PolarSSL v1.3.7
des.c
Go to the documentation of this file.
1 /*
2  * FIPS-46-3 compliant Triple-DES implementation
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * DES, on which TDES is based, was originally designed by Horst Feistel
27  * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28  *
29  * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30  */
31 
32 #if !defined(POLARSSL_CONFIG_FILE)
33 #include "polarssl/config.h"
34 #else
35 #include POLARSSL_CONFIG_FILE
36 #endif
37 
38 #if defined(POLARSSL_DES_C)
39 
40 #include "polarssl/des.h"
41 
42 #if defined(POLARSSL_PLATFORM_C)
43 #include "polarssl/platform.h"
44 #else
45 #define polarssl_printf printf
46 #endif
47 
48 #if !defined(POLARSSL_DES_ALT)
49 
50 /*
51  * 32-bit integer manipulation macros (big endian)
52  */
53 #ifndef GET_UINT32_BE
54 #define GET_UINT32_BE(n,b,i) \
55 { \
56  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
57  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
58  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
59  | ( (uint32_t) (b)[(i) + 3] ); \
60 }
61 #endif
62 
63 #ifndef PUT_UINT32_BE
64 #define PUT_UINT32_BE(n,b,i) \
65 { \
66  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
67  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
68  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
69  (b)[(i) + 3] = (unsigned char) ( (n) ); \
70 }
71 #endif
72 
73 /*
74  * Expanded DES S-boxes
75  */
76 static const uint32_t SB1[64] =
77 {
78  0x01010400, 0x00000000, 0x00010000, 0x01010404,
79  0x01010004, 0x00010404, 0x00000004, 0x00010000,
80  0x00000400, 0x01010400, 0x01010404, 0x00000400,
81  0x01000404, 0x01010004, 0x01000000, 0x00000004,
82  0x00000404, 0x01000400, 0x01000400, 0x00010400,
83  0x00010400, 0x01010000, 0x01010000, 0x01000404,
84  0x00010004, 0x01000004, 0x01000004, 0x00010004,
85  0x00000000, 0x00000404, 0x00010404, 0x01000000,
86  0x00010000, 0x01010404, 0x00000004, 0x01010000,
87  0x01010400, 0x01000000, 0x01000000, 0x00000400,
88  0x01010004, 0x00010000, 0x00010400, 0x01000004,
89  0x00000400, 0x00000004, 0x01000404, 0x00010404,
90  0x01010404, 0x00010004, 0x01010000, 0x01000404,
91  0x01000004, 0x00000404, 0x00010404, 0x01010400,
92  0x00000404, 0x01000400, 0x01000400, 0x00000000,
93  0x00010004, 0x00010400, 0x00000000, 0x01010004
94 };
95 
96 static const uint32_t SB2[64] =
97 {
98  0x80108020, 0x80008000, 0x00008000, 0x00108020,
99  0x00100000, 0x00000020, 0x80100020, 0x80008020,
100  0x80000020, 0x80108020, 0x80108000, 0x80000000,
101  0x80008000, 0x00100000, 0x00000020, 0x80100020,
102  0x00108000, 0x00100020, 0x80008020, 0x00000000,
103  0x80000000, 0x00008000, 0x00108020, 0x80100000,
104  0x00100020, 0x80000020, 0x00000000, 0x00108000,
105  0x00008020, 0x80108000, 0x80100000, 0x00008020,
106  0x00000000, 0x00108020, 0x80100020, 0x00100000,
107  0x80008020, 0x80100000, 0x80108000, 0x00008000,
108  0x80100000, 0x80008000, 0x00000020, 0x80108020,
109  0x00108020, 0x00000020, 0x00008000, 0x80000000,
110  0x00008020, 0x80108000, 0x00100000, 0x80000020,
111  0x00100020, 0x80008020, 0x80000020, 0x00100020,
112  0x00108000, 0x00000000, 0x80008000, 0x00008020,
113  0x80000000, 0x80100020, 0x80108020, 0x00108000
114 };
115 
116 static const uint32_t SB3[64] =
117 {
118  0x00000208, 0x08020200, 0x00000000, 0x08020008,
119  0x08000200, 0x00000000, 0x00020208, 0x08000200,
120  0x00020008, 0x08000008, 0x08000008, 0x00020000,
121  0x08020208, 0x00020008, 0x08020000, 0x00000208,
122  0x08000000, 0x00000008, 0x08020200, 0x00000200,
123  0x00020200, 0x08020000, 0x08020008, 0x00020208,
124  0x08000208, 0x00020200, 0x00020000, 0x08000208,
125  0x00000008, 0x08020208, 0x00000200, 0x08000000,
126  0x08020200, 0x08000000, 0x00020008, 0x00000208,
127  0x00020000, 0x08020200, 0x08000200, 0x00000000,
128  0x00000200, 0x00020008, 0x08020208, 0x08000200,
129  0x08000008, 0x00000200, 0x00000000, 0x08020008,
130  0x08000208, 0x00020000, 0x08000000, 0x08020208,
131  0x00000008, 0x00020208, 0x00020200, 0x08000008,
132  0x08020000, 0x08000208, 0x00000208, 0x08020000,
133  0x00020208, 0x00000008, 0x08020008, 0x00020200
134 };
135 
136 static const uint32_t SB4[64] =
137 {
138  0x00802001, 0x00002081, 0x00002081, 0x00000080,
139  0x00802080, 0x00800081, 0x00800001, 0x00002001,
140  0x00000000, 0x00802000, 0x00802000, 0x00802081,
141  0x00000081, 0x00000000, 0x00800080, 0x00800001,
142  0x00000001, 0x00002000, 0x00800000, 0x00802001,
143  0x00000080, 0x00800000, 0x00002001, 0x00002080,
144  0x00800081, 0x00000001, 0x00002080, 0x00800080,
145  0x00002000, 0x00802080, 0x00802081, 0x00000081,
146  0x00800080, 0x00800001, 0x00802000, 0x00802081,
147  0x00000081, 0x00000000, 0x00000000, 0x00802000,
148  0x00002080, 0x00800080, 0x00800081, 0x00000001,
149  0x00802001, 0x00002081, 0x00002081, 0x00000080,
150  0x00802081, 0x00000081, 0x00000001, 0x00002000,
151  0x00800001, 0x00002001, 0x00802080, 0x00800081,
152  0x00002001, 0x00002080, 0x00800000, 0x00802001,
153  0x00000080, 0x00800000, 0x00002000, 0x00802080
154 };
155 
156 static const uint32_t SB5[64] =
157 {
158  0x00000100, 0x02080100, 0x02080000, 0x42000100,
159  0x00080000, 0x00000100, 0x40000000, 0x02080000,
160  0x40080100, 0x00080000, 0x02000100, 0x40080100,
161  0x42000100, 0x42080000, 0x00080100, 0x40000000,
162  0x02000000, 0x40080000, 0x40080000, 0x00000000,
163  0x40000100, 0x42080100, 0x42080100, 0x02000100,
164  0x42080000, 0x40000100, 0x00000000, 0x42000000,
165  0x02080100, 0x02000000, 0x42000000, 0x00080100,
166  0x00080000, 0x42000100, 0x00000100, 0x02000000,
167  0x40000000, 0x02080000, 0x42000100, 0x40080100,
168  0x02000100, 0x40000000, 0x42080000, 0x02080100,
169  0x40080100, 0x00000100, 0x02000000, 0x42080000,
170  0x42080100, 0x00080100, 0x42000000, 0x42080100,
171  0x02080000, 0x00000000, 0x40080000, 0x42000000,
172  0x00080100, 0x02000100, 0x40000100, 0x00080000,
173  0x00000000, 0x40080000, 0x02080100, 0x40000100
174 };
175 
176 static const uint32_t SB6[64] =
177 {
178  0x20000010, 0x20400000, 0x00004000, 0x20404010,
179  0x20400000, 0x00000010, 0x20404010, 0x00400000,
180  0x20004000, 0x00404010, 0x00400000, 0x20000010,
181  0x00400010, 0x20004000, 0x20000000, 0x00004010,
182  0x00000000, 0x00400010, 0x20004010, 0x00004000,
183  0x00404000, 0x20004010, 0x00000010, 0x20400010,
184  0x20400010, 0x00000000, 0x00404010, 0x20404000,
185  0x00004010, 0x00404000, 0x20404000, 0x20000000,
186  0x20004000, 0x00000010, 0x20400010, 0x00404000,
187  0x20404010, 0x00400000, 0x00004010, 0x20000010,
188  0x00400000, 0x20004000, 0x20000000, 0x00004010,
189  0x20000010, 0x20404010, 0x00404000, 0x20400000,
190  0x00404010, 0x20404000, 0x00000000, 0x20400010,
191  0x00000010, 0x00004000, 0x20400000, 0x00404010,
192  0x00004000, 0x00400010, 0x20004010, 0x00000000,
193  0x20404000, 0x20000000, 0x00400010, 0x20004010
194 };
195 
196 static const uint32_t SB7[64] =
197 {
198  0x00200000, 0x04200002, 0x04000802, 0x00000000,
199  0x00000800, 0x04000802, 0x00200802, 0x04200800,
200  0x04200802, 0x00200000, 0x00000000, 0x04000002,
201  0x00000002, 0x04000000, 0x04200002, 0x00000802,
202  0x04000800, 0x00200802, 0x00200002, 0x04000800,
203  0x04000002, 0x04200000, 0x04200800, 0x00200002,
204  0x04200000, 0x00000800, 0x00000802, 0x04200802,
205  0x00200800, 0x00000002, 0x04000000, 0x00200800,
206  0x04000000, 0x00200800, 0x00200000, 0x04000802,
207  0x04000802, 0x04200002, 0x04200002, 0x00000002,
208  0x00200002, 0x04000000, 0x04000800, 0x00200000,
209  0x04200800, 0x00000802, 0x00200802, 0x04200800,
210  0x00000802, 0x04000002, 0x04200802, 0x04200000,
211  0x00200800, 0x00000000, 0x00000002, 0x04200802,
212  0x00000000, 0x00200802, 0x04200000, 0x00000800,
213  0x04000002, 0x04000800, 0x00000800, 0x00200002
214 };
215 
216 static const uint32_t SB8[64] =
217 {
218  0x10001040, 0x00001000, 0x00040000, 0x10041040,
219  0x10000000, 0x10001040, 0x00000040, 0x10000000,
220  0x00040040, 0x10040000, 0x10041040, 0x00041000,
221  0x10041000, 0x00041040, 0x00001000, 0x00000040,
222  0x10040000, 0x10000040, 0x10001000, 0x00001040,
223  0x00041000, 0x00040040, 0x10040040, 0x10041000,
224  0x00001040, 0x00000000, 0x00000000, 0x10040040,
225  0x10000040, 0x10001000, 0x00041040, 0x00040000,
226  0x00041040, 0x00040000, 0x10041000, 0x00001000,
227  0x00000040, 0x10040040, 0x00001000, 0x00041040,
228  0x10001000, 0x00000040, 0x10000040, 0x10040000,
229  0x10040040, 0x10000000, 0x00040000, 0x10001040,
230  0x00000000, 0x10041040, 0x00040040, 0x10000040,
231  0x10040000, 0x10001000, 0x10001040, 0x00000000,
232  0x10041040, 0x00041000, 0x00041000, 0x00001040,
233  0x00001040, 0x00040040, 0x10000000, 0x10041000
234 };
235 
236 /*
237  * PC1: left and right halves bit-swap
238  */
239 static const uint32_t LHs[16] =
240 {
241  0x00000000, 0x00000001, 0x00000100, 0x00000101,
242  0x00010000, 0x00010001, 0x00010100, 0x00010101,
243  0x01000000, 0x01000001, 0x01000100, 0x01000101,
244  0x01010000, 0x01010001, 0x01010100, 0x01010101
245 };
246 
247 static const uint32_t RHs[16] =
248 {
249  0x00000000, 0x01000000, 0x00010000, 0x01010000,
250  0x00000100, 0x01000100, 0x00010100, 0x01010100,
251  0x00000001, 0x01000001, 0x00010001, 0x01010001,
252  0x00000101, 0x01000101, 0x00010101, 0x01010101,
253 };
254 
255 /*
256  * Initial Permutation macro
257  */
258 #define DES_IP(X,Y) \
259 { \
260  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
261  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
262  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
263  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
264  Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
265  T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
266  X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
267 }
268 
269 /*
270  * Final Permutation macro
271  */
272 #define DES_FP(X,Y) \
273 { \
274  X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
275  T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
276  Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
277  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
278  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
279  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
280  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
281 }
282 
283 /*
284  * DES round macro
285  */
286 #define DES_ROUND(X,Y) \
287 { \
288  T = *SK++ ^ X; \
289  Y ^= SB8[ (T ) & 0x3F ] ^ \
290  SB6[ (T >> 8) & 0x3F ] ^ \
291  SB4[ (T >> 16) & 0x3F ] ^ \
292  SB2[ (T >> 24) & 0x3F ]; \
293  \
294  T = *SK++ ^ ((X << 28) | (X >> 4)); \
295  Y ^= SB7[ (T ) & 0x3F ] ^ \
296  SB5[ (T >> 8) & 0x3F ] ^ \
297  SB3[ (T >> 16) & 0x3F ] ^ \
298  SB1[ (T >> 24) & 0x3F ]; \
299 }
300 
301 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
302 
303 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
304  11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
305  47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
306  82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
307  115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
308  143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
309  171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
310  199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
311  227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
312  254 };
313 
314 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
315 {
316  int i;
317 
318  for( i = 0; i < DES_KEY_SIZE; i++ )
319  key[i] = odd_parity_table[key[i] / 2];
320 }
321 
322 /*
323  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
324  */
325 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
326 {
327  int i;
328 
329  for( i = 0; i < DES_KEY_SIZE; i++ )
330  if ( key[i] != odd_parity_table[key[i] / 2] )
331  return( 1 );
332 
333  return( 0 );
334 }
335 
336 /*
337  * Table of weak and semi-weak keys
338  *
339  * Source: http://en.wikipedia.org/wiki/Weak_key
340  *
341  * Weak:
342  * Alternating ones + zeros (0x0101010101010101)
343  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
344  * '0xE0E0E0E0F1F1F1F1'
345  * '0x1F1F1F1F0E0E0E0E'
346  *
347  * Semi-weak:
348  * 0x011F011F010E010E and 0x1F011F010E010E01
349  * 0x01E001E001F101F1 and 0xE001E001F101F101
350  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
351  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
352  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
353  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
354  *
355  */
356 
357 #define WEAK_KEY_COUNT 16
358 
359 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
360 {
361  { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
362  { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
363  { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
364  { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
365 
366  { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
367  { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
368  { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
369  { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
370  { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
371  { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
372  { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
373  { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
374  { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
375  { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
376  { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
377  { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
378 };
379 
380 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
381 {
382  int i;
383 
384  for( i = 0; i < WEAK_KEY_COUNT; i++ )
385  if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
386  return( 1 );
387 
388  return( 0 );
389 }
390 
391 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
392 {
393  int i;
394  uint32_t X, Y, T;
395 
396  GET_UINT32_BE( X, key, 0 );
397  GET_UINT32_BE( Y, key, 4 );
398 
399  /*
400  * Permuted Choice 1
401  */
402  T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
403  T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
404 
405  X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
406  | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
407  | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
408  | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
409 
410  Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
411  | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
412  | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
413  | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
414 
415  X &= 0x0FFFFFFF;
416  Y &= 0x0FFFFFFF;
417 
418  /*
419  * calculate subkeys
420  */
421  for( i = 0; i < 16; i++ )
422  {
423  if( i < 2 || i == 8 || i == 15 )
424  {
425  X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
426  Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
427  }
428  else
429  {
430  X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
431  Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
432  }
433 
434  *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
435  | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
436  | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
437  | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
438  | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
439  | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
440  | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
441  | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
442  | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
443  | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
444  | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
445 
446  *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
447  | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
448  | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
449  | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
450  | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
451  | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
452  | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
453  | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
454  | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
455  | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
456  | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
457  }
458 }
459 
460 /*
461  * DES key schedule (56-bit, encryption)
462  */
463 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
464 {
465  des_setkey( ctx->sk, key );
466 
467  return( 0 );
468 }
469 
470 /*
471  * DES key schedule (56-bit, decryption)
472  */
473 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
474 {
475  int i;
476 
477  des_setkey( ctx->sk, key );
478 
479  for( i = 0; i < 16; i += 2 )
480  {
481  SWAP( ctx->sk[i ], ctx->sk[30 - i] );
482  SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
483  }
484 
485  return( 0 );
486 }
487 
488 static void des3_set2key( uint32_t esk[96],
489  uint32_t dsk[96],
490  const unsigned char key[DES_KEY_SIZE*2] )
491 {
492  int i;
493 
494  des_setkey( esk, key );
495  des_setkey( dsk + 32, key + 8 );
496 
497  for( i = 0; i < 32; i += 2 )
498  {
499  dsk[i ] = esk[30 - i];
500  dsk[i + 1] = esk[31 - i];
501 
502  esk[i + 32] = dsk[62 - i];
503  esk[i + 33] = dsk[63 - i];
504 
505  esk[i + 64] = esk[i ];
506  esk[i + 65] = esk[i + 1];
507 
508  dsk[i + 64] = dsk[i ];
509  dsk[i + 65] = dsk[i + 1];
510  }
511 }
512 
513 /*
514  * Triple-DES key schedule (112-bit, encryption)
515  */
517  const unsigned char key[DES_KEY_SIZE * 2] )
518 {
519  uint32_t sk[96];
520 
521  des3_set2key( ctx->sk, sk, key );
522  memset( sk, 0, sizeof( sk ) );
523 
524  return( 0 );
525 }
526 
527 /*
528  * Triple-DES key schedule (112-bit, decryption)
529  */
531  const unsigned char key[DES_KEY_SIZE * 2] )
532 {
533  uint32_t sk[96];
534 
535  des3_set2key( sk, ctx->sk, key );
536  memset( sk, 0, sizeof( sk ) );
537 
538  return( 0 );
539 }
540 
541 static void des3_set3key( uint32_t esk[96],
542  uint32_t dsk[96],
543  const unsigned char key[24] )
544 {
545  int i;
546 
547  des_setkey( esk, key );
548  des_setkey( dsk + 32, key + 8 );
549  des_setkey( esk + 64, key + 16 );
550 
551  for( i = 0; i < 32; i += 2 )
552  {
553  dsk[i ] = esk[94 - i];
554  dsk[i + 1] = esk[95 - i];
555 
556  esk[i + 32] = dsk[62 - i];
557  esk[i + 33] = dsk[63 - i];
558 
559  dsk[i + 64] = esk[30 - i];
560  dsk[i + 65] = esk[31 - i];
561  }
562 }
563 
564 /*
565  * Triple-DES key schedule (168-bit, encryption)
566  */
568  const unsigned char key[DES_KEY_SIZE * 3] )
569 {
570  uint32_t sk[96];
571 
572  des3_set3key( ctx->sk, sk, key );
573  memset( sk, 0, sizeof( sk ) );
574 
575  return( 0 );
576 }
577 
578 /*
579  * Triple-DES key schedule (168-bit, decryption)
580  */
582  const unsigned char key[DES_KEY_SIZE * 3] )
583 {
584  uint32_t sk[96];
585 
586  des3_set3key( sk, ctx->sk, key );
587  memset( sk, 0, sizeof( sk ) );
588 
589  return( 0 );
590 }
591 
592 /*
593  * DES-ECB block encryption/decryption
594  */
595 int des_crypt_ecb( des_context *ctx,
596  const unsigned char input[8],
597  unsigned char output[8] )
598 {
599  int i;
600  uint32_t X, Y, T, *SK;
601 
602  SK = ctx->sk;
603 
604  GET_UINT32_BE( X, input, 0 );
605  GET_UINT32_BE( Y, input, 4 );
606 
607  DES_IP( X, Y );
608 
609  for( i = 0; i < 8; i++ )
610  {
611  DES_ROUND( Y, X );
612  DES_ROUND( X, Y );
613  }
614 
615  DES_FP( Y, X );
616 
617  PUT_UINT32_BE( Y, output, 0 );
618  PUT_UINT32_BE( X, output, 4 );
619 
620  return( 0 );
621 }
622 
623 #if defined(POLARSSL_CIPHER_MODE_CBC)
624 /*
625  * DES-CBC buffer encryption/decryption
626  */
627 int des_crypt_cbc( des_context *ctx,
628  int mode,
629  size_t length,
630  unsigned char iv[8],
631  const unsigned char *input,
632  unsigned char *output )
633 {
634  int i;
635  unsigned char temp[8];
636 
637  if( length % 8 )
639 
640  if( mode == DES_ENCRYPT )
641  {
642  while( length > 0 )
643  {
644  for( i = 0; i < 8; i++ )
645  output[i] = (unsigned char)( input[i] ^ iv[i] );
646 
647  des_crypt_ecb( ctx, output, output );
648  memcpy( iv, output, 8 );
649 
650  input += 8;
651  output += 8;
652  length -= 8;
653  }
654  }
655  else /* DES_DECRYPT */
656  {
657  while( length > 0 )
658  {
659  memcpy( temp, input, 8 );
660  des_crypt_ecb( ctx, input, output );
661 
662  for( i = 0; i < 8; i++ )
663  output[i] = (unsigned char)( output[i] ^ iv[i] );
664 
665  memcpy( iv, temp, 8 );
666 
667  input += 8;
668  output += 8;
669  length -= 8;
670  }
671  }
672 
673  return( 0 );
674 }
675 #endif /* POLARSSL_CIPHER_MODE_CBC */
676 
677 /*
678  * 3DES-ECB block encryption/decryption
679  */
680 int des3_crypt_ecb( des3_context *ctx,
681  const unsigned char input[8],
682  unsigned char output[8] )
683 {
684  int i;
685  uint32_t X, Y, T, *SK;
686 
687  SK = ctx->sk;
688 
689  GET_UINT32_BE( X, input, 0 );
690  GET_UINT32_BE( Y, input, 4 );
691 
692  DES_IP( X, Y );
693 
694  for( i = 0; i < 8; i++ )
695  {
696  DES_ROUND( Y, X );
697  DES_ROUND( X, Y );
698  }
699 
700  for( i = 0; i < 8; i++ )
701  {
702  DES_ROUND( X, Y );
703  DES_ROUND( Y, X );
704  }
705 
706  for( i = 0; i < 8; i++ )
707  {
708  DES_ROUND( Y, X );
709  DES_ROUND( X, Y );
710  }
711 
712  DES_FP( Y, X );
713 
714  PUT_UINT32_BE( Y, output, 0 );
715  PUT_UINT32_BE( X, output, 4 );
716 
717  return( 0 );
718 }
719 
720 #if defined(POLARSSL_CIPHER_MODE_CBC)
721 /*
722  * 3DES-CBC buffer encryption/decryption
723  */
724 int des3_crypt_cbc( des3_context *ctx,
725  int mode,
726  size_t length,
727  unsigned char iv[8],
728  const unsigned char *input,
729  unsigned char *output )
730 {
731  int i;
732  unsigned char temp[8];
733 
734  if( length % 8 )
736 
737  if( mode == DES_ENCRYPT )
738  {
739  while( length > 0 )
740  {
741  for( i = 0; i < 8; i++ )
742  output[i] = (unsigned char)( input[i] ^ iv[i] );
743 
744  des3_crypt_ecb( ctx, output, output );
745  memcpy( iv, output, 8 );
746 
747  input += 8;
748  output += 8;
749  length -= 8;
750  }
751  }
752  else /* DES_DECRYPT */
753  {
754  while( length > 0 )
755  {
756  memcpy( temp, input, 8 );
757  des3_crypt_ecb( ctx, input, output );
758 
759  for( i = 0; i < 8; i++ )
760  output[i] = (unsigned char)( output[i] ^ iv[i] );
761 
762  memcpy( iv, temp, 8 );
763 
764  input += 8;
765  output += 8;
766  length -= 8;
767  }
768  }
769 
770  return( 0 );
771 }
772 #endif /* POLARSSL_CIPHER_MODE_CBC */
773 
774 #endif /* !POLARSSL_DES_ALT */
775 
776 #if defined(POLARSSL_SELF_TEST)
777 
778 #include <stdio.h>
779 
780 /*
781  * DES and 3DES test vectors from:
782  *
783  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
784  */
785 static const unsigned char des3_test_keys[24] =
786 {
787  0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
788  0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
789  0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
790 };
791 
792 static const unsigned char des3_test_buf[8] =
793 {
794  0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
795 };
796 
797 static const unsigned char des3_test_ecb_dec[3][8] =
798 {
799  { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
800  { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
801  { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
802 };
803 
804 static const unsigned char des3_test_ecb_enc[3][8] =
805 {
806  { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
807  { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
808  { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
809 };
810 
811 #if defined(POLARSSL_CIPHER_MODE_CBC)
812 static const unsigned char des3_test_iv[8] =
813 {
814  0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
815 };
816 
817 static const unsigned char des3_test_cbc_dec[3][8] =
818 {
819  { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
820  { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
821  { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
822 };
823 
824 static const unsigned char des3_test_cbc_enc[3][8] =
825 {
826  { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
827  { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
828  { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
829 };
830 #endif /* POLARSSL_CIPHER_MODE_CBC */
831 
832 /*
833  * Checkup routine
834  */
835 int des_self_test( int verbose )
836 {
837  int i, j, u, v;
838  des_context ctx;
839  des3_context ctx3;
840  unsigned char key[24];
841  unsigned char buf[8];
842 #if defined(POLARSSL_CIPHER_MODE_CBC)
843  unsigned char prv[8];
844  unsigned char iv[8];
845 #endif
846 
847  memset( key, 0, 24 );
848 
849  /*
850  * ECB mode
851  */
852  for( i = 0; i < 6; i++ )
853  {
854  u = i >> 1;
855  v = i & 1;
856 
857  if( verbose != 0 )
858  polarssl_printf( " DES%c-ECB-%3d (%s): ",
859  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
860  ( v == DES_DECRYPT ) ? "dec" : "enc" );
861 
862  memcpy( buf, des3_test_buf, 8 );
863 
864  switch( i )
865  {
866  case 0:
867  des_setkey_dec( &ctx, des3_test_keys );
868  break;
869 
870  case 1:
871  des_setkey_enc( &ctx, des3_test_keys );
872  break;
873 
874  case 2:
875  des3_set2key_dec( &ctx3, des3_test_keys );
876  break;
877 
878  case 3:
879  des3_set2key_enc( &ctx3, des3_test_keys );
880  break;
881 
882  case 4:
883  des3_set3key_dec( &ctx3, des3_test_keys );
884  break;
885 
886  case 5:
887  des3_set3key_enc( &ctx3, des3_test_keys );
888  break;
889 
890  default:
891  return( 1 );
892  }
893 
894  for( j = 0; j < 10000; j++ )
895  {
896  if( u == 0 )
897  des_crypt_ecb( &ctx, buf, buf );
898  else
899  des3_crypt_ecb( &ctx3, buf, buf );
900  }
901 
902  if( ( v == DES_DECRYPT &&
903  memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
904  ( v != DES_DECRYPT &&
905  memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
906  {
907  if( verbose != 0 )
908  polarssl_printf( "failed\n" );
909 
910  return( 1 );
911  }
912 
913  if( verbose != 0 )
914  polarssl_printf( "passed\n" );
915  }
916 
917  if( verbose != 0 )
918  polarssl_printf( "\n" );
919 
920 #if defined(POLARSSL_CIPHER_MODE_CBC)
921  /*
922  * CBC mode
923  */
924  for( i = 0; i < 6; i++ )
925  {
926  u = i >> 1;
927  v = i & 1;
928 
929  if( verbose != 0 )
930  polarssl_printf( " DES%c-CBC-%3d (%s): ",
931  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
932  ( v == DES_DECRYPT ) ? "dec" : "enc" );
933 
934  memcpy( iv, des3_test_iv, 8 );
935  memcpy( prv, des3_test_iv, 8 );
936  memcpy( buf, des3_test_buf, 8 );
937 
938  switch( i )
939  {
940  case 0:
941  des_setkey_dec( &ctx, des3_test_keys );
942  break;
943 
944  case 1:
945  des_setkey_enc( &ctx, des3_test_keys );
946  break;
947 
948  case 2:
949  des3_set2key_dec( &ctx3, des3_test_keys );
950  break;
951 
952  case 3:
953  des3_set2key_enc( &ctx3, des3_test_keys );
954  break;
955 
956  case 4:
957  des3_set3key_dec( &ctx3, des3_test_keys );
958  break;
959 
960  case 5:
961  des3_set3key_enc( &ctx3, des3_test_keys );
962  break;
963 
964  default:
965  return( 1 );
966  }
967 
968  if( v == DES_DECRYPT )
969  {
970  for( j = 0; j < 10000; j++ )
971  {
972  if( u == 0 )
973  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
974  else
975  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
976  }
977  }
978  else
979  {
980  for( j = 0; j < 10000; j++ )
981  {
982  unsigned char tmp[8];
983 
984  if( u == 0 )
985  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
986  else
987  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
988 
989  memcpy( tmp, prv, 8 );
990  memcpy( prv, buf, 8 );
991  memcpy( buf, tmp, 8 );
992  }
993 
994  memcpy( buf, prv, 8 );
995  }
996 
997  if( ( v == DES_DECRYPT &&
998  memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
999  ( v != DES_DECRYPT &&
1000  memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
1001  {
1002  if( verbose != 0 )
1003  polarssl_printf( "failed\n" );
1004 
1005  return( 1 );
1006  }
1007 
1008  if( verbose != 0 )
1009  polarssl_printf( "passed\n" );
1010  }
1011 #endif /* POLARSSL_CIPHER_MODE_CBC */
1012 
1013  if( verbose != 0 )
1014  polarssl_printf( "\n" );
1015 
1016  return( 0 );
1017 }
1018 
1019 #endif /* POLARSSL_SELF_TEST */
1020 
1021 #endif /* POLARSSL_DES_C */
#define DES_ENCRYPT
Definition: des.h:45
int des_self_test(int verbose)
Checkup routine.
int des_crypt_ecb(des_context *ctx, const unsigned char input[8], unsigned char output[8])
DES-ECB block encryption/decryption.
Configuration options (set of defines)
PolarSSL Platform abstraction layer.
DES context structure.
Definition: des.h:63
int des3_set3key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, encryption)
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
Triple-DES context structure.
Definition: des.h:73
int des3_set2key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, encryption)
uint32_t sk[32]
Definition: des.h:66
void des_key_set_parity(unsigned char key[DES_KEY_SIZE])
Set key parity on the given key to odd.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
uint32_t sk[96]
Definition: des.h:76
DES block cipher.
int des_setkey_enc(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, encryption)
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
#define DES_DECRYPT
Definition: des.h:46
#define polarssl_printf
Definition: platform.h:109
int des3_crypt_ecb(des3_context *ctx, const unsigned char input[8], unsigned char output[8])
3DES-ECB block encryption/decryption
int des_key_check_weak(const unsigned char key[DES_KEY_SIZE])
Check that key is not a weak or semi-weak DES key.
#define DES_KEY_SIZE
Definition: des.h:50
int des_key_check_key_parity(const unsigned char key[DES_KEY_SIZE])
Check that key parity on the given key is odd.
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
The data input has an invalid length.
Definition: des.h:48
int des3_set2key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, decryption)
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption