958 {
959 for( j = 0; j < 10000; j++ )
960 {
961 unsigned char tmp[8];
962
963 if( u == 0 )
964 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
965 else
966 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
967
968 memcpy( tmp, prv, 8 );
969 memcpy( prv, buf, 8 );
970 memcpy( buf, tmp, 8 );
971 }
972
973 memcpy( buf, prv, 8 );
974 }
975
976 if( ( v == DES_DECRYPT &&
977 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
978 ( v != DES_DECRYPT &&
979 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
980 {
981 if( verbose != 0 )
982 printf( "failed\n" );
983
984 return( 1 );
985 }
986
987 if( verbose != 0 )
988 printf( "passed\n" );
989 }
990
991 if( verbose != 0 )
992 printf( "\n" );
993
994 return( 0 );
995}
996
997#endif
998
999#endif