Context Navigation

des.c @ 1069

Revision 1069, 29.0 KB checked in by paul, 8 months ago (diff)
Made des_key_check_weak() conform to other functions in return values. Added documentation for des_key_check_weak() and des_key_check_key_parity()

Line
1	/*
2	* FIPS-46-3 compliant Triple-DES implementation
3	*
4	* Copyright (C) 2006-2010, Brainspark B.V.
5	*
6	* This file is part of PolarSSL (http://www.polarssl.org)
7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8	*
9	* All rights reserved.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License along
22	* with this program; if not, write to the Free Software Foundation, Inc.,
23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24	*/
25	/*
26	* DES, on which TDES is based, was originally designed by Horst Feistel
27	* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28	*
29	* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30	*/
31
32	#include "polarssl/config.h"
33
34	#if defined(POLARSSL_DES_C)
35
36	#include "polarssl/des.h"
37
38	/*
39	* 32-bit integer manipulation macros (big endian)
40	*/
41	#ifndef GET_ULONG_BE
42	#define GET_ULONG_BE(n,b,i) \
43	{ \
44	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
45	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
46	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
47	\| ( (unsigned long) (b)[(i) + 3] ); \
48	}
49	#endif
50
51	#ifndef PUT_ULONG_BE
52	#define PUT_ULONG_BE(n,b,i) \
53	{ \
54	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
55	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
56	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
57	(b)[(i) + 3] = (unsigned char) ( (n) ); \
58	}
59	#endif
60
61	/*
62	* Expanded DES S-boxes
63	*/
64	static const unsigned long SB1[64] =
65	{
66	0x01010400, 0x00000000, 0x00010000, 0x01010404,
67	0x01010004, 0x00010404, 0x00000004, 0x00010000,
68	0x00000400, 0x01010400, 0x01010404, 0x00000400,
69	0x01000404, 0x01010004, 0x01000000, 0x00000004,
70	0x00000404, 0x01000400, 0x01000400, 0x00010400,
71	0x00010400, 0x01010000, 0x01010000, 0x01000404,
72	0x00010004, 0x01000004, 0x01000004, 0x00010004,
73	0x00000000, 0x00000404, 0x00010404, 0x01000000,
74	0x00010000, 0x01010404, 0x00000004, 0x01010000,
75	0x01010400, 0x01000000, 0x01000000, 0x00000400,
76	0x01010004, 0x00010000, 0x00010400, 0x01000004,
77	0x00000400, 0x00000004, 0x01000404, 0x00010404,
78	0x01010404, 0x00010004, 0x01010000, 0x01000404,
79	0x01000004, 0x00000404, 0x00010404, 0x01010400,
80	0x00000404, 0x01000400, 0x01000400, 0x00000000,
81	0x00010004, 0x00010400, 0x00000000, 0x01010004
82	};
83
84	static const unsigned long SB2[64] =
85	{
86	0x80108020, 0x80008000, 0x00008000, 0x00108020,
87	0x00100000, 0x00000020, 0x80100020, 0x80008020,
88	0x80000020, 0x80108020, 0x80108000, 0x80000000,
89	0x80008000, 0x00100000, 0x00000020, 0x80100020,
90	0x00108000, 0x00100020, 0x80008020, 0x00000000,
91	0x80000000, 0x00008000, 0x00108020, 0x80100000,
92	0x00100020, 0x80000020, 0x00000000, 0x00108000,
93	0x00008020, 0x80108000, 0x80100000, 0x00008020,
94	0x00000000, 0x00108020, 0x80100020, 0x00100000,
95	0x80008020, 0x80100000, 0x80108000, 0x00008000,
96	0x80100000, 0x80008000, 0x00000020, 0x80108020,
97	0x00108020, 0x00000020, 0x00008000, 0x80000000,
98	0x00008020, 0x80108000, 0x00100000, 0x80000020,
99	0x00100020, 0x80008020, 0x80000020, 0x00100020,
100	0x00108000, 0x00000000, 0x80008000, 0x00008020,
101	0x80000000, 0x80100020, 0x80108020, 0x00108000
102	};
103
104	static const unsigned long SB3[64] =
105	{
