PolarSSL v1.2.9
des.c
Go to the documentation of this file.
1 /*
2  * FIPS-46-3 compliant Triple-DES implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * DES, on which TDES is based, was originally designed by Horst Feistel
27  * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28  *
29  * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_DES_C)
35 
36 #include "polarssl/des.h"
37 
38 #if !defined(POLARSSL_DES_ALT)
39 
40 /*
41  * 32-bit integer manipulation macros (big endian)
42  */
43 #ifndef GET_UINT32_BE
44 #define GET_UINT32_BE(n,b,i) \
45 { \
46  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49  | ( (uint32_t) (b)[(i) + 3] ); \
50 }
51 #endif
52 
53 #ifndef PUT_UINT32_BE
54 #define PUT_UINT32_BE(n,b,i) \
55 { \
56  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59  (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 }
61 #endif
62 
63 /*
64  * Expanded DES S-boxes
65  */
66 static const uint32_t SB1[64] =
67 {
68  0x01010400, 0x00000000, 0x00010000, 0x01010404,
69  0x01010004, 0x00010404, 0x00000004, 0x00010000,
70  0x00000400, 0x01010400, 0x01010404, 0x00000400,
71  0x01000404, 0x01010004, 0x01000000, 0x00000004,
72  0x00000404, 0x01000400, 0x01000400, 0x00010400,
73  0x00010400, 0x01010000, 0x01010000, 0x01000404,
74  0x00010004, 0x01000004, 0x01000004, 0x00010004,
75  0x00000000, 0x00000404, 0x00010404, 0x01000000,
76  0x00010000, 0x01010404, 0x00000004, 0x01010000,
77  0x01010400, 0x01000000, 0x01000000, 0x00000400,
78  0x01010004, 0x00010000, 0x00010400, 0x01000004,
79  0x00000400, 0x00000004, 0x01000404, 0x00010404,
80  0x01010404, 0x00010004, 0x01010000, 0x01000404,
81  0x01000004, 0x00000404, 0x00010404, 0x01010400,
82  0x00000404, 0x01000400, 0x01000400, 0x00000000,
83  0x00010004, 0x00010400, 0x00000000, 0x01010004
84 };
85 
86 static const uint32_t SB2[64] =
87 {
88  0x80108020, 0x80008000, 0x00008000, 0x00108020,
89  0x00100000, 0x00000020, 0x80100020, 0x80008020,
90  0x80000020, 0x80108020, 0x80108000, 0x80000000,
91  0x80008000, 0x00100000, 0x00000020, 0x80100020,
92  0x00108000, 0x00100020, 0x80008020, 0x00000000,
93  0x80000000, 0x00008000, 0x00108020, 0x80100000,
94  0x00100020, 0x80000020, 0x00000000, 0x00108000,
95  0x00008020, 0x80108000, 0x80100000, 0x00008020,
96  0x00000000, 0x00108020, 0x80100020, 0x00100000,
97  0x80008020, 0x80100000, 0x80108000, 0x00008000,
98  0x80100000, 0x80008000, 0x00000020, 0x80108020,
99  0x00108020, 0x00000020, 0x00008000, 0x80000000,
100  0x00008020, 0x80108000, 0x00100000, 0x80000020,
101  0x00100020, 0x80008020, 0x80000020, 0x00100020,
102  0x00108000, 0x00000000, 0x80008000, 0x00008020,
103  0x80000000, 0x80100020, 0x80108020, 0x00108000
104 };
105 
106 static const uint32_t SB3[64] =
107 {
108  0x00000208, 0x08020200, 0x00000000, 0x08020008,
109  0x08000200, 0x00000000, 0x00020208, 0x08000200,
110  0x00020008, 0x08000008, 0x08000008, 0x00020000,
111  0x08020208, 0x00020008, 0x08020000, 0x00000208,
112  0x08000000, 0x00000008, 0x08020200, 0x00000200,
113  0x00020200, 0x08020000, 0x08020008, 0x00020208,
114  0x08000208, 0x00020200, 0x00020000, 0x08000208,
115  0x00000008, 0x08020208, 0x00000200, 0x08000000,
116  0x08020200, 0x08000000, 0x00020008, 0x00000208,
117  0x00020000, 0x08020200, 0x08000200, 0x00000000,
118  0x00000200, 0x00020008, 0x08020208, 0x08000200,
119  0x08000008, 0x00000200, 0x00000000, 0x08020008,
120  0x08000208, 0x00020000, 0x08000000, 0x08020208,
121  0x00000008, 0x00020208, 0x00020200, 0x08000008,
122  0x08020000, 0x08000208, 0x00000208, 0x08020000,
123  0x00020208, 0x00000008, 0x08020008, 0x00020200
124 };
125 
126 static const uint32_t SB4[64] =
127 {
128  0x00802001, 0x00002081, 0x00002081, 0x00000080,
129  0x00802080, 0x00800081, 0x00800001, 0x00002001,
130  0x00000000, 0x00802000, 0x00802000, 0x00802081,
131  0x00000081, 0x00000000, 0x00800080, 0x00800001,
132  0x00000001, 0x00002000, 0x00800000, 0x00802001,
133  0x00000080, 0x00800000, 0x00002001, 0x00002080,
134  0x00800081, 0x00000001, 0x00002080, 0x00800080,
135  0x00002000, 0x00802080, 0x00802081, 0x00000081,
136  0x00800080, 0x00800001, 0x00802000, 0x00802081,
