Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
des.c
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * DES, on which TDES is based, was originally designed by Horst Feistel 00027 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00028 * 00029 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00030 */ 00031 00032 #if !defined(POLARSSL_CONFIG_FILE) 00033 #include "polarssl/config.h" 00034 #else 00035 #include POLARSSL_CONFIG_FILE 00036 #endif 00037 00038 #if defined(POLARSSL_DES_C) 00039 00040 #include "polarssl/des.h" 00041 00042 #if defined(POLARSSL_PLATFORM_C) 00043 #include "polarssl/platform.h" 00044 #else 00045 #define polarssl_printf printf 00046 #endif 00047 00048 #if !defined(POLARSSL_DES_ALT) 00049 00050 /* 00051 * 32-bit integer manipulation macros (big endian) 00052 */ 00053 #ifndef GET_UINT32_BE 00054 #define GET_UINT32_BE(n,b,i) \ 00055 { \ 00056 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00057 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00058 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00059 | ( (uint32_t) (b)[(i) + 3] ); \ 00060 } 00061 #endif 00062 00063 #ifndef PUT_UINT32_BE 00064 #define PUT_UINT32_BE(n,b,i) \ 00065 { \ 00066 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00067 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00068 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00069 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00070 } 00071 #endif 00072 00073 /* 00074 * Expanded DES S-boxes 00075 */ 00076 static const uint32_t SB1[64] = 00077 { 00078 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00079 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00080 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00081 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00082 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00083 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00084 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00085 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00086 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00087 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00088 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00089 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00090 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00091 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00092 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00093 0x00010004, 0x00010400, 0x00000000, 0x01010004 00094 }; 00095 00096 static const uint32_t SB2[64] = 00097 { 00098 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00099 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00100 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00101 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00102 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00103 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00104 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00105 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00106 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00107 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00108 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00109 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00110 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00111 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00112 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00113 0x80000000, 0x80100020, 0x80108020, 0x00108000 00114 }; 00115 00116 static const uint32_t SB3[64] = 00117 { 00118 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00119 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00120 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00121 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00122 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00123 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00124 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00125 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00126 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00127 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00128 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00129 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00130 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00131 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00132 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00133 0x00020208, 0x00000008, 0x08020008, 0x00020200 00134 }; 00135 00136 static const uint32_t SB4[64] = 00137 { 00138 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00139 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00140 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00141 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00142 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00143 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00144 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00145 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00146 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00147 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00148 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00149 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00150 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00151 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00152 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00153 0x00000080, 0x00800000, 0x00002000, 0x00802080 00154 }; 00155 00156 static const uint32_t SB5[64] = 00157 { 00158 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00159 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00160 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00161 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00162 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00163 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00164 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00165 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00166 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00167 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00168 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00169 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00170 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00171 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00172 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00173 0x00000000, 0x40080000, 0x02080100, 0x40000100 00174 }; 00175 00176 static const uint32_t SB6[64] = 00177 { 00178 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00179 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00180 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00181 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00182 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00183 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00184 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00185 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00186 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00187 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00188 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00189 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00190 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00191 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00192 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00193 0x20404000, 0x20000000, 0x00400010, 0x20004010 00194 }; 00195 00196 static const uint32_t SB7[64] = 00197 { 00198 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00199 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00200 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00201 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00202 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00203 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00204 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00205 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00206 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00207 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00208 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00209 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00210 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00211 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00212 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00213 0x04000002, 0x04000800, 0x00000800, 0x00200002 00214 }; 00215 00216 static const uint32_t SB8[64] = 00217 { 00218 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00219 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00220 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00221 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00222 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00223 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00224 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00225 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00226 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00227 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00228 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00229 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00230 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00231 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00232 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00233 0x00001040, 0x00040040, 0x10000000, 0x10041000 00234 }; 00235 00236 /* 00237 * PC1: left and right halves bit-swap 00238 */ 00239 static const uint32_t LHs[16] = 00240 { 00241 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00242 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00243 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00244 0x01010000, 0x01010001, 0x01010100, 0x01010101 00245 }; 00246 00247 static const uint32_t RHs[16] = 00248 { 00249 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00250 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00251 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00252 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00253 }; 00254 00255 /* 00256 * Initial Permutation macro 00257 */ 00258 #define DES_IP(X,Y) \ 00259 { \ 00260 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00261 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00262 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00263 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00264 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ 00265 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ 00266 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ 00267 } 00268 00269 /* 00270 * Final Permutation macro 00271 */ 00272 #define DES_FP(X,Y) \ 00273 { \ 00274 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ 00275 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ 00276 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ 00277 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00278 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00279 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00280 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00281 } 00282 00283 /* 00284 * DES round macro 00285 */ 00286 #define DES_ROUND(X,Y) \ 00287 { \ 00288 T = *SK++ ^ X; \ 00289 Y ^= SB8[ (T ) & 0x3F ] ^ \ 00290 SB6[ (T >> 8) & 0x3F ] ^ \ 00291 SB4[ (T >> 16) & 0x3F ] ^ \ 00292 SB2[ (T >> 24) & 0x3F ]; \ 00293 \ 00294 T = *SK++ ^ ((X << 28) | (X >> 4)); \ 00295 Y ^= SB7[ (T ) & 0x3F ] ^ \ 00296 SB5[ (T >> 8) & 0x3F ] ^ \ 00297 SB3[ (T >> 16) & 0x3F ] ^ \ 00298 SB1[ (T >> 24) & 0x3F ]; \ 00299 } 00300 00301 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } 00302 00303 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00304 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00305 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00306 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00307 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00308 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00309 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00310 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00311 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00312 254 }; 00313 00314 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ) 00315 { 00316 int i; 00317 00318 for( i = 0; i < DES_KEY_SIZE; i++ ) 00319 key[i] = odd_parity_table[key[i] / 2]; 00320 } 00321 00322 /* 00323 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00324 */ 00325 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] ) 00326 { 00327 int i; 00328 00329 for( i = 0; i < DES_KEY_SIZE; i++ ) 00330 if ( key[i] != odd_parity_table[key[i] / 2] ) 00331 return( 1 ); 00332 00333 return( 0 ); 00334 } 00335 00336 /* 00337 * Table of weak and semi-weak keys 00338 * 00339 * Source: http://en.wikipedia.org/wiki/Weak_key 00340 * 00341 * Weak: 00342 * Alternating ones + zeros (0x0101010101010101) 00343 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00344 * '0xE0E0E0E0F1F1F1F1' 00345 * '0x1F1F1F1F0E0E0E0E' 00346 * 00347 * Semi-weak: 00348 * 0x011F011F010E010E and 0x1F011F010E010E01 00349 * 0x01E001E001F101F1 and 0xE001E001F101F101 00350 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00351 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00352 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00353 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00354 * 00355 */ 00356 00357 #define WEAK_KEY_COUNT 16 00358 00359 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] = 00360 { 00361 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00362 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00363 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00364 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00365 00366 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00367 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00368 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00369 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00370 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00371 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00372 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00373 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00374 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00375 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00376 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00377 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00378 }; 00379 00380 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] ) 00381 { 00382 int i; 00383 00384 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00385 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0) 00386 return( 1 ); 00387 00388 return( 0 ); 00389 } 00390 00391 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] ) 00392 { 00393 int i; 00394 uint32_t X, Y, T; 00395 00396 GET_UINT32_BE( X, key, 0 ); 00397 GET_UINT32_BE( Y, key, 4 ); 00398 00399 /* 00400 * Permuted Choice 1 00401 */ 00402 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00403 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00404 00405 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00406 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00407 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00408 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00409 00410 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00411 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00412 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00413 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00414 00415 X &= 0x0FFFFFFF; 00416 Y &= 0x0FFFFFFF; 00417 00418 /* 00419 * calculate subkeys 00420 */ 00421 for( i = 0; i < 16; i++ ) 00422 { 00423 if( i < 2 || i == 8 || i == 15 ) 00424 { 00425 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00426 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00427 } 00428 else 00429 { 00430 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00431 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00432 } 00433 00434 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00435 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00436 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00437 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00438 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00439 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00440 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00441 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00442 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00443 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00444 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00445 00446 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00447 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00448 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00449 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00450 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00451 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00452 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00453 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00454 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00455 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00456 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00457 } 00458 } 00459 00460 /* 00461 * DES key schedule (56-bit, encryption) 00462 */ 00463 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00464 { 00465 des_setkey( ctx->sk , key ); 00466 00467 return( 0 ); 00468 } 00469 00470 /* 00471 * DES key schedule (56-bit, decryption) 00472 */ 00473 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00474 { 00475 int i; 00476 00477 des_setkey( ctx->sk , key ); 00478 00479 for( i = 0; i < 16; i += 2 ) 00480 { 00481 SWAP( ctx->sk [i ], ctx->sk [30 - i] ); 00482 SWAP( ctx->sk [i + 1], ctx->sk [31 - i] ); 00483 } 00484 00485 return( 0 ); 00486 } 00487 00488 static void des3_set2key( uint32_t esk[96], 00489 uint32_t dsk[96], 00490 const unsigned char key[DES_KEY_SIZE*2] ) 00491 { 00492 int i; 00493 00494 des_setkey( esk, key ); 00495 des_setkey( dsk + 32, key + 8 ); 00496 00497 for( i = 0; i < 32; i += 2 ) 00498 { 00499 dsk[i ] = esk[30 - i]; 00500 dsk[i + 1] = esk[31 - i]; 00501 00502 esk[i + 32] = dsk[62 - i]; 00503 esk[i + 33] = dsk[63 - i]; 00504 00505 esk[i + 64] = esk[i ]; 00506 esk[i + 65] = esk[i + 1]; 00507 00508 dsk[i + 64] = dsk[i ]; 00509 dsk[i + 65] = dsk[i + 1]; 00510 } 00511 } 00512 00513 /* 00514 * Triple-DES key schedule (112-bit, encryption) 00515 */ 00516 int des3_set2key_enc( des3_context *ctx, 00517 const unsigned char key[DES_KEY_SIZE * 2] ) 00518 { 00519 uint32_t sk[96]; 00520 00521 des3_set2key( ctx->sk , sk, key ); 00522 memset( sk, 0, sizeof( sk ) ); 00523 00524 return( 0 ); 00525 } 00526 00527 /* 00528 * Triple-DES key schedule (112-bit, decryption) 00529 */ 00530 int des3_set2key_dec( des3_context *ctx, 00531 const unsigned char key[DES_KEY_SIZE * 2] ) 00532 { 00533 uint32_t sk[96]; 00534 00535 des3_set2key( sk, ctx->sk , key ); 00536 memset( sk, 0, sizeof( sk ) ); 00537 00538 return( 0 ); 00539 } 00540 00541 static void des3_set3key( uint32_t esk[96], 00542 uint32_t dsk[96], 00543 const unsigned char key[24] ) 00544 { 00545 int i; 00546 00547 des_setkey( esk, key ); 00548 des_setkey( dsk + 32, key + 8 ); 00549 des_setkey( esk + 64, key + 16 ); 00550 00551 for( i = 0; i < 32; i += 2 ) 00552 { 00553 dsk[i ] = esk[94 - i]; 00554 dsk[i + 1] = esk[95 - i]; 00555 00556 esk[i + 32] = dsk[62 - i]; 00557 esk[i + 33] = dsk[63 - i]; 00558 00559 dsk[i + 64] = esk[30 - i]; 00560 dsk[i + 65] = esk[31 - i]; 00561 } 00562 } 00563 00564 /* 00565 * Triple-DES key schedule (168-bit, encryption) 00566 */ 00567 int des3_set3key_enc( des3_context *ctx, 00568 const unsigned char key[DES_KEY_SIZE * 3] ) 00569 { 00570 uint32_t sk[96]; 00571 00572 des3_set3key( ctx->sk , sk, key ); 00573 memset( sk, 0, sizeof( sk ) ); 00574 00575 return( 0 ); 00576 } 00577 00578 /* 00579 * Triple-DES key schedule (168-bit, decryption) 00580 */ 00581 int des3_set3key_dec( des3_context *ctx, 00582 const unsigned char key[DES_KEY_SIZE * 3] ) 00583 { 00584 uint32_t sk[96]; 00585 00586 des3_set3key( sk, ctx->sk , key ); 00587 memset( sk, 0, sizeof( sk ) ); 00588 00589 return( 0 ); 00590 } 00591 00592 /* 00593 * DES-ECB block encryption/decryption 00594 */ 00595 int des_crypt_ecb( des_context *ctx, 00596 const unsigned char input[8], 00597 unsigned char output[8] ) 00598 { 00599 int i; 00600 uint32_t X, Y, T, *SK; 00601 00602 SK = ctx->sk ; 00603 00604 GET_UINT32_BE( X, input, 0 ); 00605 GET_UINT32_BE( Y, input, 4 ); 00606 00607 DES_IP( X, Y ); 00608 00609 for( i = 0; i < 8; i++ ) 00610 { 00611 DES_ROUND( Y, X ); 00612 DES_ROUND( X, Y ); 00613 } 00614 00615 DES_FP( Y, X ); 00616 00617 PUT_UINT32_BE( Y, output, 0 ); 00618 PUT_UINT32_BE( X, output, 4 ); 00619 00620 return( 0 ); 00621 } 00622 00623 #if defined(POLARSSL_CIPHER_MODE_CBC) 00624 /* 00625 * DES-CBC buffer encryption/decryption 00626 */ 00627 int des_crypt_cbc( des_context *ctx, 00628 int mode, 00629 size_t length, 00630 unsigned char iv[8], 00631 const unsigned char *input, 00632 unsigned char *output ) 00633 { 00634 int i; 00635 unsigned char temp[8]; 00636 00637 if( length % 8 ) 00638 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00639 00640 if( mode == DES_ENCRYPT ) 00641 { 00642 while( length > 0 ) 00643 { 00644 for( i = 0; i < 8; i++ ) 00645 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00646 00647 des_crypt_ecb( ctx, output, output ); 00648 memcpy( iv, output, 8 ); 00649 00650 input += 8; 00651 output += 8; 00652 length -= 8; 00653 } 00654 } 00655 else /* DES_DECRYPT */ 00656 { 00657 while( length > 0 ) 00658 { 00659 memcpy( temp, input, 8 ); 00660 des_crypt_ecb( ctx, input, output ); 00661 00662 for( i = 0; i < 8; i++ ) 00663 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00664 00665 memcpy( iv, temp, 8 ); 00666 00667 input += 8; 00668 output += 8; 00669 length -= 8; 00670 } 00671 } 00672 00673 return( 0 ); 00674 } 00675 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00676 00677 /* 00678 * 3DES-ECB block encryption/decryption 00679 */ 00680 int des3_crypt_ecb( des3_context *ctx, 00681 const unsigned char input[8], 00682 unsigned char output[8] ) 00683 { 00684 int i; 00685 uint32_t X, Y, T, *SK; 00686 00687 SK = ctx->sk ; 00688 00689 GET_UINT32_BE( X, input, 0 ); 00690 GET_UINT32_BE( Y, input, 4 ); 00691 00692 DES_IP( X, Y ); 00693 00694 for( i = 0; i < 8; i++ ) 00695 { 00696 DES_ROUND( Y, X ); 00697 DES_ROUND( X, Y ); 00698 } 00699 00700 for( i = 0; i < 8; i++ ) 00701 { 00702 DES_ROUND( X, Y ); 00703 DES_ROUND( Y, X ); 00704 } 00705 00706 for( i = 0; i < 8; i++ ) 00707 { 00708 DES_ROUND( Y, X ); 00709 DES_ROUND( X, Y ); 00710 } 00711 00712 DES_FP( Y, X ); 00713 00714 PUT_UINT32_BE( Y, output, 0 ); 00715 PUT_UINT32_BE( X, output, 4 ); 00716 00717 return( 0 ); 00718 } 00719 00720 #if defined(POLARSSL_CIPHER_MODE_CBC) 00721 /* 00722 * 3DES-CBC buffer encryption/decryption 00723 */ 00724 int des3_crypt_cbc( des3_context *ctx, 00725 int mode, 00726 size_t length, 00727 unsigned char iv[8], 00728 const unsigned char *input, 00729 unsigned char *output ) 00730 { 00731 int i; 00732 unsigned char temp[8]; 00733 00734 if( length % 8 ) 00735 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00736 00737 if( mode == DES_ENCRYPT ) 00738 { 00739 while( length > 0 ) 00740 { 00741 for( i = 0; i < 8; i++ ) 00742 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00743 00744 des3_crypt_ecb( ctx, output, output ); 00745 memcpy( iv, output, 8 ); 00746 00747 input += 8; 00748 output += 8; 00749 length -= 8; 00750 } 00751 } 00752 else /* DES_DECRYPT */ 00753 { 00754 while( length > 0 ) 00755 { 00756 memcpy( temp, input, 8 ); 00757 des3_crypt_ecb( ctx, input, output ); 00758 00759 for( i = 0; i < 8; i++ ) 00760 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00761 00762 memcpy( iv, temp, 8 ); 00763 00764 input += 8; 00765 output += 8; 00766 length -= 8; 00767 } 00768 } 00769 00770 return( 0 ); 00771 } 00772 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00773 00774 #endif /* !POLARSSL_DES_ALT */ 00775 00776 #if defined(POLARSSL_SELF_TEST) 00777 00778 #include <stdio.h> 00779 00780 /* 00781 * DES and 3DES test vectors from: 00782 * 00783 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00784 */ 00785 static const unsigned char des3_test_keys[24] = 00786 { 00787 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00788 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00789 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00790 }; 00791 00792 static const unsigned char des3_test_buf[8] = 00793 { 00794 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00795 }; 00796 00797 static const unsigned char des3_test_ecb_dec[3][8] = 00798 { 00799 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, 00800 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, 00801 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } 00802 }; 00803 00804 static const unsigned char des3_test_ecb_enc[3][8] = 00805 { 00806 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, 00807 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, 00808 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } 00809 }; 00810 00811 #if defined(POLARSSL_CIPHER_MODE_CBC) 00812 static const unsigned char des3_test_iv[8] = 00813 { 00814 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00815 }; 00816 00817 static const unsigned char des3_test_cbc_dec[3][8] = 00818 { 00819 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, 00820 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, 00821 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } 00822 }; 00823 00824 static const unsigned char des3_test_cbc_enc[3][8] = 00825 { 00826 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, 00827 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, 00828 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } 00829 }; 00830 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00831 00832 /* 00833 * Checkup routine 00834 */ 00835 int des_self_test( int verbose ) 00836 { 00837 int i, j, u, v; 00838 des_context ctx; 00839 des3_context ctx3; 00840 unsigned char key[24]; 00841 unsigned char buf[8]; 00842 #if defined(POLARSSL_CIPHER_MODE_CBC) 00843 unsigned char prv[8]; 00844 unsigned char iv[8]; 00845 #endif 00846 00847 memset( key, 0, 24 ); 00848 00849 /* 00850 * ECB mode 00851 */ 00852 for( i = 0; i < 6; i++ ) 00853 { 00854 u = i >> 1; 00855 v = i & 1; 00856 00857 if( verbose != 0 ) 00858 polarssl_printf( " DES%c-ECB-%3d (%s): ", 00859 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00860 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00861 00862 memcpy( buf, des3_test_buf, 8 ); 00863 00864 switch( i ) 00865 { 00866 case 0: 00867 des_setkey_dec( &ctx, des3_test_keys ); 00868 break; 00869 00870 case 1: 00871 des_setkey_enc( &ctx, des3_test_keys ); 00872 break; 00873 00874 case 2: 00875 des3_set2key_dec( &ctx3, des3_test_keys ); 00876 break; 00877 00878 case 3: 00879 des3_set2key_enc( &ctx3, des3_test_keys ); 00880 break; 00881 00882 case 4: 00883 des3_set3key_dec( &ctx3, des3_test_keys ); 00884 break; 00885 00886 case 5: 00887 des3_set3key_enc( &ctx3, des3_test_keys ); 00888 break; 00889 00890 default: 00891 return( 1 ); 00892 } 00893 00894 for( j = 0; j < 10000; j++ ) 00895 { 00896 if( u == 0 ) 00897 des_crypt_ecb( &ctx, buf, buf ); 00898 else 00899 des3_crypt_ecb( &ctx3, buf, buf ); 00900 } 00901 00902 if( ( v == DES_DECRYPT && 00903 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00904 ( v != DES_DECRYPT && 00905 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00906 { 00907 if( verbose != 0 ) 00908 polarssl_printf( "failed\n" ); 00909 00910 return( 1 ); 00911 } 00912 00913 if( verbose != 0 ) 00914 polarssl_printf( "passed\n" ); 00915 } 00916 00917 if( verbose != 0 ) 00918 polarssl_printf( "\n" ); 00919 00920 #if defined(POLARSSL_CIPHER_MODE_CBC) 00921 /* 00922 * CBC mode 00923 */ 00924 for( i = 0; i < 6; i++ ) 00925 { 00926 u = i >> 1; 00927 v = i & 1; 00928 00929 if( verbose != 0 ) 00930 polarssl_printf( " DES%c-CBC-%3d (%s): ", 00931 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00932 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00933 00934 memcpy( iv, des3_test_iv, 8 ); 00935 memcpy( prv, des3_test_iv, 8 ); 00936 memcpy( buf, des3_test_buf, 8 ); 00937 00938 switch( i ) 00939 { 00940 case 0: 00941 des_setkey_dec( &ctx, des3_test_keys ); 00942 break; 00943 00944 case 1: 00945 des_setkey_enc( &ctx, des3_test_keys ); 00946 break; 00947 00948 case 2: 00949 des3_set2key_dec( &ctx3, des3_test_keys ); 00950 break; 00951 00952 case 3: 00953 des3_set2key_enc( &ctx3, des3_test_keys ); 00954 break; 00955 00956 case 4: 00957 des3_set3key_dec( &ctx3, des3_test_keys ); 00958 break; 00959 00960 case 5: 00961 des3_set3key_enc( &ctx3, des3_test_keys ); 00962 break; 00963 00964 default: 00965 return( 1 ); 00966 } 00967 00968 if( v == DES_DECRYPT ) 00969 { 00970 for( j = 0; j < 10000; j++ ) 00971 { 00972 if( u == 0 ) 00973 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 00974 else 00975 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 00976 } 00977 } 00978 else 00979 { 00980 for( j = 0; j < 10000; j++ ) 00981 { 00982 unsigned char tmp[8]; 00983 00984 if( u == 0 ) 00985 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 00986 else 00987 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 00988 00989 memcpy( tmp, prv, 8 ); 00990 memcpy( prv, buf, 8 ); 00991 memcpy( buf, tmp, 8 ); 00992 } 00993 00994 memcpy( buf, prv, 8 ); 00995 } 00996 00997 if( ( v == DES_DECRYPT && 00998 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 00999 ( v != DES_DECRYPT && 01000 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 01001 { 01002 if( verbose != 0 ) 01003 polarssl_printf( "failed\n" ); 01004 01005 return( 1 ); 01006 } 01007 01008 if( verbose != 0 ) 01009 polarssl_printf( "passed\n" ); 01010 } 01011 #endif /* POLARSSL_CIPHER_MODE_CBC */ 01012 01013 if( verbose != 0 ) 01014 polarssl_printf( "\n" ); 01015 01016 return( 0 ); 01017 } 01018 01019 #endif /* POLARSSL_SELF_TEST */ 01020 01021 #endif /* POLARSSL_DES_C */ 01022 01023
Generated on Tue Jul 12 2022 19:40:15 by
1.7.2