106	0x00000208, 0x08020200, 0x00000000, 0x08020008,
107	0x08000200, 0x00000000, 0x00020208, 0x08000200,
108	0x00020008, 0x08000008, 0x08000008, 0x00020000,
109	0x08020208, 0x00020008, 0x08020000, 0x00000208,
110	0x08000000, 0x00000008, 0x08020200, 0x00000200,
111	0x00020200, 0x08020000, 0x08020008, 0x00020208,
112	0x08000208, 0x00020200, 0x00020000, 0x08000208,
113	0x00000008, 0x08020208, 0x00000200, 0x08000000,
114	0x08020200, 0x08000000, 0x00020008, 0x00000208,
115	0x00020000, 0x08020200, 0x08000200, 0x00000000,
116	0x00000200, 0x00020008, 0x08020208, 0x08000200,
117	0x08000008, 0x00000200, 0x00000000, 0x08020008,
118	0x08000208, 0x00020000, 0x08000000, 0x08020208,
119	0x00000008, 0x00020208, 0x00020200, 0x08000008,
120	0x08020000, 0x08000208, 0x00000208, 0x08020000,
121	0x00020208, 0x00000008, 0x08020008, 0x00020200
122	};
123
124	static const unsigned long SB4[64] =
125	{
126	0x00802001, 0x00002081, 0x00002081, 0x00000080,
127	0x00802080, 0x00800081, 0x00800001, 0x00002001,
128	0x00000000, 0x00802000, 0x00802000, 0x00802081,
129	0x00000081, 0x00000000, 0x00800080, 0x00800001,
130	0x00000001, 0x00002000, 0x00800000, 0x00802001,
131	0x00000080, 0x00800000, 0x00002001, 0x00002080,
132	0x00800081, 0x00000001, 0x00002080, 0x00800080,
133	0x00002000, 0x00802080, 0x00802081, 0x00000081,
134	0x00800080, 0x00800001, 0x00802000, 0x00802081,
135	0x00000081, 0x00000000, 0x00000000, 0x00802000,
136	0x00002080, 0x00800080, 0x00800081, 0x00000001,
137	0x00802001, 0x00002081, 0x00002081, 0x00000080,
138	0x00802081, 0x00000081, 0x00000001, 0x00002000,
139	0x00800001, 0x00002001, 0x00802080, 0x00800081,
140	0x00002001, 0x00002080, 0x00800000, 0x00802001,
141	0x00000080, 0x00800000, 0x00002000, 0x00802080
142	};
143
144	static const unsigned long SB5[64] =
145	{
146	0x00000100, 0x02080100, 0x02080000, 0x42000100,
147	0x00080000, 0x00000100, 0x40000000, 0x02080000,
148	0x40080100, 0x00080000, 0x02000100, 0x40080100,
149	0x42000100, 0x42080000, 0x00080100, 0x40000000,
150	0x02000000, 0x40080000, 0x40080000, 0x00000000,
151	0x40000100, 0x42080100, 0x42080100, 0x02000100,
152	0x42080000, 0x40000100, 0x00000000, 0x42000000,
153	0x02080100, 0x02000000, 0x42000000, 0x00080100,
154	0x00080000, 0x42000100, 0x00000100, 0x02000000,
155	0x40000000, 0x02080000, 0x42000100, 0x40080100,
156	0x02000100, 0x40000000, 0x42080000, 0x02080100,
157	0x40080100, 0x00000100, 0x02000000, 0x42080000,
158	0x42080100, 0x00080100, 0x42000000, 0x42080100,
159	0x02080000, 0x00000000, 0x40080000, 0x42000000,
160	0x00080100, 0x02000100, 0x40000100, 0x00080000,
161	0x00000000, 0x40080000, 0x02080100, 0x40000100
162	};
163
164	static const unsigned long SB6[64] =
165	{
166	0x20000010, 0x20400000, 0x00004000, 0x20404010,
167	0x20400000, 0x00000010, 0x20404010, 0x00400000,
168	0x20004000, 0x00404010, 0x00400000, 0x20000010,
169	0x00400010, 0x20004000, 0x20000000, 0x00004010,
170	0x00000000, 0x00400010, 0x20004010, 0x00004000,
171	0x00404000, 0x20004010, 0x00000010, 0x20400010,
172	0x20400010, 0x00000000, 0x00404010, 0x20404000,
173	0x00004010, 0x00404000, 0x20404000, 0x20000000,
174	0x20004000, 0x00000010, 0x20400010, 0x00404000,
175	0x20404010, 0x00400000, 0x00004010, 0x20000010,
176	0x00400000, 0x20004000, 0x20000000, 0x00004010,
177	0x20000010, 0x20404010, 0x00404000, 0x20400000,
178	0x00404010, 0x20404000, 0x00000000, 0x20400010,
179	0x00000010, 0x00004000, 0x20400000, 0x00404010,
180	0x00004000, 0x00400010, 0x20004010, 0x00000000,
181	0x20404000, 0x20000000, 0x00400010, 0x20004010
182	};
183
184	static const unsigned long SB7[64] =
185	{
186	0x00200000, 0x04200002, 0x04000802, 0x00000000,
187	0x00000800, 0x04000802, 0x00200802, 0x04200800,
188	0x04200802, 0x00200000, 0x00000000, 0x04000002,
189	0x00000002, 0x04000000, 0x04200002, 0x00000802,
190	0x04000800, 0x00200802, 0x00200002, 0x04000800,
191	0x04000002, 0x04200000, 0x04200800, 0x00200002,
192	0x04200000, 0x00000800, 0x00000802, 0x04200802,
193	0x00200800, 0x00000002, 0x04000000, 0x00200800,
194	0x04000000, 0x00200800, 0x00200000, 0x04000802,
195	0x04000802, 0x04200002, 0x04200002, 0x00000002,
196	0x00200002, 0x04000000, 0x04000800, 0x00200000,
197	0x04200800, 0x00000802, 0x00200802, 0x04200800,
198	0x00000802, 0x04000002, 0x04200802, 0x04200000,
199	0x00200800, 0x00000000, 0x00000002, 0x04200802,
200	0x00000000, 0x00200802, 0x04200000, 0x00000800,
201	0x04000002, 0x04000800, 0x00000800, 0x00200002
202	};
203
204	static const unsigned long SB8[64] =
205	{
206	0x10001040, 0x00001000, 0x00040000, 0x10041040,
207	0x10000000, 0x10001040, 0x00000040, 0x10000000,
208	0x00040040, 0x10040000, 0x10041040, 0x00041000,
209	0x10041000, 0x00041040, 0x00001000, 0x00000040,
210	0x10040000, 0x10000040, 0x10001000, 0x00001040,
211	0x00041000, 0x00040040, 0x10040040, 0x10041000,
212	0x00001040, 0x00000000, 0x00000000, 0x10040040,
213	0x10000040, 0x10001000, 0x00041040, 0x00040000,
214	0x00041040, 0x00040000, 0x10041000, 0x00001000,
215	0x00000040, 0x10040040, 0x00001000, 0x00041040,
216	0x10001000, 0x00000040, 0x10000040, 0x10040000,
217	0x10040040, 0x10000000, 0x00040000, 0x10001040,
218	0x00000000, 0x10041040, 0x00040040, 0x10000040,
219	0x10040000, 0x10001000, 0x10001040, 0x00000000,
220	0x10041040, 0x00041000, 0x00041000, 0x00001040,
221	0x00001040, 0x00040040, 0x10000000, 0x10041000
222	};
223
224	/*
225	* PC1: left and right halves bit-swap
226	*/
227	static const unsigned long LHs[16] =
228	{
229	0x00000000, 0x00000001, 0x00000100, 0x00000101,
230	0x00010000, 0x00010001, 0x00010100, 0x00010101,
231	0x01000000, 0x01000001, 0x01000100, 0x01000101,
232	0x01010000, 0x01010001, 0x01010100, 0x01010101
233	};
234
235	static const unsigned long RHs[16] =
236	{
237	0x00000000, 0x01000000, 0x00010000, 0x01010000,
238	0x00000100, 0x01000100, 0x00010100, 0x01010100,
239	0x00000001, 0x01000001, 0x00010001, 0x01010001,
240	0x00000101, 0x01000101, 0x00010101, 0x01010101,
241	};
242
243	/*
244	* Initial Permutation macro
245	*/
246	#define DES_IP(X,Y) \
247	{ \
248	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
249	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
250	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
251	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
252	Y = ((Y << 1) \| (Y >> 31)) & 0xFFFFFFFF; \
253	T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
254	X = ((X << 1) \| (X >> 31)) & 0xFFFFFFFF; \
255	}
256
257	/*
258	* Final Permutation macro
259	*/
260	#define DES_FP(X,Y) \
261	{ \
262	X = ((X << 31) \| (X >> 1)) & 0xFFFFFFFF; \
263	T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
264	Y = ((Y << 31) \| (Y >> 1)) & 0xFFFFFFFF; \
265	T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
266	T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
267	T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
268	T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
269	}
270
271	/*
272	* DES round macro
273	*/
274	#define DES_ROUND(X,Y) \
275	{ \
276	T = *SK++ ^ X; \
277	Y ^= SB8[ (T ) & 0x3F ] ^ \
278	SB6[ (T >> 8) & 0x3F ] ^ \
279	SB4[ (T >> 16) & 0x3F ] ^ \
280	SB2[ (T >> 24) & 0x3F ]; \
281	\
282	T = *SK++ ^ ((X << 28) \| (X >> 4)); \
283	Y ^= SB7[ (T ) & 0x3F ] ^ \
284	SB5[ (T >> 8) & 0x3F ] ^ \
285	SB3[ (T >> 16) & 0x3F ] ^ \
286	SB1[ (T >> 24) & 0x3F ]; \
287	}
288
289	#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
290
291	static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
292	11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
293	47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
294	82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
295	115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
296	143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
297	171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
298	199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
299	227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
300	254 };
301
302	void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
303	{
304	int i;
305
306	for( i = 0; i < DES_KEY_SIZE; i++ )
307	key[i] = odd_parity_table[key[i] / 2];
308	}
309
310	/*
311	* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
312	*/
313	int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
314	{
315	int i;
316
317	for( i = 0; i < DES_KEY_SIZE; i++ )
318	if ( key[i] != odd_parity_table[key[i] / 2] )
319	return( 1 );
320
321	return( 0 );
322	}
323
324	/*
325	* Table of weak and semi-weak keys
326	*
327	* Source: http://en.wikipedia.org/wiki/Weak_key
328	*
329	* Weak:
330	* Alternating ones + zeros (0x0101010101010101)
331	* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
332	* '0xE0E0E0E0F1F1F1F1'
333	* '0x1F1F1F1F0E0E0E0E'
334	*
335	* Semi-weak:
336	* 0x011F011F010E010E and 0x1F011F010E010E01
337	* 0x01E001E001F101F1 and 0xE001E001F101F101
338	* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
339	* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
340	* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
341	* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
342	*
343	*/
344
345	#define WEAK_KEY_COUNT 16
346
347	static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
348	{
349	{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
350	{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
351	{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
352	{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
353
354	{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
355	{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
356	{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
357	{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
358	{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
359	{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
360	{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
361	{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
362	{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
363	{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
364	{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
365	{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
366	};
367
368	int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
369	{
370	int i;
371
372	for( i = 0; i < WEAK_KEY_COUNT; i++ )
373	if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
374	return( 1 );
375
376	return( 0 );
377	}
378
379	static void des_setkey( unsigned long SK[32], const unsigned char key[DES_KEY_SIZE] )
380	{
381	int i;
382	unsigned long X, Y, T;
383
384	GET_ULONG_BE( X, key, 0 );
385	GET_ULONG_BE( Y, key, 4 );
386
387	/*
388	* Permuted Choice 1
389	*/
390	T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
391	T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
392
393	X = (LHs[ (X ) & 0xF] << 3) \| (LHs[ (X >> 8) & 0xF ] << 2)
394	\| (LHs[ (X >> 16) & 0xF] << 1) \| (LHs[ (X >> 24) & 0xF ] )
395	\| (LHs[ (X >> 5) & 0xF] << 7) \| (LHs[ (X >> 13) & 0xF ] << 6)
396	\| (LHs[ (X >> 21) & 0xF] << 5) \| (LHs[ (X >> 29) & 0xF ] << 4);
397
398	Y = (RHs[ (Y >> 1) & 0xF] << 3) \| (RHs[ (Y >> 9) & 0xF ] << 2)
399	\| (RHs[ (Y >> 17) & 0xF] << 1) \| (RHs[ (Y >> 25) & 0xF ] )
400	\| (RHs[ (Y >> 4) & 0xF] << 7) \| (RHs[ (Y >> 12) & 0xF ] << 6)
401	\| (RHs[ (Y >> 20) & 0xF] << 5) \| (RHs[ (Y >> 28) & 0xF ] << 4);
402
403	X &= 0x0FFFFFFF;
404	Y &= 0x0FFFFFFF;
405
406	/*
407	* calculate subkeys
408	*/
409	for( i = 0; i < 16; i++ )
410	{
411	if( i < 2 \|\| i == 8 \|\| i == 15 )
412	{
413	X = ((X << 1) \| (X >> 27)) & 0x0FFFFFFF;
414	Y = ((Y << 1) \| (Y >> 27)) & 0x0FFFFFFF;
415	}
416	else
417	{
418	X = ((X << 2) \| (X >> 26)) & 0x0FFFFFFF;
419	Y = ((Y << 2) \| (Y >> 26)) & 0x0FFFFFFF;
420	}
421
422	*SK++ = ((X << 4) & 0x24000000) \| ((X << 28) & 0x10000000)
423	\| ((X << 14) & 0x08000000) \| ((X << 18) & 0x02080000)
424	\| ((X << 6) & 0x01000000) \| ((X << 9) & 0x00200000)
425	\| ((X >> 1) & 0x00100000) \| ((X << 10) & 0x00040000)
426	\| ((X << 2) & 0x00020000) \| ((X >> 10) & 0x00010000)
427	\| ((Y >> 13) & 0x00002000) \| ((Y >> 4) & 0x00001000)
428	\| ((Y << 6) & 0x00000800) \| ((Y >> 1) & 0x00000400)
429	\| ((Y >> 14) & 0x00000200) \| ((Y ) & 0x00000100)
430	\| ((Y >> 5) & 0x00000020) \| ((Y >> 10) & 0x00000010)
431	\| ((Y >> 3) & 0x00000008) \| ((Y >> 18) & 0x00000004)
432	\| ((Y >> 26) & 0x00000002) \| ((Y >> 24) & 0x00000001);
433
434	*SK++ = ((X << 15) & 0x20000000) \| ((X << 17) & 0x10000000)
435	\| ((X << 10) & 0x08000000) \| ((X << 22) & 0x04000000)
436	\| ((X >> 2) & 0x02000000) \| ((X << 1) & 0x01000000)
437	\| ((X << 16) & 0x00200000) \| ((X << 11) & 0x00100000)
438	\| ((X << 3) & 0x00080000) \| ((X >> 6) & 0x00040000)
439	\| ((X << 15) & 0x00020000) \| ((X >> 4) & 0x00010000)
440	\| ((Y >> 2) & 0x00002000) \| ((Y << 8) & 0x00001000)
441	\| ((Y >> 14) & 0x00000808) \| ((Y >> 9) & 0x00000400)
442	\| ((Y ) & 0x00000200) \| ((Y << 7) & 0x00000100)
443	\| ((Y >> 7) & 0x00000020) \| ((Y >> 3) & 0x00000011)
444	\| ((Y << 2) & 0x00000004) \| ((Y >> 21) & 0x00000002);
445	}
446	}
447
448	/*
449	* DES key schedule (56-bit, encryption)
450	*/
451	int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
452	{
453	des_setkey( ctx->sk, key );
454
455	return( 0 );
456	}
457
458	/*
459	* DES key schedule (56-bit, decryption)
460	*/
461	int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
462	{
463	int i;
464
465	des_setkey( ctx->sk, key );
466
467	for( i = 0; i < 16; i += 2 )
468	{
469	SWAP( ctx->sk[i ], ctx->sk[30 - i] );
470	SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
471	}
472
473	return( 0 );
474	}
475
476	static void des3_set2key( unsigned long esk[96],
477	unsigned long dsk[96],
478	const unsigned char key[DES_KEY_SIZE*2] )
479	{
480	int i;
481
482	des_setkey( esk, key );
483	des_setkey( dsk + 32, key + 8 );
484
485	for( i = 0; i < 32; i += 2 )
486	{
487	dsk[i ] = esk[30 - i];
488	dsk[i + 1] = esk[31 - i];
489
490	esk[i + 32] = dsk[62 - i];
491	esk[i + 33] = dsk[63 - i];
492
493	esk[i + 64] = esk[i ];
494	esk[i + 65] = esk[i + 1];
495
496	dsk[i + 64] = dsk[i ];
497	dsk[i + 65] = dsk[i + 1];
498	}
499	}
500
501	/*
502	* Triple-DES key schedule (112-bit, encryption)
503	*/
504	int des3_set2key_enc( des3_context ctx, const unsigned char key[DES_KEY_SIZE 2] )
505	{
506	unsigned long sk[96];
507
508	des3_set2key( ctx->sk, sk, key );
509	memset( sk, 0, sizeof( sk ) );
510
511	return( 0 );
512	}
513
514	/*
515	* Triple-DES key schedule (112-bit, decryption)
516	*/
517	int des3_set2key_dec( des3_context ctx, const unsigned char key[DES_KEY_SIZE 2] )
518	{
519	unsigned long sk[96];
520
521	des3_set2key( sk, ctx->sk, key );
522	memset( sk, 0, sizeof( sk ) );
523
524	return( 0 );
525	}
526
527	static void des3_set3key( unsigned long esk[96],
528	unsigned long dsk[96],
529	const unsigned char key[24] )
530	{
531	int i;
532
533	des_setkey( esk, key );
534	des_setkey( dsk + 32, key + 8 );
535	des_setkey( esk + 64, key + 16 );
536
537	for( i = 0; i < 32; i += 2 )
538	{
539	dsk[i ] = esk[94 - i];
540	dsk[i + 1] = esk[95 - i];
541
542	esk[i + 32] = dsk[62 - i];
543	esk[i + 33] = dsk[63 - i];
544
545	dsk[i + 64] = esk[30 - i];
546	dsk[i + 65] = esk[31 - i];
547	}
548	}
549
550	/*
551	* Triple-DES key schedule (168-bit, encryption)
552	*/
553	int des3_set3key_enc( des3_context ctx, const unsigned char key[DES_KEY_SIZE 3] )
554	{
555	unsigned long sk[96];
556
557	des3_set3key( ctx->sk, sk, key );
558	memset( sk, 0, sizeof( sk ) );
559
560	return( 0 );
561	}
562
563	/*
564	* Triple-DES key schedule (168-bit, decryption)
565	*/
566	int des3_set3key_dec( des3_context ctx, const unsigned char key[DES_KEY_SIZE 3] )
567	{
568	unsigned long sk[96];
569
570	des3_set3key( sk, ctx->sk, key );
571	memset( sk, 0, sizeof( sk ) );
572
573	return( 0 );
574	}
575
576	/*
577	* DES-ECB block encryption/decryption
578	*/
579	int des_crypt_ecb( des_context *ctx,
580	const unsigned char input[8],
581	unsigned char output[8] )
582	{
583	int i;
584	unsigned long X, Y, T, *SK;
585
586	SK = ctx->sk;
587
588	GET_ULONG_BE( X, input, 0 );
589	GET_ULONG_BE( Y, input, 4 );
590
591	DES_IP( X, Y );
592
593	for( i = 0; i < 8; i++ )
594	{
595	DES_ROUND( Y, X );
596	DES_ROUND( X, Y );
597	}
598
599	DES_FP( Y, X );
600
601	PUT_ULONG_BE( Y, output, 0 );
602	PUT_ULONG_BE( X, output, 4 );
603
604	return( 0 );
605	}
606
607	/*
608	* DES-CBC buffer encryption/decryption
609	*/
610	int des_crypt_cbc( des_context *ctx,
611	int mode,
612	size_t length,
613	unsigned char iv[8],
614	const unsigned char *input,
615	unsigned char *output )
616	{
617	int i;
618	unsigned char temp[8];
619
620	if( length % 8 )
621	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
622
623	if( mode == DES_ENCRYPT )
624	{
625	while( length > 0 )
626	{
627	for( i = 0; i < 8; i++ )
628	output[i] = (unsigned char)( input[i] ^ iv[i] );
629
630	des_crypt_ecb( ctx, output, output );
631	memcpy( iv, output, 8 );
632
633	input += 8;
634	output += 8;
635	length -= 8;
636	}
637	}
638	else /* DES_DECRYPT */
639	{
640	while( length > 0 )
641	{
642	memcpy( temp, input, 8 );
643	des_crypt_ecb( ctx, input, output );
644
645	for( i = 0; i < 8; i++ )
646	output[i] = (unsigned char)( output[i] ^ iv[i] );
647
648	memcpy( iv, temp, 8 );
649
650	input += 8;
651	output += 8;
652	length -= 8;
653	}
654	}
655
656	return( 0 );
657	}
658
659	/*
660	* 3DES-ECB block encryption/decryption
661	*/
662	int des3_crypt_ecb( des3_context *ctx,
663	const unsigned char input[8],
664	unsigned char output[8] )
665	{
666	int i;
667	unsigned long X, Y, T, *SK;
668
669	SK = ctx->sk;
670
671	GET_ULONG_BE( X, input, 0 );
672	GET_ULONG_BE( Y, input, 4 );
673
674	DES_IP( X, Y );
675
676	for( i = 0; i < 8; i++ )
677	{
678	DES_ROUND( Y, X );
679	DES_ROUND( X, Y );
680	}
681
682	for( i = 0; i < 8; i++ )
683	{
684	DES_ROUND( X, Y );
685	DES_ROUND( Y, X );
686	}
687
688	for( i = 0; i < 8; i++ )
689	{
690	DES_ROUND( Y, X );
691	DES_ROUND( X, Y );
692	}
693
694	DES_FP( Y, X );
695
696	PUT_ULONG_BE( Y, output, 0 );
697	PUT_ULONG_BE( X, output, 4 );
698
699	return( 0 );
700	}
701
702	/*
703	* 3DES-CBC buffer encryption/decryption
704	*/
705	int des3_crypt_cbc( des3_context *ctx,
706	int mode,
707	size_t length,
708	unsigned char iv[8],
709	const unsigned char *input,
710	unsigned char *output )
711	{
712	int i;
713	unsigned char temp[8];
714
715	if( length % 8 )
716	return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
717
718	if( mode == DES_ENCRYPT )
719	{
720	while( length > 0 )
721	{
722	for( i = 0; i < 8; i++ )
723	output[i] = (unsigned char)( input[i] ^ iv[i] );
724
725	des3_crypt_ecb( ctx, output, output );
726	memcpy( iv, output, 8 );
727
728	input += 8;
729	output += 8;
730	length -= 8;
731	}
732	}
733	else /* DES_DECRYPT */
734	{
735	while( length > 0 )
736	{
737	memcpy( temp, input, 8 );
738	des3_crypt_ecb( ctx, input, output );
739
740	for( i = 0; i < 8; i++ )
741	output[i] = (unsigned char)( output[i] ^ iv[i] );
742
743	memcpy( iv, temp, 8 );
744
745	input += 8;
746	output += 8;
747	length -= 8;
748	}
749	}
750
751	return( 0 );
752	}
753
754	#if defined(POLARSSL_SELF_TEST)
755
756	#include <stdio.h>
757
758	/*
759	* DES and 3DES test vectors from:
760	*
761	* http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
762	*/
763	static const unsigned char des3_test_keys[24] =
764	{
765	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
766	0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
767	0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
768	};
769
770	static const unsigned char des3_test_iv[8] =
771	{
772	0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
773	};
774
775	static const unsigned char des3_test_buf[8] =
776	{
777	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
778	};
779
780	static const unsigned char des3_test_ecb_dec[3][8] =
781	{
782	{ 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
783	{ 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
784	{ 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
785	};
786
787	static const unsigned char des3_test_ecb_enc[3][8] =
788	{
789	{ 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
790	{ 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
791	{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
792	};
793
794	static const unsigned char des3_test_cbc_dec[3][8] =
795	{
796	{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
797	{ 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
798	{ 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
799	};
800
801	static const unsigned char des3_test_cbc_enc[3][8] =
802	{
803	{ 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
804	{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
805	{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
806	};
807
808	/*
809	* Checkup routine
810	*/
811	int des_self_test( int verbose )
812	{
813	int i, j, u, v;
814	des_context ctx;
815	des3_context ctx3;
816	unsigned char key[24];
817	unsigned char buf[8];
818	unsigned char prv[8];
819	unsigned char iv[8];
820
821	memset( key, 0, 24 );
822
823	/*
824	* ECB mode
825	*/
826	for( i = 0; i < 6; i++ )
827	{
828	u = i >> 1;
829	v = i & 1;
830
831	if( verbose != 0 )
832	printf( " DES%c-ECB-%3d (%s): ",
833	( u == 0 ) ? ' ' : '3', 56 + u * 56,
834	( v == DES_DECRYPT ) ? "dec" : "enc" );
835
836	memcpy( buf, des3_test_buf, 8 );
837
838	switch( i )
839	{
840	case 0:
841	des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
842	break;
843
844	case 1:
845	des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
846	break;
847
848	case 2:
849	des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
850	break;
851
852	case 3:
853	des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
854	break;
855
856	case 4:
857	des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
858	break;
859
860	case 5:
861	des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
862	break;
863
864	default:
865	return( 1 );
866	}
867
868	for( j = 0; j < 10000; j++ )
869	{
870	if( u == 0 )
871	des_crypt_ecb( &ctx, buf, buf );
872	else
873	des3_crypt_ecb( &ctx3, buf, buf );
874	}
875
876	if( ( v == DES_DECRYPT &&
877	memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) \|\|
878	( v != DES_DECRYPT &&
879	memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
880	{
881	if( verbose != 0 )
882	printf( "failed\n" );
883
884	return( 1 );
885	}
886
887	if( verbose != 0 )
888	printf( "passed\n" );
889	}
890
891	if( verbose != 0 )
892	printf( "\n" );
893
894	/*
895	* CBC mode
896	*/
897	for( i = 0; i < 6; i++ )
898	{
899	u = i >> 1;
900	v = i & 1;
901
902	if( verbose != 0 )
903	printf( " DES%c-CBC-%3d (%s): ",
904	( u == 0 ) ? ' ' : '3', 56 + u * 56,
905	( v == DES_DECRYPT ) ? "dec" : "enc" );
906
907	memcpy( iv, des3_test_iv, 8 );
908	memcpy( prv, des3_test_iv, 8 );
909	memcpy( buf, des3_test_buf, 8 );
910
911	switch( i )
912	{
913	case 0:
914	des_setkey_dec( &ctx, (unsigned char *) des3_test_keys );
915	break;
916
917	case 1:
918	des_setkey_enc( &ctx, (unsigned char *) des3_test_keys );
919	break;
920
921	case 2:
922	des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys );
923	break;
924
925	case 3:
926	des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys );
927	break;
928
929	case 4:
930	des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys );
931	break;
932
933	case 5:
934	des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys );
935	break;
936
937	default:
938	return( 1 );
939	}
940
941	if( v == DES_DECRYPT )
942	{
943	for( j = 0; j < 10000; j++ )
944	{
945	if( u == 0 )
946	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
947	else
948	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
949	}
950	}
951	else
952	{
953	for( j = 0; j < 10000; j++ )
954	{
955	unsigned char tmp[8];
956
957	if( u == 0 )
958	des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
959	else
960	des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
961
962	memcpy( tmp, prv, 8 );
963	memcpy( prv, buf, 8 );
964	memcpy( buf, tmp, 8 );
965	}
966
967	memcpy( buf, prv, 8 );
968	}
969
970	if( ( v == DES_DECRYPT &&
971	memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) \|\|
972	( v != DES_DECRYPT &&
973	memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
974	{
975	if( verbose != 0 )
976	printf( "failed\n" );
977
978	return( 1 );
979	}
980
981	if( verbose != 0 )
982	printf( "passed\n" );
983	}
984
985	if( verbose != 0 )
986	printf( "\n" );
987
988	return( 0 );
989	}
990
991	#endif
992
993	#endif

Note: See TracBrowser for help on using the repository browser.

PolarSSL

Cryptography and SSL made easy

Context Navigation

source: trunk/library/des.c @ 1069

Download in other formats:

What are you looking for?

Main links

Community links

Documentation

Block cipher sources

Hash sources