137  0x00000081, 0x00000000, 0x00000000, 0x00802000,
138  0x00002080, 0x00800080, 0x00800081, 0x00000001,
139  0x00802001, 0x00002081, 0x00002081, 0x00000080,
140  0x00802081, 0x00000081, 0x00000001, 0x00002000,
141  0x00800001, 0x00002001, 0x00802080, 0x00800081,
142  0x00002001, 0x00002080, 0x00800000, 0x00802001,
143  0x00000080, 0x00800000, 0x00002000, 0x00802080
144 };
145 
146 static const uint32_t SB5[64] =
147 {
148  0x00000100, 0x02080100, 0x02080000, 0x42000100,
149  0x00080000, 0x00000100, 0x40000000, 0x02080000,
150  0x40080100, 0x00080000, 0x02000100, 0x40080100,
151  0x42000100, 0x42080000, 0x00080100, 0x40000000,
152  0x02000000, 0x40080000, 0x40080000, 0x00000000,
153  0x40000100, 0x42080100, 0x42080100, 0x02000100,
154  0x42080000, 0x40000100, 0x00000000, 0x42000000,
155  0x02080100, 0x02000000, 0x42000000, 0x00080100,
156  0x00080000, 0x42000100, 0x00000100, 0x02000000,
157  0x40000000, 0x02080000, 0x42000100, 0x40080100,
158  0x02000100, 0x40000000, 0x42080000, 0x02080100,
159  0x40080100, 0x00000100, 0x02000000, 0x42080000,
160  0x42080100, 0x00080100, 0x42000000, 0x42080100,
161  0x02080000, 0x00000000, 0x40080000, 0x42000000,
162  0x00080100, 0x02000100, 0x40000100, 0x00080000,
163  0x00000000, 0x40080000, 0x02080100, 0x40000100
164 };
165 
166 static const uint32_t SB6[64] =
167 {
168  0x20000010, 0x20400000, 0x00004000, 0x20404010,
169  0x20400000, 0x00000010, 0x20404010, 0x00400000,
170  0x20004000, 0x00404010, 0x00400000, 0x20000010,
171  0x00400010, 0x20004000, 0x20000000, 0x00004010,
172  0x00000000, 0x00400010, 0x20004010, 0x00004000,
173  0x00404000, 0x20004010, 0x00000010, 0x20400010,
174  0x20400010, 0x00000000, 0x00404010, 0x20404000,
175  0x00004010, 0x00404000, 0x20404000, 0x20000000,
176  0x20004000, 0x00000010, 0x20400010, 0x00404000,
177  0x20404010, 0x00400000, 0x00004010, 0x20000010,
178  0x00400000, 0x20004000, 0x20000000, 0x00004010,
179  0x20000010, 0x20404010, 0x00404000, 0x20400000,
180  0x00404010, 0x20404000, 0x00000000, 0x20400010,
181  0x00000010, 0x00004000, 0x20400000, 0x00404010,
182  0x00004000, 0x00400010, 0x20004010, 0x00000000,
183  0x20404000, 0x20000000, 0x00400010, 0x20004010
184 };
185 
186 static const uint32_t SB7[64] =
187 {
188  0x00200000, 0x04200002, 0x04000802, 0x00000000,
189  0x00000800, 0x04000802, 0x00200802, 0x04200800,
190  0x04200802, 0x00200000, 0x00000000, 0x04000002,
191  0x00000002, 0x04000000, 0x04200002, 0x00000802,
192  0x04000800, 0x00200802, 0x00200002, 0x04000800,
193  0x04000002, 0x04200000, 0x04200800, 0x00200002,
194  0x04200000, 0x00000800, 0x00000802, 0x04200802,
195  0x00200800, 0x00000002, 0x04000000, 0x00200800,
196  0x04000000, 0x00200800, 0x00200000, 0x04000802,
197  0x04000802, 0x04200002, 0x04200002, 0x00000002,
198  0x00200002, 0x04000000, 0x04000800, 0x00200000,
199  0x04200800, 0x00000802, 0x00200802, 0x04200800,
200  0x00000802, 0x04000002, 0x04200802, 0x04200000,
201  0x00200800, 0x00000000, 0x00000002, 0x04200802,
202  0x00000000, 0x00200802, 0x04200000, 0x00000800,
203  0x04000002, 0x04000800, 0x00000800, 0x00200002
204 };
205 
206 static const uint32_t SB8[64] =
207 {
208  0x10001040, 0x00001000, 0x00040000, 0x10041040,
209  0x10000000, 0x10001040, 0x00000040, 0x10000000,
210  0x00040040, 0x10040000, 0x10041040, 0x00041000,
211  0x10041000, 0x00041040, 0x00001000, 0x00000040,
212  0x10040000, 0x10000040, 0x10001000, 0x00001040,
213  0x00041000, 0x00040040, 0x10040040, 0x10041000,
214  0x00001040, 0x00000000, 0x00000000, 0x10040040,
215  0x10000040, 0x10001000, 0x00041040, 0x00040000,
216  0x00041040, 0x00040000, 0x10041000, 0x00001000,
217  0x00000040, 0x10040040, 0x00001000, 0x00041040,
218  0x10001000, 0x00000040, 0x10000040, 0x10040000,
219  0x10040040, 0x10000000, 0x00040000, 0x10001040,
220  0x00000000, 0x10041040, 0x00040040, 0x10000040,
221  0x10040000, 0x10001000, 0x10001040, 0x00000000,
222  0x10041040, 0x00041000, 0x00041000, 0x00001040,
223  0x00001040, 0x00040040, 0x10000000, 0x10041000
224 };
225 
226 /*
227  * PC1: left and right halves bit-swap
228  */
229 static const uint32_t LHs[16] =
230 {
231  0x00000000, 0x00000001, 0x00000100, 0x00000101,
232  0x00010000, 0x00010001, 0x00010100, 0x00010101,
233  0x01000000, 0x01000001, 0x01000100, 0x01000101,
234  0x01010000, 0x01010001, 0x01010100, 0x01010101
235 };
236 
237 static const uint32_t RHs[16] =
238 {
239  0x00000000, 0x01000000, 0x00010000, 0x01010000,
240  0x00000100, 0x01000100, 0x00010100, 0x01010100,
241  0x00000001, 0x01000001, 0x00010001, 0x01010001,
242  0x00000101, 0x01000101, 0x00010101, 0x01010101,
243 };
244 
245 /*
246  * Initial Permutation macro
247  */
248 #define DES_IP(X,Y) \
249 { \
250  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
251  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
252  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
253  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
254  Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
255  T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
256  X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
257 }
258 
259 /*
260  * Final Permutation macro
261  */
262 #define DES_FP(X,Y) \
263 { \
264  X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
265  T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
266  Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
267  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
268  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
271 }
272 
273 /*
274  * DES round macro
275  */
276 #define DES_ROUND(X,Y) \
277 { \
278  T = *SK++ ^ X; \
279  Y ^= SB8[ (T ) & 0x3F ] ^ \
280  SB6[ (T >> 8) & 0x3F ] ^ \
281  SB4[ (T >> 16) & 0x3F ] ^ \
282  SB2[ (T >> 24) & 0x3F ]; \
283  \
284  T = *SK++ ^ ((X << 28) | (X >> 4)); \
285  Y ^= SB7[ (T ) & 0x3F ] ^ \
286  SB5[ (T >> 8) & 0x3F ] ^ \
287  SB3[ (T >> 16) & 0x3F ] ^ \
288  SB1[ (T >> 24) & 0x3F ]; \
289 }
290 
291 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
292 
293 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
294  11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
295  47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
296  82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
297  115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
298  143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
299  171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
300  199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
301  227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
302  254 };
303 
304 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
305 {
306  int i;
307 
308  for( i = 0; i < DES_KEY_SIZE; i++ )
309  key[i] = odd_parity_table[key[i] / 2];
310 }
311 
312 /*
313  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
314  */
315 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
316 {
317  int i;
318 
319  for( i = 0; i < DES_KEY_SIZE; i++ )
320  if ( key[i] != odd_parity_table[key[i] / 2] )
321  return( 1 );
322 
323  return( 0 );
324 }
325 
326 /*
327  * Table of weak and semi-weak keys
328  *
329  * Source: http://en.wikipedia.org/wiki/Weak_key
330  *
331  * Weak:
332  * Alternating ones + zeros (0x0101010101010101)
333  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
334  * '0xE0E0E0E0F1F1F1F1'
335  * '0x1F1F1F1F0E0E0E0E'
336  *
337  * Semi-weak:
338  * 0x011F011F010E010E and 0x1F011F010E010E01
339  * 0x01E001E001F101F1 and 0xE001E001F101F101
340  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
341  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
342  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
343  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
344  *
345  */
346 
347 #define WEAK_KEY_COUNT 16
348 
349 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
350 {
351  { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
352  { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
353  { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
354  { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
355 
356  { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
357  { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
358  { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
359  { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
360  { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
361  { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
362  { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
363  { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
364  { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
365  { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
366  { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
367  { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
368 };
369 
370 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
371 {
372  int i;
373 
374  for( i = 0; i < WEAK_KEY_COUNT; i++ )
375  if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
376  return( 1 );
377 
378  return( 0 );
379 }
380 
381 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
382 {
383  int i;
384  uint32_t X, Y, T;
385 
386  GET_UINT32_BE( X, key, 0 );
387  GET_UINT32_BE( Y, key, 4 );
388 
389  /*
390  * Permuted Choice 1
391  */
392  T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
393  T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
394 
395  X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
396  | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
397  | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
398  | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
399 
400  Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
401  | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
402  | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
403  | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
404 
405  X &= 0x0FFFFFFF;
406  Y &= 0x0FFFFFFF;
407 
408  /*
409  * calculate subkeys
410  */
411  for( i = 0; i < 16; i++ )
412  {
413  if( i < 2 || i == 8 || i == 15 )
414  {
415  X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
416  Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
417  }
418  else
419  {
420  X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
421  Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
422  }
423 
424  *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
425  | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
426  | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
427  | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
428  | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
429  | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
430  | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
431  | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
432  | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
433  | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
434  | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
435 
436  *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
437  | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
438  | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
439  | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
440  | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
441  | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
442  | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
443  | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
444  | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
445  | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
446  | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
447  }
448 }
449 
450 /*
451  * DES key schedule (56-bit, encryption)
452  */
453 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
454 {
455  des_setkey( ctx->sk, key );
456 
457  return( 0 );
458 }
459 
460 /*
461  * DES key schedule (56-bit, decryption)
462  */
463 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
464 {
465  int i;
466 
467  des_setkey( ctx->sk, key );
468 
469  for( i = 0; i < 16; i += 2 )
470  {
471  SWAP( ctx->sk[i ], ctx->sk[30 - i] );
472  SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
473  }
474 
475  return( 0 );
476 }
477 
478 static void des3_set2key( uint32_t esk[96],
479  uint32_t dsk[96],
480  const unsigned char key[DES_KEY_SIZE*2] )
481 {
482  int i;
483 
484  des_setkey( esk, key );
485  des_setkey( dsk + 32, key + 8 );
486 
487  for( i = 0; i < 32; i += 2 )
488  {
489  dsk[i ] = esk[30 - i];
490  dsk[i + 1] = esk[31 - i];
491 
492  esk[i + 32] = dsk[62 - i];
493  esk[i + 33] = dsk[63 - i];
494 
495  esk[i + 64] = esk[i ];
496  esk[i + 65] = esk[i + 1];
497 
498  dsk[i + 64] = dsk[i ];
499  dsk[i + 65] = dsk[i + 1];
500  }
501 }
502 
503 /*
504  * Triple-DES key schedule (112-bit, encryption)
505  */
506 int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
507 {
508  uint32_t sk[96];
509 
510  des3_set2key( ctx->sk, sk, key );
511  memset( sk, 0, sizeof( sk ) );
512 
513  return( 0 );
514 }
515 
516 /*
517  * Triple-DES key schedule (112-bit, decryption)
518  */
519 int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
520 {
521  uint32_t sk[96];
522 
523  des3_set2key( sk, ctx->sk, key );
524  memset( sk, 0, sizeof( sk ) );
525 
526  return( 0 );
527 }
528 
529 static void des3_set3key( uint32_t esk[96],
530  uint32_t dsk[96],
531  const unsigned char key[24] )
532 {
533  int i;
534 
535  des_setkey( esk, key );
536  des_setkey( dsk + 32, key + 8 );
537  des_setkey( esk + 64, key + 16 );
538 
539  for( i = 0; i < 32; i += 2 )
540  {
541  dsk[i ] = esk[94 - i];
542  dsk[i + 1] = esk[95 - i];
543 
544  esk[i + 32] = dsk[62 - i];
545  esk[i + 33] = dsk[63 - i];
546 
547  dsk[i + 64] = esk[30 - i];
548  dsk[i + 65] = esk[31 - i];
549  }
550 }
551 
552 /*
553  * Triple-DES key schedule (168-bit, encryption)
554  */
555 int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
556 {
557  uint32_t sk[96];
558 
559  des3_set3key( ctx->sk, sk, key );
560  memset( sk, 0, sizeof( sk ) );
561 
562  return( 0 );
563 }
564 
565 /*
566  * Triple-DES key schedule (168-bit, decryption)
567  */
568 int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
569 {
570  uint32_t sk[96];
571 
572  des3_set3key( sk, ctx->sk, key );
573  memset( sk, 0, sizeof( sk ) );
574 
575  return( 0 );
576 }
577 
578 /*
579  * DES-ECB block encryption/decryption
580  */
581 int des_crypt_ecb( des_context *ctx,
582  const unsigned char input[8],
583  unsigned char output[8] )
584 {
585  int i;
586  uint32_t X, Y, T, *SK;
587 
588  SK = ctx->sk;
589 
590  GET_UINT32_BE( X, input, 0 );
591  GET_UINT32_BE( Y, input, 4 );
592 
593  DES_IP( X, Y );
594 
595  for( i = 0; i < 8; i++ )
596  {
597  DES_ROUND( Y, X );
598  DES_ROUND( X, Y );
599  }
600 
601  DES_FP( Y, X );
602 
603  PUT_UINT32_BE( Y, output, 0 );
604  PUT_UINT32_BE( X, output, 4 );
605 
606  return( 0 );
607 }
608 
609 /*
610  * DES-CBC buffer encryption/decryption
611  */
612 int des_crypt_cbc( des_context *ctx,
613  int mode,
614  size_t length,
615  unsigned char iv[8],
616  const unsigned char *input,
617  unsigned char *output )
618 {
619  int i;
620  unsigned char temp[8];
621 
622  if( length % 8 )
624 
625  if( mode == DES_ENCRYPT )
626  {
627  while( length > 0 )
628  {
629  for( i = 0; i < 8; i++ )
630  output[i] = (unsigned char)( input[i] ^ iv[i] );
631 
632  des_crypt_ecb( ctx, output, output );
633  memcpy( iv, output, 8 );
634 
635  input += 8;
636  output += 8;
637  length -= 8;
638  }
639  }
640  else /* DES_DECRYPT */
641  {
642  while( length > 0 )
643  {
644  memcpy( temp, input, 8 );
645  des_crypt_ecb( ctx, input, output );
646 
647  for( i = 0; i < 8; i++ )
648  output[i] = (unsigned char)( output[i] ^ iv[i] );
649 
650  memcpy( iv, temp, 8 );
651 
652  input += 8;
653  output += 8;
654  length -= 8;
655  }
656  }
657 
658  return( 0 );
659 }
660 
661 /*
662  * 3DES-ECB block encryption/decryption
663  */
664 int des3_crypt_ecb( des3_context *ctx,
665  const unsigned char input[8],
666  unsigned char output[8] )
667 {
668  int i;
669  uint32_t X, Y, T, *SK;
670 
671  SK = ctx->sk;
672 
673  GET_UINT32_BE( X, input, 0 );
674  GET_UINT32_BE( Y, input, 4 );
675 
676  DES_IP( X, Y );
677 
678  for( i = 0; i < 8; i++ )
679  {
680  DES_ROUND( Y, X );
681  DES_ROUND( X, Y );
682  }
683 
684  for( i = 0; i < 8; i++ )
685  {
686  DES_ROUND( X, Y );
687  DES_ROUND( Y, X );
688  }
689 
690  for( i = 0; i < 8; i++ )
691  {
692  DES_ROUND( Y, X );
693  DES_ROUND( X, Y );
694  }
695 
696  DES_FP( Y, X );
697 
698  PUT_UINT32_BE( Y, output, 0 );
699  PUT_UINT32_BE( X, output, 4 );
700 
701  return( 0 );
702 }
703 
704 /*
705  * 3DES-CBC buffer encryption/decryption
706  */
707 int des3_crypt_cbc( des3_context *ctx,
708  int mode,
709  size_t length,
710  unsigned char iv[8],
711  const unsigned char *input,
712  unsigned char *output )
713 {
714  int i;
715  unsigned char temp[8];
716 
717  if( length % 8 )
719 
720  if( mode == DES_ENCRYPT )
721  {
722  while( length > 0 )
723  {
724  for( i = 0; i < 8; i++ )
725  output[i] = (unsigned char)( input[i] ^ iv[i] );
726 
727  des3_crypt_ecb( ctx, output, output );
728  memcpy( iv, output, 8 );
729 
730  input += 8;
731  output += 8;
732  length -= 8;
733  }
734  }
735  else /* DES_DECRYPT */
736  {
737  while( length > 0 )
738  {
739  memcpy( temp, input, 8 );
740  des3_crypt_ecb( ctx, input, output );
741 
742  for( i = 0; i < 8; i++ )
743  output[i] = (unsigned char)( output[i] ^ iv[i] );
744 
745  memcpy( iv, temp, 8 );
746 
747  input += 8;
748  output += 8;
749  length -= 8;
750  }
751  }
752 
753  return( 0 );
754 }
755 
756 #endif /* !POLARSSL_DES_ALT */
757 
758 #if defined(POLARSSL_SELF_TEST)
759 
760 #include <stdio.h>
761 
762 /*
763  * DES and 3DES test vectors from:
764  *
765  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
766  */
767 static const unsigned char des3_test_keys[24] =
768 {
769  0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
770  0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
771  0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
772 };
773 
774 static const unsigned char des3_test_iv[8] =
775 {
776  0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
777 };
778 
779 static const unsigned char des3_test_buf[8] =
780 {
781  0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
782 };
783 
784 static const unsigned char des3_test_ecb_dec[3][8] =
785 {
786  { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
787  { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
788  { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
789 };
790 
791 static const unsigned char des3_test_ecb_enc[3][8] =
792 {
793  { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
794  { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
795  { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
796 };
797 
798 static const unsigned char des3_test_cbc_dec[3][8] =
799 {
800  { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
801  { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
802  { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
803 };
804 
805 static const unsigned char des3_test_cbc_enc[3][8] =
806 {
807  { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
808  { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
809  { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
810 };
811 
812 /*
813  * Checkup routine
814  */
815 int des_self_test( int verbose )
816 {
817  int i, j, u, v;
818  des_context ctx;
819  des3_context ctx3;
820  unsigned char key[24];
821  unsigned char buf[8];
822  unsigned char prv[8];
823  unsigned char iv[8];
824 
825  memset( key, 0, 24 );
826 
827  /*
828  * ECB mode
829  */
830  for( i = 0; i < 6; i++ )
831  {
832  u = i >> 1;
833  v = i & 1;
834 
835  if( verbose != 0 )
836  printf( " DES%c-ECB-%3d (%s): ",
837  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
838  ( v == DES_DECRYPT ) ? "dec" : "enc" );
839 
840  memcpy( buf, des3_test_buf, 8 );
841 
842  switch( i )
843  {
844  case 0:
845  des_setkey_dec( &ctx, des3_test_keys );
846  break;
847 
848  case 1:
849  des_setkey_enc( &ctx, des3_test_keys );
850  break;
851 
852  case 2:
853  des3_set2key_dec( &ctx3, des3_test_keys );
854  break;
855 
856  case 3:
857  des3_set2key_enc( &ctx3, des3_test_keys );
858  break;
859 
860  case 4:
861  des3_set3key_dec( &ctx3, des3_test_keys );
862  break;
863 
864  case 5:
865  des3_set3key_enc( &ctx3, des3_test_keys );
866  break;
867 
868  default:
869  return( 1 );
870  }
871 
872  for( j = 0; j < 10000; j++ )
873  {
874  if( u == 0 )
875  des_crypt_ecb( &ctx, buf, buf );
876  else
877  des3_crypt_ecb( &ctx3, buf, buf );
878  }
879 
880  if( ( v == DES_DECRYPT &&
881  memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
882  ( v != DES_DECRYPT &&
883  memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
884  {
885  if( verbose != 0 )
886  printf( "failed\n" );
887 
888  return( 1 );
889  }
890 
891  if( verbose != 0 )
892  printf( "passed\n" );
893  }
894 
895  if( verbose != 0 )
896  printf( "\n" );
897 
898  /*
899  * CBC mode
900  */
901  for( i = 0; i < 6; i++ )
902  {
903  u = i >> 1;
904  v = i & 1;
905 
906  if( verbose != 0 )
907  printf( " DES%c-CBC-%3d (%s): ",
908  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
909  ( v == DES_DECRYPT ) ? "dec" : "enc" );
910 
911  memcpy( iv, des3_test_iv, 8 );
912  memcpy( prv, des3_test_iv, 8 );
913  memcpy( buf, des3_test_buf, 8 );
914 
915  switch( i )
916  {
917  case 0:
918  des_setkey_dec( &ctx, des3_test_keys );
919  break;
920 
921  case 1:
922  des_setkey_enc( &ctx, des3_test_keys );
923  break;
924 
925  case 2:
926  des3_set2key_dec( &ctx3, des3_test_keys );
927  break;
928 
929  case 3:
930  des3_set2key_enc( &ctx3, des3_test_keys );
931  break;
932 
933  case 4:
934  des3_set3key_dec( &ctx3, des3_test_keys );
935  break;
936 
937  case 5:
938  des3_set3key_enc( &ctx3, des3_test_keys );
939  break;
940 
941  default:
942  return( 1 );
943  }
944 
945  if( v == DES_DECRYPT )
946  {
947  for( j = 0; j < 10000; j++ )
948  {
949  if( u == 0 )
950  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
951  else
952  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
953  }
954  }
955  else
956  {
957  for( j = 0; j < 10000; j++ )
958  {
959  unsigned char tmp[8];
960 
961  if( u == 0 )
962  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
963  else
964  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
965 
966  memcpy( tmp, prv, 8 );
967  memcpy( prv, buf, 8 );
968  memcpy( buf, tmp, 8 );
969  }
970 
971  memcpy( buf, prv, 8 );
972  }
973 
974  if( ( v == DES_DECRYPT &&
975  memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
976  ( v != DES_DECRYPT &&
977  memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
978  {
979  if( verbose != 0 )
980  printf( "failed\n" );
981 
982  return( 1 );
983  }
984 
985  if( verbose != 0 )
986  printf( "passed\n" );
987  }
988 
989  if( verbose != 0 )
990  printf( "\n" );
991 
992  return( 0 );
993 }
994 
995 #endif
996 
997 #endif
#define DES_ENCRYPT
Definition: des.h:41
int des_self_test(int verbose)
Checkup routine.
int des_crypt_ecb(des_context *ctx, const unsigned char input[8], unsigned char output[8])
DES-ECB block encryption/decryption.
Configuration options (set of defines)
DES context structure.
Definition: des.h:55
int des3_set3key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, encryption)
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
Triple-DES context structure.
Definition: des.h:65
int des3_set2key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, encryption)
uint32_t sk[32]
Definition: des.h:58
void des_key_set_parity(unsigned char key[DES_KEY_SIZE])
Set key parity on the given key to odd.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
uint32_t sk[96]
Definition: des.h:68
DES block cipher.
int des_setkey_enc(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, encryption)
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
#define DES_DECRYPT
Definition: des.h:42
int des3_crypt_ecb(des3_context *ctx, const unsigned char input[8], unsigned char output[8])
3DES-ECB block encryption/decryption
int des_key_check_weak(const unsigned char key[DES_KEY_SIZE])
Check that key is not a weak or semi-weak DES key.
#define DES_KEY_SIZE
Definition: des.h:46
int des_key_check_key_parity(const unsigned char key[DES_KEY_SIZE])
Check that key parity on the given key is odd.
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
The data input has an invalid length.
Definition: des.h:44
int des3_set2key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, decryption)
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption