PolarSSL v1.2.11
des.c
Go to the documentation of this file.
1 /*
2  * FIPS-46-3 compliant Triple-DES implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * DES, on which TDES is based, was originally designed by Horst Feistel
27  * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28  *
29  * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_DES_C)
35 
36 #include "polarssl/des.h"
37 
38 #if !defined(POLARSSL_DES_ALT)
39 
40 /* Implementation that should never be optimized out by the compiler */
41 static void polarssl_zeroize( void *v, size_t n ) {
42  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
43 }
44 
45 /*
46  * 32-bit integer manipulation macros (big endian)
47  */
48 #ifndef GET_UINT32_BE
49 #define GET_UINT32_BE(n,b,i) \
50 { \
51  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
52  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
53  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
54  | ( (uint32_t) (b)[(i) + 3] ); \
55 }
56 #endif
57 
58 #ifndef PUT_UINT32_BE
59 #define PUT_UINT32_BE(n,b,i) \
60 { \
61  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
62  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
63  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
64  (b)[(i) + 3] = (unsigned char) ( (n) ); \
65 }
66 #endif
67 
68 /*
69  * Expanded DES S-boxes
70  */
71 static const uint32_t SB1[64] =
72 {
73  0x01010400, 0x00000000, 0x00010000, 0x01010404,
74  0x01010004, 0x00010404, 0x00000004, 0x00010000,
75  0x00000400, 0x01010400, 0x01010404, 0x00000400,
76  0x01000404, 0x01010004, 0x01000000, 0x00000004,
77  0x00000404, 0x01000400, 0x01000400, 0x00010400,
78  0x00010400, 0x01010000, 0x01010000, 0x01000404,
79  0x00010004, 0x01000004, 0x01000004, 0x00010004,
80  0x00000000, 0x00000404, 0x00010404, 0x01000000,
81  0x00010000, 0x01010404, 0x00000004, 0x01010000,
82  0x01010400, 0x01000000, 0x01000000, 0x00000400,
83  0x01010004, 0x00010000, 0x00010400, 0x01000004,
84  0x00000400, 0x00000004, 0x01000404, 0x00010404,
85  0x01010404, 0x00010004, 0x01010000, 0x01000404,
86  0x01000004, 0x00000404, 0x00010404, 0x01010400,
87  0x00000404, 0x01000400, 0x01000400, 0x00000000,
88  0x00010004, 0x00010400, 0x00000000, 0x01010004
89 };
90 
91 static const uint32_t SB2[64] =
92 {
93  0x80108020, 0x80008000, 0x00008000, 0x00108020,
94  0x00100000, 0x00000020, 0x80100020, 0x80008020,
95  0x80000020, 0x80108020, 0x80108000, 0x80000000,
96  0x80008000, 0x00100000, 0x00000020, 0x80100020,
97  0x00108000, 0x00100020, 0x80008020, 0x00000000,
98  0x80000000, 0x00008000, 0x00108020, 0x80100000,
99  0x00100020, 0x80000020, 0x00000000, 0x00108000,
100  0x00008020, 0x80108000, 0x80100000, 0x00008020,
101  0x00000000, 0x00108020, 0x80100020, 0x00100000,
102  0x80008020, 0x80100000, 0x80108000, 0x00008000,
103  0x80100000, 0x80008000, 0x00000020, 0x80108020,
104  0x00108020, 0x00000020, 0x00008000, 0x80000000,
105  0x00008020, 0x80108000, 0x00100000, 0x80000020,
106  0x00100020, 0x80008020, 0x80000020, 0x00100020,
107  0x00108000, 0x00000000, 0x80008000, 0x00008020,
108  0x80000000, 0x80100020, 0x80108020, 0x00108000
109 };
110 
111 static const uint32_t SB3[64] =
112 {
113  0x00000208, 0x08020200, 0x00000000, 0x08020008,
114  0x08000200, 0x00000000, 0x00020208, 0x08000200,
115  0x00020008, 0x08000008, 0x08000008, 0x00020000,
116  0x08020208, 0x00020008, 0x08020000, 0x00000208,
117  0x08000000, 0x00000008, 0x08020200, 0x00000200,
118  0x00020200, 0x08020000, 0x08020008, 0x00020208,
119  0x08000208, 0x00020200, 0x00020000, 0x08000208,
120  0x00000008, 0x08020208, 0x00000200, 0x08000000,
121  0x08020200, 0x08000000, 0x00020008, 0x00000208,
122  0x00020000, 0x08020200, 0x08000200, 0x00000000,
123  0x00000200, 0x00020008, 0x08020208, 0x08000200,
124  0x08000008, 0x00000200, 0x00000000, 0x08020008,
125  0x08000208, 0x00020000, 0x08000000, 0x08020208,
126  0x00000008, 0x00020208, 0x00020200, 0x08000008,
127  0x08020000, 0x08000208, 0x00000208, 0x08020000,
128  0x00020208, 0x00000008, 0x08020008, 0x00020200
129 };
130 
131 static const uint32_t SB4[64] =
132 {
133  0x00802001, 0x00002081, 0x00002081, 0x00000080,
134  0x00802080, 0x00800081, 0x00800001, 0x00002001,
135  0x00000000, 0x00802000, 0x00802000, 0x00802081,
136  0x00000081, 0x00000000, 0x00800080, 0x00800001,
137  0x00000001, 0x00002000, 0x00800000, 0x00802001,
138  0x00000080, 0x00800000, 0x00002001, 0x00002080,
139  0x00800081, 0x00000001, 0x00002080, 0x00800080,
140  0x00002000, 0x00802080, 0x00802081, 0x00000081,
141  0x00800080, 0x00800001, 0x00802000, 0x00802081,
142  0x00000081, 0x00000000, 0x00000000, 0x00802000,
143  0x00002080, 0x00800080, 0x00800081, 0x00000001,
144  0x00802001, 0x00002081, 0x00002081, 0x00000080,
145  0x00802081, 0x00000081, 0x00000001, 0x00002000,
146  0x00800001, 0x00002001, 0x00802080, 0x00800081,
147  0x00002001, 0x00002080, 0x00800000, 0x00802001,
148  0x00000080, 0x00800000, 0x00002000, 0x00802080
149 };
150 
151 static const uint32_t SB5[64] =
152 {
153  0x00000100, 0x02080100, 0x02080000, 0x42000100,
154  0x00080000, 0x00000100, 0x40000000, 0x02080000,
155  0x40080100, 0x00080000, 0x02000100, 0x40080100,
156  0x42000100, 0x42080000, 0x00080100, 0x40000000,
157  0x02000000, 0x40080000, 0x40080000, 0x00000000,
158  0x40000100, 0x42080100, 0x42080100, 0x02000100,
159  0x42080000, 0x40000100, 0x00000000, 0x42000000,
160  0x02080100, 0x02000000, 0x42000000, 0x00080100,
161  0x00080000, 0x42000100, 0x00000100, 0x02000000,
162  0x40000000, 0x02080000, 0x42000100, 0x40080100,
163  0x02000100, 0x40000000, 0x42080000, 0x02080100,
164  0x40080100, 0x00000100, 0x02000000, 0x42080000,
165  0x42080100, 0x00080100, 0x42000000, 0x42080100,
166  0x02080000, 0x00000000, 0x40080000, 0x42000000,
167  0x00080100, 0x02000100, 0x40000100, 0x00080000,
168  0x00000000, 0x40080000, 0x02080100, 0x40000100
169 };
170 
171 static const uint32_t SB6[64] =
172 {
173  0x20000010, 0x20400000, 0x00004000, 0x20404010,
174  0x20400000, 0x00000010, 0x20404010, 0x00400000,
175  0x20004000, 0x00404010, 0x00400000, 0x20000010,
176  0x00400010, 0x20004000, 0x20000000, 0x00004010,
177  0x00000000, 0x00400010, 0x20004010, 0x00004000,
178  0x00404000, 0x20004010, 0x00000010, 0x20400010,
179  0x20400010, 0x00000000, 0x00404010, 0x20404000,
180  0x00004010, 0x00404000, 0x20404000, 0x20000000,
181  0x20004000, 0x00000010, 0x20400010, 0x00404000,
182  0x20404010, 0x00400000, 0x00004010, 0x20000010,
183  0x00400000, 0x20004000, 0x20000000, 0x00004010,
184  0x20000010, 0x20404010, 0x00404000, 0x20400000,
185  0x00404010, 0x20404000, 0x00000000, 0x20400010,
186  0x00000010, 0x00004000, 0x20400000, 0x00404010,
187  0x00004000, 0x00400010, 0x20004010, 0x00000000,
188  0x20404000, 0x20000000, 0x00400010, 0x20004010
189 };
190 
191 static const uint32_t SB7[64] =
192 {
193  0x00200000, 0x04200002, 0x04000802, 0x00000000,
194  0x00000800, 0x04000802, 0x00200802, 0x04200800,
195  0x04200802, 0x00200000, 0x00000000, 0x04000002,
196  0x00000002, 0x04000000, 0x04200002, 0x00000802,
197  0x04000800, 0x00200802, 0x00200002, 0x04000800,
198  0x04000002, 0x04200000, 0x04200800, 0x00200002,
199  0x04200000, 0x00000800, 0x00000802, 0x04200802,
200  0x00200800, 0x00000002, 0x04000000, 0x00200800,
201  0x04000000, 0x00200800, 0x00200000, 0x04000802,
202  0x04000802, 0x04200002, 0x04200002, 0x00000002,
203  0x00200002, 0x04000000, 0x04000800, 0x00200000,
204  0x04200800, 0x00000802, 0x00200802, 0x04200800,
205  0x00000802, 0x04000002, 0x04200802, 0x04200000,
206  0x00200800, 0x00000000, 0x00000002, 0x04200802,
207  0x00000000, 0x00200802, 0x04200000, 0x00000800,
208  0x04000002, 0x04000800, 0x00000800, 0x00200002
209 };
210 
211 static const uint32_t SB8[64] =
212 {
213  0x10001040, 0x00001000, 0x00040000, 0x10041040,
214  0x10000000, 0x10001040, 0x00000040, 0x10000000,
215  0x00040040, 0x10040000, 0x10041040, 0x00041000,
216  0x10041000, 0x00041040, 0x00001000, 0x00000040,
217  0x10040000, 0x10000040, 0x10001000, 0x00001040,
218  0x00041000, 0x00040040, 0x10040040, 0x10041000,
219  0x00001040, 0x00000000, 0x00000000, 0x10040040,
220  0x10000040, 0x10001000, 0x00041040, 0x00040000,
221  0x00041040, 0x00040000, 0x10041000, 0x00001000,
222  0x00000040, 0x10040040, 0x00001000, 0x00041040,
223  0x10001000, 0x00000040, 0x10000040, 0x10040000,
224  0x10040040, 0x10000000, 0x00040000, 0x10001040,
225  0x00000000, 0x10041040, 0x00040040, 0x10000040,
226  0x10040000, 0x10001000, 0x10001040, 0x00000000,
227  0x10041040, 0x00041000, 0x00041000, 0x00001040,
228  0x00001040, 0x00040040, 0x10000000, 0x10041000
229 };
230 
231 /*
232  * PC1: left and right halves bit-swap
233  */
234 static const uint32_t LHs[16] =
235 {
236  0x00000000, 0x00000001, 0x00000100, 0x00000101,
237  0x00010000, 0x00010001, 0x00010100, 0x00010101,
238  0x01000000, 0x01000001, 0x01000100, 0x01000101,
239  0x01010000, 0x01010001, 0x01010100, 0x01010101
240 };
241 
242 static const uint32_t RHs[16] =
243 {
244  0x00000000, 0x01000000, 0x00010000, 0x01010000,
245  0x00000100, 0x01000100, 0x00010100, 0x01010100,
246  0x00000001, 0x01000001, 0x00010001, 0x01010001,
247  0x00000101, 0x01000101, 0x00010101, 0x01010101,
248 };
249 
250 /*
251  * Initial Permutation macro
252  */
253 #define DES_IP(X,Y) \
254 { \
255  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
256  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
257  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
258  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
259  Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
260  T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
261  X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
262 }
263 
264 /*
265  * Final Permutation macro
266  */
267 #define DES_FP(X,Y) \
268 { \
269  X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
270  T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
271  Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
272  T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
273  T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
274  T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
275  T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
276 }
277 
278 /*
279  * DES round macro
280  */
281 #define DES_ROUND(X,Y) \
282 { \
283  T = *SK++ ^ X; \
284  Y ^= SB8[ (T ) & 0x3F ] ^ \
285  SB6[ (T >> 8) & 0x3F ] ^ \
286  SB4[ (T >> 16) & 0x3F ] ^ \
287  SB2[ (T >> 24) & 0x3F ]; \
288  \
289  T = *SK++ ^ ((X << 28) | (X >> 4)); \
290  Y ^= SB7[ (T ) & 0x3F ] ^ \
291  SB5[ (T >> 8) & 0x3F ] ^ \
292  SB3[ (T >> 16) & 0x3F ] ^ \
293  SB1[ (T >> 24) & 0x3F ]; \
294 }
295 
296 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
297 
298 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
299  11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
300  47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
301  82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
302  115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
303  143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
304  171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
305  199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
306  227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
307  254 };
308 
309 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
310 {
311  int i;
312 
313  for( i = 0; i < DES_KEY_SIZE; i++ )
314  key[i] = odd_parity_table[key[i] / 2];
315 }
316 
317 /*
318  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
319  */
320 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
321 {
322  int i;
323 
324  for( i = 0; i < DES_KEY_SIZE; i++ )
325  if ( key[i] != odd_parity_table[key[i] / 2] )
326  return( 1 );
327 
328  return( 0 );
329 }
330 
331 /*
332  * Table of weak and semi-weak keys
333  *
334  * Source: http://en.wikipedia.org/wiki/Weak_key
335  *
336  * Weak:
337  * Alternating ones + zeros (0x0101010101010101)
338  * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
339  * '0xE0E0E0E0F1F1F1F1'
340  * '0x1F1F1F1F0E0E0E0E'
341  *
342  * Semi-weak:
343  * 0x011F011F010E010E and 0x1F011F010E010E01
344  * 0x01E001E001F101F1 and 0xE001E001F101F101
345  * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
346  * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
347  * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
348  * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
349  *
350  */
351 
352 #define WEAK_KEY_COUNT 16
353 
354 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
355 {
356  { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
357  { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
358  { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
359  { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
360 
361  { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
362  { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
363  { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
364  { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
365  { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
366  { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
367  { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
368  { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
369  { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
370  { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
371  { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
372  { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
373 };
374 
375 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
376 {
377  int i;
378 
379  for( i = 0; i < WEAK_KEY_COUNT; i++ )
380  if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
381  return( 1 );
382 
383  return( 0 );
384 }
385 
386 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
387 {
388  int i;
389  uint32_t X, Y, T;
390 
391  GET_UINT32_BE( X, key, 0 );
392  GET_UINT32_BE( Y, key, 4 );
393 
394  /*
395  * Permuted Choice 1
396  */
397  T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
398  T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
399 
400  X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
401  | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
402  | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
403  | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
404 
405  Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
406  | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
407  | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
408  | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
409 
410  X &= 0x0FFFFFFF;
411  Y &= 0x0FFFFFFF;
412 
413  /*
414  * calculate subkeys
415  */
416  for( i = 0; i < 16; i++ )
417  {
418  if( i < 2 || i == 8 || i == 15 )
419  {
420  X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
421  Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
422  }
423  else
424  {
425  X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
426  Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
427  }
428 
429  *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
430  | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
431  | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
432  | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
433  | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
434  | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
435  | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
436  | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
437  | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
438  | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
439  | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
440 
441  *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
442  | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
443  | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
444  | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
445  | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
446  | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
447  | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
448  | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
449  | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
450  | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
451  | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
452  }
453 }
454 
455 /*
456  * DES key schedule (56-bit, encryption)
457  */
458 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
459 {
460  des_setkey( ctx->sk, key );
461 
462  return( 0 );
463 }
464 
465 /*
466  * DES key schedule (56-bit, decryption)
467  */
468 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
469 {
470  int i;
471 
472  des_setkey( ctx->sk, key );
473 
474  for( i = 0; i < 16; i += 2 )
475  {
476  SWAP( ctx->sk[i ], ctx->sk[30 - i] );
477  SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
478  }
479 
480  return( 0 );
481 }
482 
483 static void des3_set2key( uint32_t esk[96],
484  uint32_t dsk[96],
485  const unsigned char key[DES_KEY_SIZE*2] )
486 {
487  int i;
488 
489  des_setkey( esk, key );
490  des_setkey( dsk + 32, key + 8 );
491 
492  for( i = 0; i < 32; i += 2 )
493  {
494  dsk[i ] = esk[30 - i];
495  dsk[i + 1] = esk[31 - i];
496 
497  esk[i + 32] = dsk[62 - i];
498  esk[i + 33] = dsk[63 - i];
499 
500  esk[i + 64] = esk[i ];
501  esk[i + 65] = esk[i + 1];
502 
503  dsk[i + 64] = dsk[i ];
504  dsk[i + 65] = dsk[i + 1];
505  }
506 }
507 
508 /*
509  * Triple-DES key schedule (112-bit, encryption)
510  */
511 int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
512 {
513  uint32_t sk[96];
514 
515  des3_set2key( ctx->sk, sk, key );
516  polarssl_zeroize( sk, sizeof( sk ) );
517 
518  return( 0 );
519 }
520 
521 /*
522  * Triple-DES key schedule (112-bit, decryption)
523  */
524 int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
525 {
526  uint32_t sk[96];
527 
528  des3_set2key( sk, ctx->sk, key );
529  polarssl_zeroize( sk, sizeof( sk ) );
530 
531  return( 0 );
532 }
533 
534 static void des3_set3key( uint32_t esk[96],
535  uint32_t dsk[96],
536  const unsigned char key[24] )
537 {
538  int i;
539 
540  des_setkey( esk, key );
541  des_setkey( dsk + 32, key + 8 );
542  des_setkey( esk + 64, key + 16 );
543 
544  for( i = 0; i < 32; i += 2 )
545  {
546  dsk[i ] = esk[94 - i];
547  dsk[i + 1] = esk[95 - i];
548 
549  esk[i + 32] = dsk[62 - i];
550  esk[i + 33] = dsk[63 - i];
551 
552  dsk[i + 64] = esk[30 - i];
553  dsk[i + 65] = esk[31 - i];
554  }
555 }
556 
557 /*
558  * Triple-DES key schedule (168-bit, encryption)
559  */
560 int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
561 {
562  uint32_t sk[96];
563 
564  des3_set3key( ctx->sk, sk, key );
565  polarssl_zeroize( sk, sizeof( sk ) );
566 
567  return( 0 );
568 }
569 
570 /*
571  * Triple-DES key schedule (168-bit, decryption)
572  */
573 int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
574 {
575  uint32_t sk[96];
576 
577  des3_set3key( sk, ctx->sk, key );
578  polarssl_zeroize( sk, sizeof( sk ) );
579 
580  return( 0 );
581 }
582 
583 /*
584  * DES-ECB block encryption/decryption
585  */
586 int des_crypt_ecb( des_context *ctx,
587  const unsigned char input[8],
588  unsigned char output[8] )
589 {
590  int i;
591  uint32_t X, Y, T, *SK;
592 
593  SK = ctx->sk;
594 
595  GET_UINT32_BE( X, input, 0 );
596  GET_UINT32_BE( Y, input, 4 );
597 
598  DES_IP( X, Y );
599 
600  for( i = 0; i < 8; i++ )
601  {
602  DES_ROUND( Y, X );
603  DES_ROUND( X, Y );
604  }
605 
606  DES_FP( Y, X );
607 
608  PUT_UINT32_BE( Y, output, 0 );
609  PUT_UINT32_BE( X, output, 4 );
610 
611  return( 0 );
612 }
613 
614 /*
615  * DES-CBC buffer encryption/decryption
616  */
617 int des_crypt_cbc( des_context *ctx,
618  int mode,
619  size_t length,
620  unsigned char iv[8],
621  const unsigned char *input,
622  unsigned char *output )
623 {
624  int i;
625  unsigned char temp[8];
626 
627  if( length % 8 )
629 
630  if( mode == DES_ENCRYPT )
631  {
632  while( length > 0 )
633  {
634  for( i = 0; i < 8; i++ )
635  output[i] = (unsigned char)( input[i] ^ iv[i] );
636 
637  des_crypt_ecb( ctx, output, output );
638  memcpy( iv, output, 8 );
639 
640  input += 8;
641  output += 8;
642  length -= 8;
643  }
644  }
645  else /* DES_DECRYPT */
646  {
647  while( length > 0 )
648  {
649  memcpy( temp, input, 8 );
650  des_crypt_ecb( ctx, input, output );
651 
652  for( i = 0; i < 8; i++ )
653  output[i] = (unsigned char)( output[i] ^ iv[i] );
654 
655  memcpy( iv, temp, 8 );
656 
657  input += 8;
658  output += 8;
659  length -= 8;
660  }
661  }
662 
663  return( 0 );
664 }
665 
666 /*
667  * 3DES-ECB block encryption/decryption
668  */
669 int des3_crypt_ecb( des3_context *ctx,
670  const unsigned char input[8],
671  unsigned char output[8] )
672 {
673  int i;
674  uint32_t X, Y, T, *SK;
675 
676  SK = ctx->sk;
677 
678  GET_UINT32_BE( X, input, 0 );
679  GET_UINT32_BE( Y, input, 4 );
680 
681  DES_IP( X, Y );
682 
683  for( i = 0; i < 8; i++ )
684  {
685  DES_ROUND( Y, X );
686  DES_ROUND( X, Y );
687  }
688 
689  for( i = 0; i < 8; i++ )
690  {
691  DES_ROUND( X, Y );
692  DES_ROUND( Y, X );
693  }
694 
695  for( i = 0; i < 8; i++ )
696  {
697  DES_ROUND( Y, X );
698  DES_ROUND( X, Y );
699  }
700 
701  DES_FP( Y, X );
702 
703  PUT_UINT32_BE( Y, output, 0 );
704  PUT_UINT32_BE( X, output, 4 );
705 
706  return( 0 );
707 }
708 
709 /*
710  * 3DES-CBC buffer encryption/decryption
711  */
712 int des3_crypt_cbc( des3_context *ctx,
713  int mode,
714  size_t length,
715  unsigned char iv[8],
716  const unsigned char *input,
717  unsigned char *output )
718 {
719  int i;
720  unsigned char temp[8];
721 
722  if( length % 8 )
724 
725  if( mode == DES_ENCRYPT )
726  {
727  while( length > 0 )
728  {
729  for( i = 0; i < 8; i++ )
730  output[i] = (unsigned char)( input[i] ^ iv[i] );
731 
732  des3_crypt_ecb( ctx, output, output );
733  memcpy( iv, output, 8 );
734 
735  input += 8;
736  output += 8;
737  length -= 8;
738  }
739  }
740  else /* DES_DECRYPT */
741  {
742  while( length > 0 )
743  {
744  memcpy( temp, input, 8 );
745  des3_crypt_ecb( ctx, input, output );
746 
747  for( i = 0; i < 8; i++ )
748  output[i] = (unsigned char)( output[i] ^ iv[i] );
749 
750  memcpy( iv, temp, 8 );
751 
752  input += 8;
753  output += 8;
754  length -= 8;
755  }
756  }
757 
758  return( 0 );
759 }
760 
761 #endif /* !POLARSSL_DES_ALT */
762 
763 #if defined(POLARSSL_SELF_TEST)
764 
765 #include <stdio.h>
766 
767 /*
768  * DES and 3DES test vectors from:
769  *
770  * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
771  */
772 static const unsigned char des3_test_keys[24] =
773 {
774  0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
775  0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
776  0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
777 };
778 
779 static const unsigned char des3_test_iv[8] =
780 {
781  0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
782 };
783 
784 static const unsigned char des3_test_buf[8] =
785 {
786  0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
787 };
788 
789 static const unsigned char des3_test_ecb_dec[3][8] =
790 {
791  { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
792  { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
793  { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
794 };
795 
796 static const unsigned char des3_test_ecb_enc[3][8] =
797 {
798  { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
799  { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
800  { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
801 };
802 
803 static const unsigned char des3_test_cbc_dec[3][8] =
804 {
805  { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
806  { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
807  { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
808 };
809 
810 static const unsigned char des3_test_cbc_enc[3][8] =
811 {
812  { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
813  { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
814  { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
815 };
816 
817 /*
818  * Checkup routine
819  */
820 int des_self_test( int verbose )
821 {
822  int i, j, u, v;
823  des_context ctx;
824  des3_context ctx3;
825  unsigned char key[24];
826  unsigned char buf[8];
827  unsigned char prv[8];
828  unsigned char iv[8];
829 
830  memset( key, 0, 24 );
831 
832  /*
833  * ECB mode
834  */
835  for( i = 0; i < 6; i++ )
836  {
837  u = i >> 1;
838  v = i & 1;
839 
840  if( verbose != 0 )
841  printf( " DES%c-ECB-%3d (%s): ",
842  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
843  ( v == DES_DECRYPT ) ? "dec" : "enc" );
844 
845  memcpy( buf, des3_test_buf, 8 );
846 
847  switch( i )
848  {
849  case 0:
850  des_setkey_dec( &ctx, des3_test_keys );
851  break;
852 
853  case 1:
854  des_setkey_enc( &ctx, des3_test_keys );
855  break;
856 
857  case 2:
858  des3_set2key_dec( &ctx3, des3_test_keys );
859  break;
860 
861  case 3:
862  des3_set2key_enc( &ctx3, des3_test_keys );
863  break;
864 
865  case 4:
866  des3_set3key_dec( &ctx3, des3_test_keys );
867  break;
868 
869  case 5:
870  des3_set3key_enc( &ctx3, des3_test_keys );
871  break;
872 
873  default:
874  return( 1 );
875  }
876 
877  for( j = 0; j < 10000; j++ )
878  {
879  if( u == 0 )
880  des_crypt_ecb( &ctx, buf, buf );
881  else
882  des3_crypt_ecb( &ctx3, buf, buf );
883  }
884 
885  if( ( v == DES_DECRYPT &&
886  memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
887  ( v != DES_DECRYPT &&
888  memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
889  {
890  if( verbose != 0 )
891  printf( "failed\n" );
892 
893  return( 1 );
894  }
895 
896  if( verbose != 0 )
897  printf( "passed\n" );
898  }
899 
900  if( verbose != 0 )
901  printf( "\n" );
902 
903  /*
904  * CBC mode
905  */
906  for( i = 0; i < 6; i++ )
907  {
908  u = i >> 1;
909  v = i & 1;
910 
911  if( verbose != 0 )
912  printf( " DES%c-CBC-%3d (%s): ",
913  ( u == 0 ) ? ' ' : '3', 56 + u * 56,
914  ( v == DES_DECRYPT ) ? "dec" : "enc" );
915 
916  memcpy( iv, des3_test_iv, 8 );
917  memcpy( prv, des3_test_iv, 8 );
918  memcpy( buf, des3_test_buf, 8 );
919 
920  switch( i )
921  {
922  case 0:
923  des_setkey_dec( &ctx, des3_test_keys );
924  break;
925 
926  case 1:
927  des_setkey_enc( &ctx, des3_test_keys );
928  break;
929 
930  case 2:
931  des3_set2key_dec( &ctx3, des3_test_keys );
932  break;
933 
934  case 3:
935  des3_set2key_enc( &ctx3, des3_test_keys );
936  break;
937 
938  case 4:
939  des3_set3key_dec( &ctx3, des3_test_keys );
940  break;
941 
942  case 5:
943  des3_set3key_enc( &ctx3, des3_test_keys );
944  break;
945 
946  default:
947  return( 1 );
948  }
949 
950  if( v == DES_DECRYPT )
951  {
952  for( j = 0; j < 10000; j++ )
953  {
954  if( u == 0 )
955  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
956  else
957  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
958  }
959  }
960  else
961  {
962  for( j = 0; j < 10000; j++ )
963  {
964  unsigned char tmp[8];
965 
966  if( u == 0 )
967  des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
968  else
969  des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
970 
971  memcpy( tmp, prv, 8 );
972  memcpy( prv, buf, 8 );
973  memcpy( buf, tmp, 8 );
974  }
975 
976  memcpy( buf, prv, 8 );
977  }
978 
979  if( ( v == DES_DECRYPT &&
980  memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
981  ( v != DES_DECRYPT &&
982  memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
983  {
984  if( verbose != 0 )
985  printf( "failed\n" );
986 
987  return( 1 );
988  }
989 
990  if( verbose != 0 )
991  printf( "passed\n" );
992  }
993 
994  if( verbose != 0 )
995  printf( "\n" );
996 
997  return( 0 );
998 }
999 
1000 #endif
1001 
1002 #endif
#define DES_ENCRYPT
Definition: des.h:41
int des_self_test(int verbose)
Checkup routine.
int des_crypt_ecb(des_context *ctx, const unsigned char input[8], unsigned char output[8])
DES-ECB block encryption/decryption.
Configuration options (set of defines)
DES context structure.
Definition: des.h:55
int des3_set3key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, encryption)
int des3_set3key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *3])
Triple-DES key schedule (168-bit, decryption)
Triple-DES context structure.
Definition: des.h:65
int des3_set2key_enc(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, encryption)
uint32_t sk[32]
Definition: des.h:58
void des_key_set_parity(unsigned char key[DES_KEY_SIZE])
Set key parity on the given key to odd.
int des_crypt_cbc(des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
DES-CBC buffer encryption/decryption.
uint32_t sk[96]
Definition: des.h:68
DES block cipher.
int des_setkey_enc(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, encryption)
int des_setkey_dec(des_context *ctx, const unsigned char key[DES_KEY_SIZE])
DES key schedule (56-bit, decryption)
#define DES_DECRYPT
Definition: des.h:42
int des3_crypt_ecb(des3_context *ctx, const unsigned char input[8], unsigned char output[8])
3DES-ECB block encryption/decryption
int des_key_check_weak(const unsigned char key[DES_KEY_SIZE])
Check that key is not a weak or semi-weak DES key.
#define DES_KEY_SIZE
Definition: des.h:46
int des_key_check_key_parity(const unsigned char key[DES_KEY_SIZE])
Check that key parity on the given key is odd.
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
The data input has an invalid length.
Definition: des.h:44
int des3_set2key_dec(des3_context *ctx, const unsigned char key[DES_KEY_SIZE *2])
Triple-DES key schedule (112-bit, decryption)
int des3_crypt_cbc(des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)
3DES-CBC buffer encryption/decryption