PolarSSL v1.3.2
des.c
Go to the documentation of this file.
1 /*
2  * FIPS-46-3 compliant Triple-DES implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * DES, on which TDES is based, was originally designed by Horst Feistel
27  * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28  *
29  * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_DES_C)
35 
36 #include "polarssl/des.h"
37 
38 #if !defined(POLARSSL_DES_ALT)
39 
40 /*
41  * 32-bit integer manipulation macros (big endian)
42  */
43 #ifndef GET_UINT32_BE
44 #define GET_UINT32_BE(n,b,i) \
45 { \
46  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49  | ( (uint32_t) (b)[(i) + 3] ); \
50 }
51 #endif
52 
53 #ifndef PUT_UINT32_BE
54 #define PUT_UINT32_BE(n,b,i) \
55 { \
56  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59  (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 }
61 #endif
62 
63 /*
64  * Expanded DES S-boxes
65  */
66 static const uint32_t SB1[64] =
67 {
68  0x01010400, 0x00000000, 0x00010000, 0x01010404,
69  0x01010004, 0x00010404, 0x00000004, 0x00010000,
70  0x00000400, 0x01010400, 0x01010404, 0x00000400,
71  0x01000404, 0x01010004, 0x01000000, 0x00000004,
72  0x00000404, 0x01000400, 0x01000400, 0x00010400,
73  0x00010400, 0x01010000, 0x01010000, 0x01000404,
74  0x00010004, 0x01000004, 0x01000004, 0x00010004,
75  0x00000000, 0x00000404, 0x00010404, 0x01000000,
76  0x00010000, 0x01010404, 0x00000004, 0x01010000,
77  0x01010400, 0x01000000, 0x01000000, 0x00000400,
78  0x01010004, 0x00010000, 0x00010400, 0x01000004,
79  0x00000400, 0x00000004, 0x01000404, 0x00010404,
80  0x01010404, 0x00010004, 0x01010000, 0x01000404,
81  0x01000004, 0x00000404, 0x00010404, 0x01010400,
82  0x00000404, 0x01000400, 0x01000400, 0x00000000,
83  0x00010004, 0x00010400, 0x00000000, 0x01010004
84 };
85 
86 static const uint32_t SB2[64] =
87 {
88  0x80108020, 0x80008000, 0x00008000, 0x00108020,
89  0x00100000, 0x00000020, 0x80100020, 0x80008020,
90  0x80000020, 0x80108020, 0x80108000, 0x80000000,
91  0x80008000, 0x00100000, 0x00000020, 0x80100020,
92  0x00108000, 0x00100020, 0x80008020, 0x00000000,
93  0x80000000, 0x00008000, 0x00108020, 0x80100000,
94  0x00100020, 0x80000020, 0x00000000, 0x00108000,
95  0x00008020, 0x80108000, 0x80100000, 0x00008020,
96  0x00000000, 0x00108020, 0x80100020, 0x00100000,
97  0x80008020, 0x80100000, 0x80108000, 0x00008000,
98  0x80100000, 0x80008000, 0x00000020, 0x80108020,
99  0x00108020, 0x00000020, 0x00008000, 0x80000000,
100  0x00008020, 0x80108000, 0x00100000, 0x80000020,
101  0x00100020, 0x80008020, 0x80000020, 0x00100020,
102  0x00108000, 0x00000000, 0x80008000, 0x00008020,
103  0x80000000, 0x80100020, 0x80108020, 0x00108000
104 };
105 
106 static const uint32_t SB3[64] =
107 {
108  0x00000208, 0x08020200, 0x00000000, 0x08020008,
109  0x08000200, 0x00000000, 0x00020208, 0x08000200,
110  0x00020008, 0x08000008, 0x08000008, 0x00020000,
111  0x08020208, 0x00020008, 0x08020000, 0x00000208,
112  0x08000000, 0x00000008, 0x08020200, 0x00000200,
113  0x00020200, 0x08020000, 0x08020008, 0x00020208,
114  0x08000208, 0x00020200, 0x00020000, 0x08000208,
115  0x00000008, 0x08020208, 0x00000200, 0x08000000,
116  0x08020200, 0x08000000, 0x00020008, 0x00000208,
117  0x00020000, 0x08020200, 0x08000200, 0x00000000,
118  0x00000200, 0x00020008, 0x08020208, 0x08000200,
119  0x08000008, 0x00000200, 0x00000000, 0x08020008,
120  0x08000208, 0x00020000, 0x08000000, 0x08020208,
121  0x00000008, 0x00020208, 0x00020200, 0x08000008,
122  0x08020000, 0x08000208, 0x00000208, 0x08020000,
123  0x00020208, 0x00000008, 0x08020008, 0x00020200
124 };
125 
126 static const uint32_t SB4[64] =
127 {
128  0x00802001, 0x00002081, 0x00002081, 0x00000080,
129  0x00802080, 0x00800081, 0x00800001, 0x00002001,
130  0x00000000, 0x00802000, 0x00802000, 0x00802081,
131  0x00000081, 0x00000000, 0x00800080, 0x00800001,
132  0x00000001, 0x00002000, 0x00800000, 0x00802001,
133  0x00000080, 0x00800000, 0x00002001, 0x00002080,
134  0x00800081, 0x00000001, 0x00002080, 0x00800080,
135  0x00002000, 0x00802080, 0x00802081, 0x00000081,
136  0x00800080, 0x00800001, 0x00802000, 0x00802081,
137  0x00000081, 0x00000000, 0x00000000, 0x00802000,
138  0x00002080, 0x00800080, 0x00800081, 0x00000001,
139  0x00802001, 0x00002081, 0x00002081, 0x00000080,
140  0x00802081, 0x00000081, 0x00000001, 0x00002000,
141  0x00800001, 0x00002001, 0x00802080, 0x00800081,
142  0x00002001, 0x00002080, 0x00800000, 0x00802001,
143  0x00000080, 0x00800000, 0x00002000, 0x00802080
144 };
145 
146 static const uint32_t SB5[64] =
147 {
148  0x00000100, 0x02080100, 0x02080000, 0x42000100,
149  0x00080000, 0x00000100, 0x40000000, 0x02080000,
150  0x40080100, 0x00080000, 0x02000100, 0x40080100,
151  0x42000100, 0x42080000, 0x00080100, 0x40000000,
152  0x02000000, 0x40080000, 0x40080000, 0x00000000,
153  0x40000100, 0x42080100, 0x42080100, 0x02000100,
154  0x42080000, 0x40000100, 0x00000000, 0x42000000,
155  0x02080100, 0x02000000, 0x42000000, 0x00080100,
156  0x00080000, 0x42000100, 0x00000100, 0x02000000,
157  0x40000000, 0x02080000, 0x42000100, 0x40080100,
158  0x02000100, 0x40000000, 0x42080000, 0x02080100,
159  0x40080100, 0x00000100, 0x02000000, 0x42080000,
160  0x42080100, 0x00080100, 0x42000000, 0x42080100,
161  0x02080000, 0x00000000, 0x40080000, 0x42000000,
162  0x00080100, 0x02000100, 0x40000100, 0x00080000,
163  0x00000000, 0x40080000, 0x02080100, 0x40000100
164 };
165 
166 static const uint32_t SB6[64] =
167 {
168  0x20000010, 0x20400000, 0x00004000, 0x20404010,
169  0x20400000, 0x00000010, 0x20404010, 0x00400000,
170  0x20004000, 0x00404010, 0x00400000, 0x20000010,
171  0x00400010, 0x20004000, 0x20000000, 0x00004010,
172  0x00000000, 0x00400010, 0x20004010, 0x00004000,
173  0x00404000, 0x20004010, 0x00000010, 0x20400010,
174  0x20400010, 0x00000000, 0x00404010, 0x20404000,
175  0x00004010, 0x00404000, 0x20404000, 0x20000000,
176  0x20004000, 0x00000010, 0x20400010, 0x00404000,
177  0x20404010, 0x00400000, 0x00004010, 0x20000010,
178  0x00400000, 0x20004000, 0x20000000, 0x00004010,
179  0x20000010, 0x20404010, 0x00404000, 0x20400000,
180  0x00404010, 0x20404000, 0x00000000, 0x20400010,
181  0x00000010, 0x00004000, 0x20400000, 0x00404010,
182  0x00004000, 0x00400010, 0x20004010, 0x00000000,
183  0x20404000, 0x20000000, 0x00400010, 0x20004010
184 };
185 
186 static const uint32_t SB7[64] =
187 {
188  0x00200000, 0x04200002, 0x04000802, 0x00000000,
189  0x00000800, 0x04000802, 0x00200802, 0x04200800,
190  0x04200802, 0x00200000, 0x00000000, 0x04000002,
191  0x00000002, 0x04000000, 0x04200002, 0x00000802,
192  0x04000800, 0x00200802, 0x00200002, 0x04000800,
193  0x04000002, 0x04200000, 0x04200800, 0x00200002,
194  0x04200000, 0x00000800, 0x00000802, 0x04200802,
195  0x00200800, 0x00000002, 0x04000000, 0x00200800,
196  0x04000000, 0x00200800, 0x00200000, 0x04000802,
197  0x04000802, 0x04200002, 0x04200002, 0x00000002,
198  0x00200002, 0x04000000, 0x04000800, 0x00200000,
199  0x04200800, 0x00000802, 0x00200802, 0x04200800,
200  0x00000802, 0x04000002, 0x04200802, 0x04200000,
201  0x00200800, 0x00000000, 0x00000002, 0x04200802,
202  0x00000000, 0x00200802, 0x04200000, 0x00000800,
203  0x04000002, 0x04000800, 0x00000800, 0x00200002
204 };
205 
206 static const uint32_t SB8[64] =
207 {
208  0x10001040, 0x00001000, 0x00040000, 0x10041040,
209  0x10000000, 0x10001040, 0x00000040, 0x10000000,
210  0x00040040, 0x10040000, 0x10041040, 0x00041000,
211  0x10041000, 0x00041040, 0x00001000, 0x00000040,
212  0x10040000, 0x10000040, 0x10001000, 0x00001040,
213  0x00041000, 0x00040040, 0x10040040, 0x10041000,
214  0x00001040, 0x00000000, 0x00000000, 0x10040040,
215  0x10000040, 0x10001000, 0x00041040, 0x00040000,
216  0x00041040, 0x00040000, 0x10041000, 0x00001000,
217  0x00000040, 0x10040040, 0x00001000, 0x00041040,
218  0x10001000, 0x00000040, 0x10000040, 0x10040000,
219  0x10040040, 0x10000000, 0x00040000, 0x10001040,
220  0x00000000, 0x10041040, 0x00040040, 0x10000040,
221  0x10040000, 0x10001000, 0x10001040, 0x00000000,
222  0x10041040, 0x00041000, 0x00041000, 0x00001040,
223  0x00001040, 0x00040040, 0x10000000, 0x10041000
224 };
225 
226 /*
227  * PC1: left and right halves bit-swap
228  */
229 static const uint32_t LHs[16] =
230 {
231  0x00000000, 0x00000001, 0x00000100, 0x00000101,
232  0x00010000, 0x00010001, 0x00010100, 0x00010101,
233  0x01000000, 0x01000001, 0x01000100, 0x01000101,
234  0x01010000, 0x01010001, 0x01010100, 0x01010101
235 };
236 
237 static const uint32_t RHs[16] =
238 {
239  0x00000000, 0x01000000, 0x00010000, 0x01010000,
240  0x00000100, 0x01000100, 0x00010100, 0x01010100,
241  0x00000001, 0x01000001, 0x00010001, 0x01010001,
242  0x00000101, 0x01000101, 0x00010101, 0x01010101,
243 };
244 
245 /*
246  * Initial Permutation macro
247  */
248 #define DES_IP(X,Y) \
249 { \
250  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254  Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255  T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256  X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257 }
258 
259 /*
260  * Final Permutation macro
261  */
262 #define DES_FP(X,Y) \
263 { \
264  X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265  T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266  Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271 }
272 
273 /*
274  * DES round macro
275  */
276 #define DES_ROUND(X,Y) \
277 { \
278  T = *SK++ ^ X; \
279  Y ^= SB8[ (T ) & 0x3F ] ^ \
280  SB6[ (T >> 8) & 0x3F ] ^ \
281  SB4[ (T >> 16) & 0x3F ] ^ \
282  SB2[ (T >> 24) & 0x3F ]; \
283  \
284  T = *SK++ ^ ((X << 28) | (X >> 4)); \
285  Y ^= SB7[ (T ) & 0x3F ] ^ \
286  SB5[ (T >> 8) & 0x3F ] ^ \
287  SB3[ (T >> 16) & 0x3F ] ^ \
288  SB1[ (T >> 24) & 0x3F ]; \
289 }
290 
291 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
292 
293 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
294  11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
295  47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
296  82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
297  115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
298  143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
299  171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
300  199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
301  227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
302  254 };
303 
304 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
305 {
306  int i;
307 
308  for( i = 0; i < DES_KEY_SIZE; i++ )
309  key[i] = odd_parity_table[key[i] / 2];
310 }
311 
312 /*
313  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
314  */
315 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
316 {
317  int i;
318 
319  for( i = 0; i < DES_KEY_SIZE; i++ )
320  if ( key[i] != odd_parity_table[key[i] / 2] )
321  return( 1 );
322 
323  return( 0 );
324 }
325 
326 /*
327  * Table of weak and semi-weak keys
328  *
329  * Source: http://en.wikipedia.org/wiki/Weak_key
330  *
331  * Weak:
332  * Alternating ones + zeros (0x0101010101010101)
333  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
334  * '0xE0E0E0E0F1F1F1F1'
335  * '0x1F1F1F1F0E0E0E0E'
336  *
337  * Semi-weak:
338  * 0x011F011F010E010E and 0x1F011F010E010E01
339  * 0x01E001E001F101F1 and 0xE001E001F101F101
340  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
341  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
342  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
343  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
344  *
345  */
346 
347 #define WEAK_KEY_COUNT 16
348 
349 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
350 {
351  { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
352  { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
353  { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
354  { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
355 
356  { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
357  { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
358  { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
359  { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
360  { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
361  { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
362  { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
363  { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
364  { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
365  { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
366  { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
367  { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
368 };
369 
370 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
371 {
372  int i;
373 
374  for( i = 0; i < WEAK_KEY_COUNT; i++ )
375  if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
376  return( 1 );
377 
378  return( 0 );
379 }
380 
381 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
382 {
383  int i;
384  uint32_t X, Y, T;
385 
386  GET_UINT32_BE( X, key, 0 );
387  GET_UINT32_BE( Y, key, 4 );
388 
389  /*
390  * Permuted Choice 1
391  */
392  T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
393  T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
394 
395  X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
396  | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
397  | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
398  | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
399 
400  Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
401  | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
402  | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
403  | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
404 
405  X &= 0x0FFFFFFF;
406  Y &= 0x0FFFFFFF;
407 
408  /*
409  * calculate subkeys
410  */
411  for( i = 0; i < 16; i++ )
412  {
413  if( i < 2 || i == 8 || i == 15 )
414  {
415  X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
416  Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
417  }
418  else
419  {
420  X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
421  Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
422  }
423 
424  *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
425  | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
426  | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
427  | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
428  | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
429  | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
430  | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
431  | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
432  | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
433  | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
434  | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
435 
436  *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
437  | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
438  | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
439  | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
440  | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
441  | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
442  | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
443  | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
444  | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
445  | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
446  | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
447  }
448 }
449 
450 /*
451  * DES key schedule (56-bit, encryption)
452  */
453 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
454 {
455  des_setkey( ctx->sk, key );
456 
457  return( 0 );
458 }
459 
460 /*
461  * DES key schedule (56-bit, decryption)
462  */
463 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
464 {
465  int i;
466 
467  des_setkey( ctx->sk, key );
468 
469  for( i = 0; i < 16; i += 2 )
470  {
471  SWAP( ctx->sk[i ], ctx->sk[30 - i] );
472  SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
473  }
474 
475  return( 0 );
476 }
477 
478 static void des3_set2key( uint32_t esk[96],
479  uint32_t dsk[96],
480  const unsigned char key[DES_KEY_SIZE*2] )
481 {
482  int i;
483 
484  des_setkey( esk, key );
485  des_setkey( dsk + 32, key + 8 );
486 
487  for( i = 0; i < 32; i += 2 )
488  {
489  dsk[i ] = esk[30 - i];
490  dsk[i + 1] = esk[31 - i];
491 
492  esk[i + 32] = dsk[62 - i];
493  esk[i + 33] = dsk[63 - i];
494 
495  esk[i + 64] = esk[i ];
496  esk[i + 65] = esk[i + 1];
497 
498  dsk[i + 64] = dsk[i ];
499  dsk[i + 65] = dsk[i + 1];
500  }
501 }
502 
503 /*
504  * Triple-DES key schedule (112-bit, encryption)
505  */
506 int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
507 {
508  uint32_t sk[96];
509 
510  des3_set2key( ctx->sk, sk, key );
511  memset( sk, 0, sizeof( sk ) );
512 
513  return( 0 );
514 }
515 
516 /*
517  * Triple-DES key schedule (112-bit, decryption)
518  */
519 int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
520 {
521  uint32_t sk[96];
522 
523  des3_set2key( sk, ctx->sk, key );
524  memset( sk, 0, sizeof( sk ) );
525 
526  return( 0 );
527 }
528 
529 static void des3_set3key( uint32_t esk[96],
530  uint32_t dsk[96],
531  const unsigned char key[24] )
532 {
533  int i;
534 
535  des_setkey( esk, key );
536  des_setkey( dsk + 32, key + 8 );
537  des_setkey( esk + 64, key + 16 );
538 
539  for( i = 0; i < 32; i += 2 )
540  {
541  dsk[i ] = esk[94 - i];
542  dsk[i + 1] = esk[95 - i];
543 
544  esk[i + 32] = dsk[62 - i];
545  esk[i + 33] = dsk[63 - i];
546 
547  dsk[i + 64] = esk[30 - i];
548  dsk[i + 65] = esk[31 - i];
549  }
550 }
551 
552 /*
553  * Triple-DES key schedule (168-bit, encryption)
554  */
555 int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
556 {
557  uint32_t sk[96];
558 
559  des3_set3key( ctx->sk, sk, key );
560  memset( sk, 0, sizeof( sk ) );
561 
562  return( 0 );
563 }
564 
565 /*
566  * Triple-DES key schedule (168-bit, decryption)
567  */
568 int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
569 {
570  uint32_t sk[96];
571 
572  des3_set3key( sk, ctx->sk, key );
573  memset( sk, 0, sizeof( sk ) );
574 
575  return( 0 );
576 }
577 
578 /*
579  * DES-ECB block encryption/decryption
580  */
581 int des_crypt_ecb( des_context *ctx,
582  const unsigned char input[8],
583  unsigned char output[8] )
584 {
585  int i;
586  uint32_t X, Y, T, *SK;
587 
588  SK = ctx->sk;
589 
590  GET_UINT32_BE( X, input, 0 );
591  GET_UINT32_BE( Y, input, 4 );
592 
593  DES_IP( X, Y );
594 
595  for( i = 0; i < 8; i++ )
596  {
597  DES_ROUND( Y, X );
598  DES_ROUND( X, Y );
599  }
600 
601  DES_FP( Y, X );
602 
603  PUT_UINT32_BE( Y, output, 0 );
604  PUT_UINT32_BE( X, output, 4 );
605 
606  return( 0 );
607 }
608 
609 #if defined(POLARSSL_CIPHER_MODE_CBC)
610 /*
611  * DES-CBC buffer encryption/decryption
612  */
613 int des_crypt_cbc( des_context *ctx,
614  int mode,
615  size_t length,
616  unsigned char iv[8],
617  const unsigned char *input,
618  unsigned char *output )
619 {
620  int i;
621  unsigned char temp[8];
622 
623  if( length % 8 )
625 
626  if( mode == DES_ENCRYPT )
627  {
628  while( length > 0 )
629  {
630  for( i = 0; i < 8; i++ )
631  output[i] = (unsigned char)( input[i] ^ iv[i] );
632 
633  des_crypt_ecb( ctx, output, output );
634  memcpy( iv, output, 8 );
635 
636  input += 8;
637  output += 8;
638  length -= 8;
639  }
640  }
641  else /* DES_DECRYPT */
642  {
643  while( length > 0 )
644  {
645  memcpy( temp, input, 8 );
646  des_crypt_ecb( ctx, input, output );
647 
648  for( i = 0; i < 8; i++ )
649  output[i] = (unsigned char)( output[i] ^ iv[i] );
650 
651  memcpy( iv, temp, 8 );
652 
653  input += 8;
654  output += 8;
655  length -= 8;
656  }
657  }
658 
659  return( 0 );
660 }
661 #endif /* POLARSSL_CIPHER_MODE_CBC */
662 
663 /*
664  * 3DES-ECB block encryption/decryption
665  */
666 int des3_crypt_ecb( des3_context *ctx,
667  const unsigned char input[8],
668  unsigned char output[8] )
669 {
670  int i;
671  uint32_t X, Y, T, *SK;
672 
673  SK = ctx->sk;
674 
675  GET_UINT32_BE( X, input, 0 );
676  GET_UINT32_BE( Y, input, 4 );
677 
678  DES_IP( X, Y );
679 
680  for( i = 0; i < 8; i++ )
681  {
682  DES_ROUND( Y, X );
683  DES_ROUND( X, Y );
684  }
685 
686  for( i = 0; i < 8; i++ )
687  {
688  DES_ROUND( X, Y );
689  DES_ROUND( Y, X );
690  }
691 
692  for( i = 0; i < 8; i++ )
693  {
694  DES_ROUND( Y, X );
695  DES_ROUND( X, Y );
696  }
697 
698  DES_FP( Y, X );
699 
700  PUT_UINT32_BE( Y, output, 0 );
701  PUT_UINT32_BE( X, output, 4 );
702 
703  return( 0 );
704 }
705 
706 #if defined(POLARSSL_CIPHER_MODE_CBC)
707 /*
708  * 3DES-CBC buffer encryption/decryption
709  */
710 int des3_crypt_cbc( des3_context *ctx,
711  int mode,
712  size_t length,
713  unsigned char iv[8],
714  const unsigned char *input,
715  unsigned char *output )
716 {
717  int i;
718  unsigned char temp[8];
719 
720  if( length % 8 )
722 
723  if( mode == DES_ENCRYPT )
724  {
725  while( length > 0 )
726  {
727  for( i = 0; i < 8; i++ )
728  output[i] = (unsigned char)( input[i] ^ iv[i] );
729 
730  des3_crypt_ecb( ctx, output, output );
731  memcpy( iv, output, 8 );
732 
733  input += 8;
734  output += 8;
735  length -= 8;
736  }
737  }
738  else /* DES_DECRYPT */
739  {
740  while( length > 0 )
741  {
742  memcpy( temp, input, 8 );
743  des3_crypt_ecb( ctx, input, output );
744 
745  for( i = 0; i < 8; i++ )
746  output[i] = (unsigned char)( output[i] ^ iv[i] );
747 
748  memcpy( iv, temp, 8 );
749 
750  input += 8;
751  output += 8;
752  length -= 8;
753  }
754  }
755 
756  return( 0 );
757 }
758 #endif /* POLARSSL_CIPHER_MODE_CBC */
759 
760 #endif /* !POLARSSL_DES_ALT */
761 
762 #if defined(POLARSSL_SELF_TEST)
763 
764 #include <stdio.h>
765 
766 /*
767  * DES and 3DES test vectors from:
768  *
769  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
770  */
771 static const unsigned char des3_test_keys[24] =
772 {
773  0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
774  0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
775  0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
776 };
777 
778 static const unsigned char des3_test_iv[8] =
779 {
780  0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
781 };
782 
783 static const unsigned char des3_test_buf[8] =
784 {
785  0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
786 };
787 
788 static const unsigned char des3_test_ecb_dec[3][8] =
789 {
790  { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
791  { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
792  { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
793 };
794 
795 static const unsigned char des3_test_ecb_enc[3][8] =
796 {
797  { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
798  { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
799  { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
800 };
801 
802 static const unsigned char des3_test_cbc_dec[3][8] =
803 {
804  { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
805  { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
806  { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
807 };
808 
809 static const unsigned char des3_test_cbc_enc[3][8] =
810 {
811  { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
812  { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
813  { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
814 };
815 
816 /*
817  * Checkup routine
818  */
819 int des_self_test( int verbose )
820 {
821  int i, j, u, v;
822  des_context ctx;
823  des3_context ctx3;
824  unsigned char key[24];
825  unsigned char buf[8];
826 #if defined(POLARSSL_CIPHER_MODE_CBC)
827  unsigned char prv[8];
828  unsigned char iv[8];
829 #endif
830 
831  memset( key, 0, 24 );
832 
833  /*
834  * ECB mode
835  */
836  for( i = 0; i < 6; i++ )
837  {
838  u = i >> 1;
839  v = i & 1;
840 
841  if( verbose != 0 )
842  printf( " DES%c-ECB-%3d (%s): ",
843  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
844  ( v == DES_DECRYPT ) ? "dec" : "enc" );
845 
846  memcpy( buf, des3_test_buf, 8 );
847 
848  switch( i )
849  {
850  case 0:
851  des_setkey_dec( &ctx, des3_test_keys );
852  break;
853 
854  case 1:
855  des_setkey_enc( &ctx, des3_test_keys );
856  break;
857 
858  case 2:
859  des3_set2key_dec( &ctx3, des3_test_keys );
860  break;
861 
862  case 3:
863  des3_set2key_enc( &ctx3, des3_test_keys );
864  break;
865 
866  case 4:
867  des3_set3key_dec( &ctx3, des3_test_keys );
868  break;
869 
870  case 5:
871  des3_set3key_enc( &ctx3, des3_test_keys );
872  break;
873 
874  default:
875  return( 1 );
876  }
877 
878  for( j = 0; j < 10000; j++ )
879  {
880  if( u == 0 )
881  des_crypt_ecb( &ctx, buf, buf );
882  else
883  des3_crypt_ecb( &ctx3, buf, buf );
884  }
885 
886  if( ( v == DES_DECRYPT &&
887  memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
888  ( v != DES_DECRYPT &&
889  memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
890  {
891  if( verbose != 0 )
892  printf( "failed\n" );
893 
894  return( 1 );
895  }
896 
897  if( verbose != 0 )
898  printf( "passed\n" );
899  }
900 
901  if( verbose != 0 )
902  printf( "\n" );
903 
904 #if defined(POLARSSL_CIPHER_MODE_CBC)
905  /*
906  * CBC mode
907  */
908  for( i = 0; i < 6; i++ )
909  {
910  u = i >> 1;
911  v = i & 1;
912 
913  if( verbose != 0 )
914  printf( " DES%c-CBC-%3d (%s): ",
915  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
916  ( v == DES_DECRYPT ) ? "dec" : "enc" );
917 
918  memcpy( iv, des3_test_iv, 8 );
919  memcpy( prv, des3_test_iv, 8 );
920  memcpy( buf, des3_test_buf, 8 );
921 
922  switch( i )
923  {
924  case 0:
925  des_setkey_dec( &ctx, des3_test_keys );
926  break;
927 
928  case 1:
929  des_setkey_enc( &ctx, des3_test_keys );
930  break;
931 
932  case 2:
933  des3_set2key_dec( &ctx3, des3_test_keys );
934  break;
935 
936  case 3:
937  des3_set2key_enc( &ctx3, des3_test_keys );
938  break;
939 
940  case 4:
941  des3_set3key_dec( &ctx3, des3_test_keys );
942  break;
943 
944  case 5:
945  des3_set3key_enc( &ctx3, des3_test_keys );
946  break;
947 
948  default:
949  return( 1 );
950  }
951 
952  if( v == DES_DECRYPT )
953  {
954  for( j = 0; j < 10000; j++ )
955  {
956  if( u == 0 )
957  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
958  else
959  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
960  }
961  }
962  else
963  {
964  for( j = 0; j < 10000; j++ )
965  {
966  unsigned char tmp[8];
967 
968  if( u == 0 )
969  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
970  else
971  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
972 
973  memcpy( tmp, prv, 8 );
974  memcpy( prv, buf, 8 );
975  memcpy( buf, tmp, 8 );
976  }
977 
978  memcpy( buf, prv, 8 );
979  }
980 
981  if( ( v == DES_DECRYPT &&
982  memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
983  ( v != DES_DECRYPT &&
984  memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
985  {
986  if( verbose != 0 )
987  printf( "failed\n" );
988 
989  return( 1 );
990  }
991 
992  if( verbose != 0 )
993  printf( "passed\n" );
994  }
995 #endif /* POLARSSL_CIPHER_MODE_CBC */
996 
997  if( verbose != 0 )
998  printf( "\n" );
999 
1000  return( 0 );
1001 }
1002 
1003 #endif
1004 
1005 #endif
#define DES_ENCRYPT
Definition: des.h:41
int des_self_test(int verbose)
Checkup routine.
int des_crypt_ecb(des_context *ctx, const unsigned char input[8], unsigned char output[8])
DES-ECB block encryption/decryption.
Configuration options (set of defines)
DES context structure.
Definition: des.h:59
int des3_set3key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, encryption)
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
#define PUT_UINT32_BE(n, b, i)
Triple-DES context structure.
Definition: des.h:69
int des3_set2key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, encryption)
uint32_t sk[32]
Definition: des.h:62
void des_key_set_parity(unsigned char key[DES_KEY_SIZE])
Set key parity on the given key to odd.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
uint32_t sk[96]
Definition: des.h:72
DES block cipher.
int des_setkey_enc(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, encryption)
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
#define DES_DECRYPT
Definition: des.h:42
#define GET_UINT32_BE(n, b, i)
int des3_crypt_ecb(des3_context *ctx, const unsigned char input[8], unsigned char output[8])
3DES-ECB block encryption/decryption
int des_key_check_weak(const unsigned char key[DES_KEY_SIZE])
Check that key is not a weak or semi-weak DES key.
#define DES_KEY_SIZE
Definition: des.h:46
int des_key_check_key_parity(const unsigned char key[DES_KEY_SIZE])
Check that key parity on the given key is odd.
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
The data input has an invalid length.
Definition: des.h:44
int des3_set2key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, decryption)
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption