Doug Anson
mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
Embed:
(wiki syntax)
Show/hide line numbers
des.c
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved 00005 * 00006 * This file is part of mbed TLS (https://tls.mbed.org) 00007 * 00008 * This program is free software; you can redistribute it and/or modify 00009 * it under the terms of the GNU General Public License as published by 00010 * the Free Software Foundation; either version 2 of the License, or 00011 * (at your option) any later version. 00012 * 00013 * This program is distributed in the hope that it will be useful, 00014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00016 * GNU General Public License for more details. 00017 * 00018 * You should have received a copy of the GNU General Public License along 00019 * with this program; if not, write to the Free Software Foundation, Inc., 00020 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00021 */ 00022 /* 00023 * DES, on which TDES is based, was originally designed by Horst Feistel 00024 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00025 * 00026 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00027 */ 00028 00029 #if !defined(POLARSSL_CONFIG_FILE) 00030 #include "polarssl/config.h" 00031 #else 00032 #include POLARSSL_CONFIG_FILE 00033 #endif 00034 00035 #if defined(POLARSSL_DES_C) 00036 00037 #include "polarssl/des.h" 00038 00039 #include <string.h> 00040 00041 #if defined(POLARSSL_SELF_TEST) 00042 #if defined(POLARSSL_PLATFORM_C) 00043 #include "polarssl/platform.h" 00044 #else 00045 #include <stdio.h> 00046 #define polarssl_printf printf 00047 #endif /* POLARSSL_PLATFORM_C */ 00048 #endif /* POLARSSL_SELF_TEST */ 00049 00050 #if !defined(POLARSSL_DES_ALT) 00051 00052 /* Implementation that should never be optimized out by the compiler */ 00053 static void polarssl_zeroize( void *v, size_t n ) { 00054 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00055 } 00056 00057 /* 00058 * 32-bit integer manipulation macros (big endian) 00059 */ 00060 #ifndef GET_UINT32_BE 00061 #define GET_UINT32_BE(n,b,i) \ 00062 { \ 00063 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00064 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00065 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00066 | ( (uint32_t) (b)[(i) + 3] ); \ 00067 } 00068 #endif 00069 00070 #ifndef PUT_UINT32_BE 00071 #define PUT_UINT32_BE(n,b,i) \ 00072 { \ 00073 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00074 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00075 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00076 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00077 } 00078 #endif 00079 00080 /* 00081 * Expanded DES S-boxes 00082 */ 00083 static const uint32_t SB1[64] = 00084 { 00085 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00086 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00087 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00088 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00089 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00090 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00091 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00092 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00093 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00094 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00095 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00096 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00097 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00098 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00099 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00100 0x00010004, 0x00010400, 0x00000000, 0x01010004 00101 }; 00102 00103 static const uint32_t SB2[64] = 00104 { 00105 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00106 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00107 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00108 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00109 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00110 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00111 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00112 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00113 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00114 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00115 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00116 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00117 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00118 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00119 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00120 0x80000000, 0x80100020, 0x80108020, 0x00108000 00121 }; 00122 00123 static const uint32_t SB3[64] = 00124 { 00125 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00126 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00127 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00128 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00129 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00130 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00131 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00132 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00133 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00134 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00135 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00136 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00137 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00138 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00139 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00140 0x00020208, 0x00000008, 0x08020008, 0x00020200 00141 }; 00142 00143 static const uint32_t SB4[64] = 00144 { 00145 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00146 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00147 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00148 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00149 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00150 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00151 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00152 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00153 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00155 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00156 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00157 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00158 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00159 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00160 0x00000080, 0x00800000, 0x00002000, 0x00802080 00161 }; 00162 00163 static const uint32_t SB5[64] = 00164 { 00165 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00166 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00167 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00168 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00169 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00170 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00171 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00172 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00173 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00174 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00175 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00176 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00177 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00178 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00179 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00180 0x00000000, 0x40080000, 0x02080100, 0x40000100 00181 }; 00182 00183 static const uint32_t SB6[64] = 00184 { 00185 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00186 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00187 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00188 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00189 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00190 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00191 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00192 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00193 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00194 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00195 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00196 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00197 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00198 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00199 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00200 0x20404000, 0x20000000, 0x00400010, 0x20004010 00201 }; 00202 00203 static const uint32_t SB7[64] = 00204 { 00205 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00206 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00207 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00208 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00209 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00210 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00211 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00212 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00213 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00214 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00215 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00216 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00217 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00218 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00219 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00220 0x04000002, 0x04000800, 0x00000800, 0x00200002 00221 }; 00222 00223 static const uint32_t SB8[64] = 00224 { 00225 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00226 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00227 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00228 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00229 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00230 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00231 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00232 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00233 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00234 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00235 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00236 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00237 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00238 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00239 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00240 0x00001040, 0x00040040, 0x10000000, 0x10041000 00241 }; 00242 00243 /* 00244 * PC1: left and right halves bit-swap 00245 */ 00246 static const uint32_t LHs[16] = 00247 { 00248 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00249 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00250 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00251 0x01010000, 0x01010001, 0x01010100, 0x01010101 00252 }; 00253 00254 static const uint32_t RHs[16] = 00255 { 00256 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00257 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00258 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00259 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00260 }; 00261 00262 /* 00263 * Initial Permutation macro 00264 */ 00265 #define DES_IP(X,Y) \ 00266 { \ 00267 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00268 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00269 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00270 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00271 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ 00272 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ 00273 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ 00274 } 00275 00276 /* 00277 * Final Permutation macro 00278 */ 00279 #define DES_FP(X,Y) \ 00280 { \ 00281 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ 00282 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ 00283 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ 00284 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00285 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00286 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00287 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00288 } 00289 00290 /* 00291 * DES round macro 00292 */ 00293 #define DES_ROUND(X,Y) \ 00294 { \ 00295 T = *SK++ ^ X; \ 00296 Y ^= SB8[ (T ) & 0x3F ] ^ \ 00297 SB6[ (T >> 8) & 0x3F ] ^ \ 00298 SB4[ (T >> 16) & 0x3F ] ^ \ 00299 SB2[ (T >> 24) & 0x3F ]; \ 00300 \ 00301 T = *SK++ ^ ((X << 28) | (X >> 4)); \ 00302 Y ^= SB7[ (T ) & 0x3F ] ^ \ 00303 SB5[ (T >> 8) & 0x3F ] ^ \ 00304 SB3[ (T >> 16) & 0x3F ] ^ \ 00305 SB1[ (T >> 24) & 0x3F ]; \ 00306 } 00307 00308 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; } 00309 00310 void des_init( des_context *ctx ) 00311 { 00312 memset( ctx, 0, sizeof( des_context ) ); 00313 } 00314 00315 void des_free( des_context *ctx ) 00316 { 00317 if( ctx == NULL ) 00318 return; 00319 00320 polarssl_zeroize( ctx, sizeof( des_context ) ); 00321 } 00322 00323 void des3_init( des3_context *ctx ) 00324 { 00325 memset( ctx, 0, sizeof( des3_context ) ); 00326 } 00327 00328 void des3_free( des3_context *ctx ) 00329 { 00330 if( ctx == NULL ) 00331 return; 00332 00333 polarssl_zeroize( ctx, sizeof( des3_context ) ); 00334 } 00335 00336 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00337 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00338 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00339 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00340 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00341 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00342 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00343 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00344 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00345 254 }; 00346 00347 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ) 00348 { 00349 int i; 00350 00351 for( i = 0; i < DES_KEY_SIZE; i++ ) 00352 key[i] = odd_parity_table[key[i] / 2]; 00353 } 00354 00355 /* 00356 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00357 */ 00358 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] ) 00359 { 00360 int i; 00361 00362 for( i = 0; i < DES_KEY_SIZE; i++ ) 00363 if( key[i] != odd_parity_table[key[i] / 2] ) 00364 return( 1 ); 00365 00366 return( 0 ); 00367 } 00368 00369 /* 00370 * Table of weak and semi-weak keys 00371 * 00372 * Source: http://en.wikipedia.org/wiki/Weak_key 00373 * 00374 * Weak: 00375 * Alternating ones + zeros (0x0101010101010101) 00376 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00377 * '0xE0E0E0E0F1F1F1F1' 00378 * '0x1F1F1F1F0E0E0E0E' 00379 * 00380 * Semi-weak: 00381 * 0x011F011F010E010E and 0x1F011F010E010E01 00382 * 0x01E001E001F101F1 and 0xE001E001F101F101 00383 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00384 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00385 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00386 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00387 * 00388 */ 00389 00390 #define WEAK_KEY_COUNT 16 00391 00392 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] = 00393 { 00394 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00395 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00396 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00397 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00398 00399 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00400 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00401 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00402 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00403 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00404 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00405 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00406 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00407 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00408 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00409 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00410 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00411 }; 00412 00413 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] ) 00414 { 00415 int i; 00416 00417 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00418 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0 ) 00419 return( 1 ); 00420 00421 return( 0 ); 00422 } 00423 00424 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] ) 00425 { 00426 int i; 00427 uint32_t X, Y, T; 00428 00429 GET_UINT32_BE( X, key, 0 ); 00430 GET_UINT32_BE( Y, key, 4 ); 00431 00432 /* 00433 * Permuted Choice 1 00434 */ 00435 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00436 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00437 00438 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00439 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00440 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00441 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00442 00443 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00444 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00445 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00446 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00447 00448 X &= 0x0FFFFFFF; 00449 Y &= 0x0FFFFFFF; 00450 00451 /* 00452 * calculate subkeys 00453 */ 00454 for( i = 0; i < 16; i++ ) 00455 { 00456 if( i < 2 || i == 8 || i == 15 ) 00457 { 00458 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00459 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00460 } 00461 else 00462 { 00463 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00464 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00465 } 00466 00467 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00468 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00469 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00470 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00471 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00472 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00473 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00474 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00475 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00476 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00477 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00478 00479 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00480 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00481 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00482 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00483 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00484 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00485 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00486 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00487 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00488 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00489 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00490 } 00491 } 00492 00493 /* 00494 * DES key schedule (56-bit, encryption) 00495 */ 00496 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00497 { 00498 des_setkey( ctx->sk , key ); 00499 00500 return( 0 ); 00501 } 00502 00503 /* 00504 * DES key schedule (56-bit, decryption) 00505 */ 00506 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00507 { 00508 int i; 00509 00510 des_setkey( ctx->sk , key ); 00511 00512 for( i = 0; i < 16; i += 2 ) 00513 { 00514 SWAP( ctx->sk [i ], ctx->sk [30 - i] ); 00515 SWAP( ctx->sk [i + 1], ctx->sk [31 - i] ); 00516 } 00517 00518 return( 0 ); 00519 } 00520 00521 static void des3_set2key( uint32_t esk[96], 00522 uint32_t dsk[96], 00523 const unsigned char key[DES_KEY_SIZE*2] ) 00524 { 00525 int i; 00526 00527 des_setkey( esk, key ); 00528 des_setkey( dsk + 32, key + 8 ); 00529 00530 for( i = 0; i < 32; i += 2 ) 00531 { 00532 dsk[i ] = esk[30 - i]; 00533 dsk[i + 1] = esk[31 - i]; 00534 00535 esk[i + 32] = dsk[62 - i]; 00536 esk[i + 33] = dsk[63 - i]; 00537 00538 esk[i + 64] = esk[i ]; 00539 esk[i + 65] = esk[i + 1]; 00540 00541 dsk[i + 64] = dsk[i ]; 00542 dsk[i + 65] = dsk[i + 1]; 00543 } 00544 } 00545 00546 /* 00547 * Triple-DES key schedule (112-bit, encryption) 00548 */ 00549 int des3_set2key_enc( des3_context *ctx, 00550 const unsigned char key[DES_KEY_SIZE * 2] ) 00551 { 00552 uint32_t sk[96]; 00553 00554 des3_set2key( ctx->sk , sk, key ); 00555 polarssl_zeroize( sk, sizeof( sk ) ); 00556 00557 return( 0 ); 00558 } 00559 00560 /* 00561 * Triple-DES key schedule (112-bit, decryption) 00562 */ 00563 int des3_set2key_dec( des3_context *ctx, 00564 const unsigned char key[DES_KEY_SIZE * 2] ) 00565 { 00566 uint32_t sk[96]; 00567 00568 des3_set2key( sk, ctx->sk , key ); 00569 polarssl_zeroize( sk, sizeof( sk ) ); 00570 00571 return( 0 ); 00572 } 00573 00574 static void des3_set3key( uint32_t esk[96], 00575 uint32_t dsk[96], 00576 const unsigned char key[24] ) 00577 { 00578 int i; 00579 00580 des_setkey( esk, key ); 00581 des_setkey( dsk + 32, key + 8 ); 00582 des_setkey( esk + 64, key + 16 ); 00583 00584 for( i = 0; i < 32; i += 2 ) 00585 { 00586 dsk[i ] = esk[94 - i]; 00587 dsk[i + 1] = esk[95 - i]; 00588 00589 esk[i + 32] = dsk[62 - i]; 00590 esk[i + 33] = dsk[63 - i]; 00591 00592 dsk[i + 64] = esk[30 - i]; 00593 dsk[i + 65] = esk[31 - i]; 00594 } 00595 } 00596 00597 /* 00598 * Triple-DES key schedule (168-bit, encryption) 00599 */ 00600 int des3_set3key_enc( des3_context *ctx, 00601 const unsigned char key[DES_KEY_SIZE * 3] ) 00602 { 00603 uint32_t sk[96]; 00604 00605 des3_set3key( ctx->sk , sk, key ); 00606 polarssl_zeroize( sk, sizeof( sk ) ); 00607 00608 return( 0 ); 00609 } 00610 00611 /* 00612 * Triple-DES key schedule (168-bit, decryption) 00613 */ 00614 int des3_set3key_dec( des3_context *ctx, 00615 const unsigned char key[DES_KEY_SIZE * 3] ) 00616 { 00617 uint32_t sk[96]; 00618 00619 des3_set3key( sk, ctx->sk , key ); 00620 polarssl_zeroize( sk, sizeof( sk ) ); 00621 00622 return( 0 ); 00623 } 00624 00625 /* 00626 * DES-ECB block encryption/decryption 00627 */ 00628 int des_crypt_ecb( des_context *ctx, 00629 const unsigned char input[8], 00630 unsigned char output[8] ) 00631 { 00632 int i; 00633 uint32_t X, Y, T, *SK; 00634 00635 SK = ctx->sk ; 00636 00637 GET_UINT32_BE( X, input, 0 ); 00638 GET_UINT32_BE( Y, input, 4 ); 00639 00640 DES_IP( X, Y ); 00641 00642 for( i = 0; i < 8; i++ ) 00643 { 00644 DES_ROUND( Y, X ); 00645 DES_ROUND( X, Y ); 00646 } 00647 00648 DES_FP( Y, X ); 00649 00650 PUT_UINT32_BE( Y, output, 0 ); 00651 PUT_UINT32_BE( X, output, 4 ); 00652 00653 return( 0 ); 00654 } 00655 00656 #if defined(POLARSSL_CIPHER_MODE_CBC) 00657 /* 00658 * DES-CBC buffer encryption/decryption 00659 */ 00660 int des_crypt_cbc( des_context *ctx, 00661 int mode, 00662 size_t length, 00663 unsigned char iv[8], 00664 const unsigned char *input, 00665 unsigned char *output ) 00666 { 00667 int i; 00668 unsigned char temp[8]; 00669 00670 if( length % 8 ) 00671 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00672 00673 if( mode == DES_ENCRYPT ) 00674 { 00675 while( length > 0 ) 00676 { 00677 for( i = 0; i < 8; i++ ) 00678 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00679 00680 des_crypt_ecb( ctx, output, output ); 00681 memcpy( iv, output, 8 ); 00682 00683 input += 8; 00684 output += 8; 00685 length -= 8; 00686 } 00687 } 00688 else /* DES_DECRYPT */ 00689 { 00690 while( length > 0 ) 00691 { 00692 memcpy( temp, input, 8 ); 00693 des_crypt_ecb( ctx, input, output ); 00694 00695 for( i = 0; i < 8; i++ ) 00696 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00697 00698 memcpy( iv, temp, 8 ); 00699 00700 input += 8; 00701 output += 8; 00702 length -= 8; 00703 } 00704 } 00705 00706 return( 0 ); 00707 } 00708 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00709 00710 /* 00711 * 3DES-ECB block encryption/decryption 00712 */ 00713 int des3_crypt_ecb( des3_context *ctx, 00714 const unsigned char input[8], 00715 unsigned char output[8] ) 00716 { 00717 int i; 00718 uint32_t X, Y, T, *SK; 00719 00720 SK = ctx->sk ; 00721 00722 GET_UINT32_BE( X, input, 0 ); 00723 GET_UINT32_BE( Y, input, 4 ); 00724 00725 DES_IP( X, Y ); 00726 00727 for( i = 0; i < 8; i++ ) 00728 { 00729 DES_ROUND( Y, X ); 00730 DES_ROUND( X, Y ); 00731 } 00732 00733 for( i = 0; i < 8; i++ ) 00734 { 00735 DES_ROUND( X, Y ); 00736 DES_ROUND( Y, X ); 00737 } 00738 00739 for( i = 0; i < 8; i++ ) 00740 { 00741 DES_ROUND( Y, X ); 00742 DES_ROUND( X, Y ); 00743 } 00744 00745 DES_FP( Y, X ); 00746 00747 PUT_UINT32_BE( Y, output, 0 ); 00748 PUT_UINT32_BE( X, output, 4 ); 00749 00750 return( 0 ); 00751 } 00752 00753 #if defined(POLARSSL_CIPHER_MODE_CBC) 00754 /* 00755 * 3DES-CBC buffer encryption/decryption 00756 */ 00757 int des3_crypt_cbc( des3_context *ctx, 00758 int mode, 00759 size_t length, 00760 unsigned char iv[8], 00761 const unsigned char *input, 00762 unsigned char *output ) 00763 { 00764 int i; 00765 unsigned char temp[8]; 00766 00767 if( length % 8 ) 00768 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00769 00770 if( mode == DES_ENCRYPT ) 00771 { 00772 while( length > 0 ) 00773 { 00774 for( i = 0; i < 8; i++ ) 00775 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00776 00777 des3_crypt_ecb( ctx, output, output ); 00778 memcpy( iv, output, 8 ); 00779 00780 input += 8; 00781 output += 8; 00782 length -= 8; 00783 } 00784 } 00785 else /* DES_DECRYPT */ 00786 { 00787 while( length > 0 ) 00788 { 00789 memcpy( temp, input, 8 ); 00790 des3_crypt_ecb( ctx, input, output ); 00791 00792 for( i = 0; i < 8; i++ ) 00793 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00794 00795 memcpy( iv, temp, 8 ); 00796 00797 input += 8; 00798 output += 8; 00799 length -= 8; 00800 } 00801 } 00802 00803 return( 0 ); 00804 } 00805 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00806 00807 #endif /* !POLARSSL_DES_ALT */ 00808 00809 #if defined(POLARSSL_SELF_TEST) 00810 /* 00811 * DES and 3DES test vectors from: 00812 * 00813 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00814 */ 00815 static const unsigned char des3_test_keys[24] = 00816 { 00817 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00818 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00819 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00820 }; 00821 00822 static const unsigned char des3_test_buf[8] = 00823 { 00824 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00825 }; 00826 00827 static const unsigned char des3_test_ecb_dec[3][8] = 00828 { 00829 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, 00830 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, 00831 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } 00832 }; 00833 00834 static const unsigned char des3_test_ecb_enc[3][8] = 00835 { 00836 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, 00837 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, 00838 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } 00839 }; 00840 00841 #if defined(POLARSSL_CIPHER_MODE_CBC) 00842 static const unsigned char des3_test_iv[8] = 00843 { 00844 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00845 }; 00846 00847 static const unsigned char des3_test_cbc_dec[3][8] = 00848 { 00849 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, 00850 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, 00851 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } 00852 }; 00853 00854 static const unsigned char des3_test_cbc_enc[3][8] = 00855 { 00856 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, 00857 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, 00858 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } 00859 }; 00860 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00861 00862 /* 00863 * Checkup routine 00864 */ 00865 int des_self_test( int verbose ) 00866 { 00867 int i, j, u, v, ret = 0; 00868 des_context ctx; 00869 des3_context ctx3; 00870 unsigned char buf[8]; 00871 #if defined(POLARSSL_CIPHER_MODE_CBC) 00872 unsigned char prv[8]; 00873 unsigned char iv[8]; 00874 #endif 00875 00876 des_init( &ctx ); 00877 des3_init( &ctx3 ); 00878 /* 00879 * ECB mode 00880 */ 00881 for( i = 0; i < 6; i++ ) 00882 { 00883 u = i >> 1; 00884 v = i & 1; 00885 00886 if( verbose != 0 ) 00887 polarssl_printf( " DES%c-ECB-%3d (%s): ", 00888 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00889 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00890 00891 memcpy( buf, des3_test_buf, 8 ); 00892 00893 switch( i ) 00894 { 00895 case 0: 00896 des_setkey_dec( &ctx, des3_test_keys ); 00897 break; 00898 00899 case 1: 00900 des_setkey_enc( &ctx, des3_test_keys ); 00901 break; 00902 00903 case 2: 00904 des3_set2key_dec( &ctx3, des3_test_keys ); 00905 break; 00906 00907 case 3: 00908 des3_set2key_enc( &ctx3, des3_test_keys ); 00909 break; 00910 00911 case 4: 00912 des3_set3key_dec( &ctx3, des3_test_keys ); 00913 break; 00914 00915 case 5: 00916 des3_set3key_enc( &ctx3, des3_test_keys ); 00917 break; 00918 00919 default: 00920 return( 1 ); 00921 } 00922 00923 for( j = 0; j < 10000; j++ ) 00924 { 00925 if( u == 0 ) 00926 des_crypt_ecb( &ctx, buf, buf ); 00927 else 00928 des3_crypt_ecb( &ctx3, buf, buf ); 00929 } 00930 00931 if( ( v == DES_DECRYPT && 00932 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00933 ( v != DES_DECRYPT && 00934 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00935 { 00936 if( verbose != 0 ) 00937 polarssl_printf( "failed\n" ); 00938 00939 ret = 1; 00940 goto exit; 00941 } 00942 00943 if( verbose != 0 ) 00944 polarssl_printf( "passed\n" ); 00945 } 00946 00947 if( verbose != 0 ) 00948 polarssl_printf( "\n" ); 00949 00950 #if defined(POLARSSL_CIPHER_MODE_CBC) 00951 /* 00952 * CBC mode 00953 */ 00954 for( i = 0; i < 6; i++ ) 00955 { 00956 u = i >> 1; 00957 v = i & 1; 00958 00959 if( verbose != 0 ) 00960 polarssl_printf( " DES%c-CBC-%3d (%s): ", 00961 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00962 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00963 00964 memcpy( iv, des3_test_iv, 8 ); 00965 memcpy( prv, des3_test_iv, 8 ); 00966 memcpy( buf, des3_test_buf, 8 ); 00967 00968 switch( i ) 00969 { 00970 case 0: 00971 des_setkey_dec( &ctx, des3_test_keys ); 00972 break; 00973 00974 case 1: 00975 des_setkey_enc( &ctx, des3_test_keys ); 00976 break; 00977 00978 case 2: 00979 des3_set2key_dec( &ctx3, des3_test_keys ); 00980 break; 00981 00982 case 3: 00983 des3_set2key_enc( &ctx3, des3_test_keys ); 00984 break; 00985 00986 case 4: 00987 des3_set3key_dec( &ctx3, des3_test_keys ); 00988 break; 00989 00990 case 5: 00991 des3_set3key_enc( &ctx3, des3_test_keys ); 00992 break; 00993 00994 default: 00995 return( 1 ); 00996 } 00997 00998 if( v == DES_DECRYPT ) 00999 { 01000 for( j = 0; j < 10000; j++ ) 01001 { 01002 if( u == 0 ) 01003 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01004 else 01005 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01006 } 01007 } 01008 else 01009 { 01010 for( j = 0; j < 10000; j++ ) 01011 { 01012 unsigned char tmp[8]; 01013 01014 if( u == 0 ) 01015 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 01016 else 01017 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 01018 01019 memcpy( tmp, prv, 8 ); 01020 memcpy( prv, buf, 8 ); 01021 memcpy( buf, tmp, 8 ); 01022 } 01023 01024 memcpy( buf, prv, 8 ); 01025 } 01026 01027 if( ( v == DES_DECRYPT && 01028 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 01029 ( v != DES_DECRYPT && 01030 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 01031 { 01032 if( verbose != 0 ) 01033 polarssl_printf( "failed\n" ); 01034 01035 ret = 1; 01036 goto exit; 01037 } 01038 01039 if( verbose != 0 ) 01040 polarssl_printf( "passed\n" ); 01041 } 01042 #endif /* POLARSSL_CIPHER_MODE_CBC */ 01043 01044 if( verbose != 0 ) 01045 polarssl_printf( "\n" ); 01046 01047 exit: 01048 des_free( &ctx ); 01049 des3_free( &ctx3 ); 01050 01051 return( ret ); 01052 } 01053 01054 #endif /* POLARSSL_SELF_TEST */ 01055 01056 #endif /* POLARSSL_DES_C */ 01057
Generated on Tue Jul 12 2022 13:50:37 by
1.7.2