PolarSSL v1.1.4
|
00001 /* 00002 * FIPS-46-3 compliant Triple-DES implementation 00003 * 00004 * Copyright (C) 2006-2010, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * DES, on which TDES is based, was originally designed by Horst Feistel 00027 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). 00028 * 00029 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf 00030 */ 00031 00032 #include "polarssl/config.h" 00033 00034 #if defined(POLARSSL_DES_C) 00035 00036 #include "polarssl/des.h" 00037 00038 /* 00039 * 32-bit integer manipulation macros (big endian) 00040 */ 00041 #ifndef GET_ULONG_BE 00042 #define GET_ULONG_BE(n,b,i) \ 00043 { \ 00044 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 00045 | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 00046 | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 00047 | ( (unsigned long) (b)[(i) + 3] ); \ 00048 } 00049 #endif 00050 00051 #ifndef PUT_ULONG_BE 00052 #define PUT_ULONG_BE(n,b,i) \ 00053 { \ 00054 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00055 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00056 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00057 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00058 } 00059 #endif 00060 00061 /* 00062 * Expanded DES S-boxes 00063 */ 00064 static const unsigned long SB1[64] = 00065 { 00066 0x01010400, 0x00000000, 0x00010000, 0x01010404, 00067 0x01010004, 0x00010404, 0x00000004, 0x00010000, 00068 0x00000400, 0x01010400, 0x01010404, 0x00000400, 00069 0x01000404, 0x01010004, 0x01000000, 0x00000004, 00070 0x00000404, 0x01000400, 0x01000400, 0x00010400, 00071 0x00010400, 0x01010000, 0x01010000, 0x01000404, 00072 0x00010004, 0x01000004, 0x01000004, 0x00010004, 00073 0x00000000, 0x00000404, 0x00010404, 0x01000000, 00074 0x00010000, 0x01010404, 0x00000004, 0x01010000, 00075 0x01010400, 0x01000000, 0x01000000, 0x00000400, 00076 0x01010004, 0x00010000, 0x00010400, 0x01000004, 00077 0x00000400, 0x00000004, 0x01000404, 0x00010404, 00078 0x01010404, 0x00010004, 0x01010000, 0x01000404, 00079 0x01000004, 0x00000404, 0x00010404, 0x01010400, 00080 0x00000404, 0x01000400, 0x01000400, 0x00000000, 00081 0x00010004, 0x00010400, 0x00000000, 0x01010004 00082 }; 00083 00084 static const unsigned long SB2[64] = 00085 { 00086 0x80108020, 0x80008000, 0x00008000, 0x00108020, 00087 0x00100000, 0x00000020, 0x80100020, 0x80008020, 00088 0x80000020, 0x80108020, 0x80108000, 0x80000000, 00089 0x80008000, 0x00100000, 0x00000020, 0x80100020, 00090 0x00108000, 0x00100020, 0x80008020, 0x00000000, 00091 0x80000000, 0x00008000, 0x00108020, 0x80100000, 00092 0x00100020, 0x80000020, 0x00000000, 0x00108000, 00093 0x00008020, 0x80108000, 0x80100000, 0x00008020, 00094 0x00000000, 0x00108020, 0x80100020, 0x00100000, 00095 0x80008020, 0x80100000, 0x80108000, 0x00008000, 00096 0x80100000, 0x80008000, 0x00000020, 0x80108020, 00097 0x00108020, 0x00000020, 0x00008000, 0x80000000, 00098 0x00008020, 0x80108000, 0x00100000, 0x80000020, 00099 0x00100020, 0x80008020, 0x80000020, 0x00100020, 00100 0x00108000, 0x00000000, 0x80008000, 0x00008020, 00101 0x80000000, 0x80100020, 0x80108020, 0x00108000 00102 }; 00103 00104 static const unsigned long SB3[64] = 00105 { 00106 0x00000208, 0x08020200, 0x00000000, 0x08020008, 00107 0x08000200, 0x00000000, 0x00020208, 0x08000200, 00108 0x00020008, 0x08000008, 0x08000008, 0x00020000, 00109 0x08020208, 0x00020008, 0x08020000, 0x00000208, 00110 0x08000000, 0x00000008, 0x08020200, 0x00000200, 00111 0x00020200, 0x08020000, 0x08020008, 0x00020208, 00112 0x08000208, 0x00020200, 0x00020000, 0x08000208, 00113 0x00000008, 0x08020208, 0x00000200, 0x08000000, 00114 0x08020200, 0x08000000, 0x00020008, 0x00000208, 00115 0x00020000, 0x08020200, 0x08000200, 0x00000000, 00116 0x00000200, 0x00020008, 0x08020208, 0x08000200, 00117 0x08000008, 0x00000200, 0x00000000, 0x08020008, 00118 0x08000208, 0x00020000, 0x08000000, 0x08020208, 00119 0x00000008, 0x00020208, 0x00020200, 0x08000008, 00120 0x08020000, 0x08000208, 0x00000208, 0x08020000, 00121 0x00020208, 0x00000008, 0x08020008, 0x00020200 00122 }; 00123 00124 static const unsigned long SB4[64] = 00125 { 00126 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00127 0x00802080, 0x00800081, 0x00800001, 0x00002001, 00128 0x00000000, 0x00802000, 0x00802000, 0x00802081, 00129 0x00000081, 0x00000000, 0x00800080, 0x00800001, 00130 0x00000001, 0x00002000, 0x00800000, 0x00802001, 00131 0x00000080, 0x00800000, 0x00002001, 0x00002080, 00132 0x00800081, 0x00000001, 0x00002080, 0x00800080, 00133 0x00002000, 0x00802080, 0x00802081, 0x00000081, 00134 0x00800080, 0x00800001, 0x00802000, 0x00802081, 00135 0x00000081, 0x00000000, 0x00000000, 0x00802000, 00136 0x00002080, 0x00800080, 0x00800081, 0x00000001, 00137 0x00802001, 0x00002081, 0x00002081, 0x00000080, 00138 0x00802081, 0x00000081, 0x00000001, 0x00002000, 00139 0x00800001, 0x00002001, 0x00802080, 0x00800081, 00140 0x00002001, 0x00002080, 0x00800000, 0x00802001, 00141 0x00000080, 0x00800000, 0x00002000, 0x00802080 00142 }; 00143 00144 static const unsigned long SB5[64] = 00145 { 00146 0x00000100, 0x02080100, 0x02080000, 0x42000100, 00147 0x00080000, 0x00000100, 0x40000000, 0x02080000, 00148 0x40080100, 0x00080000, 0x02000100, 0x40080100, 00149 0x42000100, 0x42080000, 0x00080100, 0x40000000, 00150 0x02000000, 0x40080000, 0x40080000, 0x00000000, 00151 0x40000100, 0x42080100, 0x42080100, 0x02000100, 00152 0x42080000, 0x40000100, 0x00000000, 0x42000000, 00153 0x02080100, 0x02000000, 0x42000000, 0x00080100, 00154 0x00080000, 0x42000100, 0x00000100, 0x02000000, 00155 0x40000000, 0x02080000, 0x42000100, 0x40080100, 00156 0x02000100, 0x40000000, 0x42080000, 0x02080100, 00157 0x40080100, 0x00000100, 0x02000000, 0x42080000, 00158 0x42080100, 0x00080100, 0x42000000, 0x42080100, 00159 0x02080000, 0x00000000, 0x40080000, 0x42000000, 00160 0x00080100, 0x02000100, 0x40000100, 0x00080000, 00161 0x00000000, 0x40080000, 0x02080100, 0x40000100 00162 }; 00163 00164 static const unsigned long SB6[64] = 00165 { 00166 0x20000010, 0x20400000, 0x00004000, 0x20404010, 00167 0x20400000, 0x00000010, 0x20404010, 0x00400000, 00168 0x20004000, 0x00404010, 0x00400000, 0x20000010, 00169 0x00400010, 0x20004000, 0x20000000, 0x00004010, 00170 0x00000000, 0x00400010, 0x20004010, 0x00004000, 00171 0x00404000, 0x20004010, 0x00000010, 0x20400010, 00172 0x20400010, 0x00000000, 0x00404010, 0x20404000, 00173 0x00004010, 0x00404000, 0x20404000, 0x20000000, 00174 0x20004000, 0x00000010, 0x20400010, 0x00404000, 00175 0x20404010, 0x00400000, 0x00004010, 0x20000010, 00176 0x00400000, 0x20004000, 0x20000000, 0x00004010, 00177 0x20000010, 0x20404010, 0x00404000, 0x20400000, 00178 0x00404010, 0x20404000, 0x00000000, 0x20400010, 00179 0x00000010, 0x00004000, 0x20400000, 0x00404010, 00180 0x00004000, 0x00400010, 0x20004010, 0x00000000, 00181 0x20404000, 0x20000000, 0x00400010, 0x20004010 00182 }; 00183 00184 static const unsigned long SB7[64] = 00185 { 00186 0x00200000, 0x04200002, 0x04000802, 0x00000000, 00187 0x00000800, 0x04000802, 0x00200802, 0x04200800, 00188 0x04200802, 0x00200000, 0x00000000, 0x04000002, 00189 0x00000002, 0x04000000, 0x04200002, 0x00000802, 00190 0x04000800, 0x00200802, 0x00200002, 0x04000800, 00191 0x04000002, 0x04200000, 0x04200800, 0x00200002, 00192 0x04200000, 0x00000800, 0x00000802, 0x04200802, 00193 0x00200800, 0x00000002, 0x04000000, 0x00200800, 00194 0x04000000, 0x00200800, 0x00200000, 0x04000802, 00195 0x04000802, 0x04200002, 0x04200002, 0x00000002, 00196 0x00200002, 0x04000000, 0x04000800, 0x00200000, 00197 0x04200800, 0x00000802, 0x00200802, 0x04200800, 00198 0x00000802, 0x04000002, 0x04200802, 0x04200000, 00199 0x00200800, 0x00000000, 0x00000002, 0x04200802, 00200 0x00000000, 0x00200802, 0x04200000, 0x00000800, 00201 0x04000002, 0x04000800, 0x00000800, 0x00200002 00202 }; 00203 00204 static const unsigned long SB8[64] = 00205 { 00206 0x10001040, 0x00001000, 0x00040000, 0x10041040, 00207 0x10000000, 0x10001040, 0x00000040, 0x10000000, 00208 0x00040040, 0x10040000, 0x10041040, 0x00041000, 00209 0x10041000, 0x00041040, 0x00001000, 0x00000040, 00210 0x10040000, 0x10000040, 0x10001000, 0x00001040, 00211 0x00041000, 0x00040040, 0x10040040, 0x10041000, 00212 0x00001040, 0x00000000, 0x00000000, 0x10040040, 00213 0x10000040, 0x10001000, 0x00041040, 0x00040000, 00214 0x00041040, 0x00040000, 0x10041000, 0x00001000, 00215 0x00000040, 0x10040040, 0x00001000, 0x00041040, 00216 0x10001000, 0x00000040, 0x10000040, 0x10040000, 00217 0x10040040, 0x10000000, 0x00040000, 0x10001040, 00218 0x00000000, 0x10041040, 0x00040040, 0x10000040, 00219 0x10040000, 0x10001000, 0x10001040, 0x00000000, 00220 0x10041040, 0x00041000, 0x00041000, 0x00001040, 00221 0x00001040, 0x00040040, 0x10000000, 0x10041000 00222 }; 00223 00224 /* 00225 * PC1: left and right halves bit-swap 00226 */ 00227 static const unsigned long LHs[16] = 00228 { 00229 0x00000000, 0x00000001, 0x00000100, 0x00000101, 00230 0x00010000, 0x00010001, 0x00010100, 0x00010101, 00231 0x01000000, 0x01000001, 0x01000100, 0x01000101, 00232 0x01010000, 0x01010001, 0x01010100, 0x01010101 00233 }; 00234 00235 static const unsigned long RHs[16] = 00236 { 00237 0x00000000, 0x01000000, 0x00010000, 0x01010000, 00238 0x00000100, 0x01000100, 0x00010100, 0x01010100, 00239 0x00000001, 0x01000001, 0x00010001, 0x01010001, 00240 0x00000101, 0x01000101, 0x00010101, 0x01010101, 00241 }; 00242 00243 /* 00244 * Initial Permutation macro 00245 */ 00246 #define DES_IP(X,Y) \ 00247 { \ 00248 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00249 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00250 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00251 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00252 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ 00253 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ 00254 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ 00255 } 00256 00257 /* 00258 * Final Permutation macro 00259 */ 00260 #define DES_FP(X,Y) \ 00261 { \ 00262 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ 00263 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ 00264 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ 00265 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ 00266 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ 00267 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ 00268 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ 00269 } 00270 00271 /* 00272 * DES round macro 00273 */ 00274 #define DES_ROUND(X,Y) \ 00275 { \ 00276 T = *SK++ ^ X; \ 00277 Y ^= SB8[ (T ) & 0x3F ] ^ \ 00278 SB6[ (T >> 8) & 0x3F ] ^ \ 00279 SB4[ (T >> 16) & 0x3F ] ^ \ 00280 SB2[ (T >> 24) & 0x3F ]; \ 00281 \ 00282 T = *SK++ ^ ((X << 28) | (X >> 4)); \ 00283 Y ^= SB7[ (T ) & 0x3F ] ^ \ 00284 SB5[ (T >> 8) & 0x3F ] ^ \ 00285 SB3[ (T >> 16) & 0x3F ] ^ \ 00286 SB1[ (T >> 24) & 0x3F ]; \ 00287 } 00288 00289 #define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; } 00290 00291 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, 00292 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, 00293 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, 00294 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, 00295 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, 00296 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, 00297 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, 00298 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, 00299 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, 00300 254 }; 00301 00302 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] ) 00303 { 00304 int i; 00305 00306 for( i = 0; i < DES_KEY_SIZE; i++ ) 00307 key[i] = odd_parity_table[key[i] / 2]; 00308 } 00309 00310 /* 00311 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS 00312 */ 00313 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] ) 00314 { 00315 int i; 00316 00317 for( i = 0; i < DES_KEY_SIZE; i++ ) 00318 if ( key[i] != odd_parity_table[key[i] / 2] ) 00319 return( 1 ); 00320 00321 return( 0 ); 00322 } 00323 00324 /* 00325 * Table of weak and semi-weak keys 00326 * 00327 * Source: http://en.wikipedia.org/wiki/Weak_key 00328 * 00329 * Weak: 00330 * Alternating ones + zeros (0x0101010101010101) 00331 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE) 00332 * '0xE0E0E0E0F1F1F1F1' 00333 * '0x1F1F1F1F0E0E0E0E' 00334 * 00335 * Semi-weak: 00336 * 0x011F011F010E010E and 0x1F011F010E010E01 00337 * 0x01E001E001F101F1 and 0xE001E001F101F101 00338 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01 00339 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E 00340 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E 00341 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1 00342 * 00343 */ 00344 00345 #define WEAK_KEY_COUNT 16 00346 00347 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] = 00348 { 00349 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, 00350 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, 00351 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, 00352 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, 00353 00354 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, 00355 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, 00356 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, 00357 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, 00358 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, 00359 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, 00360 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, 00361 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, 00362 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, 00363 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, 00364 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, 00365 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } 00366 }; 00367 00368 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] ) 00369 { 00370 int i; 00371 00372 for( i = 0; i < WEAK_KEY_COUNT; i++ ) 00373 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0) 00374 return( 1 ); 00375 00376 return( 0 ); 00377 } 00378 00379 static void des_setkey( unsigned long SK[32], const unsigned char key[DES_KEY_SIZE] ) 00380 { 00381 int i; 00382 unsigned long X, Y, T; 00383 00384 GET_ULONG_BE( X, key, 0 ); 00385 GET_ULONG_BE( Y, key, 4 ); 00386 00387 /* 00388 * Permuted Choice 1 00389 */ 00390 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); 00391 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); 00392 00393 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) 00394 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) 00395 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) 00396 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); 00397 00398 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) 00399 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) 00400 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) 00401 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); 00402 00403 X &= 0x0FFFFFFF; 00404 Y &= 0x0FFFFFFF; 00405 00406 /* 00407 * calculate subkeys 00408 */ 00409 for( i = 0; i < 16; i++ ) 00410 { 00411 if( i < 2 || i == 8 || i == 15 ) 00412 { 00413 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; 00414 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; 00415 } 00416 else 00417 { 00418 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; 00419 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; 00420 } 00421 00422 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) 00423 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) 00424 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) 00425 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) 00426 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) 00427 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) 00428 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) 00429 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) 00430 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) 00431 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) 00432 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); 00433 00434 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) 00435 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) 00436 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) 00437 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) 00438 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) 00439 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) 00440 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) 00441 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) 00442 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) 00443 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) 00444 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); 00445 } 00446 } 00447 00448 /* 00449 * DES key schedule (56-bit, encryption) 00450 */ 00451 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00452 { 00453 des_setkey( ctx->sk, key ); 00454 00455 return( 0 ); 00456 } 00457 00458 /* 00459 * DES key schedule (56-bit, decryption) 00460 */ 00461 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] ) 00462 { 00463 int i; 00464 00465 des_setkey( ctx->sk, key ); 00466 00467 for( i = 0; i < 16; i += 2 ) 00468 { 00469 SWAP( ctx->sk[i ], ctx->sk[30 - i] ); 00470 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] ); 00471 } 00472 00473 return( 0 ); 00474 } 00475 00476 static void des3_set2key( unsigned long esk[96], 00477 unsigned long dsk[96], 00478 const unsigned char key[DES_KEY_SIZE*2] ) 00479 { 00480 int i; 00481 00482 des_setkey( esk, key ); 00483 des_setkey( dsk + 32, key + 8 ); 00484 00485 for( i = 0; i < 32; i += 2 ) 00486 { 00487 dsk[i ] = esk[30 - i]; 00488 dsk[i + 1] = esk[31 - i]; 00489 00490 esk[i + 32] = dsk[62 - i]; 00491 esk[i + 33] = dsk[63 - i]; 00492 00493 esk[i + 64] = esk[i ]; 00494 esk[i + 65] = esk[i + 1]; 00495 00496 dsk[i + 64] = dsk[i ]; 00497 dsk[i + 65] = dsk[i + 1]; 00498 } 00499 } 00500 00501 /* 00502 * Triple-DES key schedule (112-bit, encryption) 00503 */ 00504 int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] ) 00505 { 00506 unsigned long sk[96]; 00507 00508 des3_set2key( ctx->sk, sk, key ); 00509 memset( sk, 0, sizeof( sk ) ); 00510 00511 return( 0 ); 00512 } 00513 00514 /* 00515 * Triple-DES key schedule (112-bit, decryption) 00516 */ 00517 int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] ) 00518 { 00519 unsigned long sk[96]; 00520 00521 des3_set2key( sk, ctx->sk, key ); 00522 memset( sk, 0, sizeof( sk ) ); 00523 00524 return( 0 ); 00525 } 00526 00527 static void des3_set3key( unsigned long esk[96], 00528 unsigned long dsk[96], 00529 const unsigned char key[24] ) 00530 { 00531 int i; 00532 00533 des_setkey( esk, key ); 00534 des_setkey( dsk + 32, key + 8 ); 00535 des_setkey( esk + 64, key + 16 ); 00536 00537 for( i = 0; i < 32; i += 2 ) 00538 { 00539 dsk[i ] = esk[94 - i]; 00540 dsk[i + 1] = esk[95 - i]; 00541 00542 esk[i + 32] = dsk[62 - i]; 00543 esk[i + 33] = dsk[63 - i]; 00544 00545 dsk[i + 64] = esk[30 - i]; 00546 dsk[i + 65] = esk[31 - i]; 00547 } 00548 } 00549 00550 /* 00551 * Triple-DES key schedule (168-bit, encryption) 00552 */ 00553 int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] ) 00554 { 00555 unsigned long sk[96]; 00556 00557 des3_set3key( ctx->sk, sk, key ); 00558 memset( sk, 0, sizeof( sk ) ); 00559 00560 return( 0 ); 00561 } 00562 00563 /* 00564 * Triple-DES key schedule (168-bit, decryption) 00565 */ 00566 int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] ) 00567 { 00568 unsigned long sk[96]; 00569 00570 des3_set3key( sk, ctx->sk, key ); 00571 memset( sk, 0, sizeof( sk ) ); 00572 00573 return( 0 ); 00574 } 00575 00576 /* 00577 * DES-ECB block encryption/decryption 00578 */ 00579 int des_crypt_ecb( des_context *ctx, 00580 const unsigned char input[8], 00581 unsigned char output[8] ) 00582 { 00583 int i; 00584 unsigned long X, Y, T, *SK; 00585 00586 SK = ctx->sk; 00587 00588 GET_ULONG_BE( X, input, 0 ); 00589 GET_ULONG_BE( Y, input, 4 ); 00590 00591 DES_IP( X, Y ); 00592 00593 for( i = 0; i < 8; i++ ) 00594 { 00595 DES_ROUND( Y, X ); 00596 DES_ROUND( X, Y ); 00597 } 00598 00599 DES_FP( Y, X ); 00600 00601 PUT_ULONG_BE( Y, output, 0 ); 00602 PUT_ULONG_BE( X, output, 4 ); 00603 00604 return( 0 ); 00605 } 00606 00607 /* 00608 * DES-CBC buffer encryption/decryption 00609 */ 00610 int des_crypt_cbc( des_context *ctx, 00611 int mode, 00612 size_t length, 00613 unsigned char iv[8], 00614 const unsigned char *input, 00615 unsigned char *output ) 00616 { 00617 int i; 00618 unsigned char temp[8]; 00619 00620 if( length % 8 ) 00621 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00622 00623 if( mode == DES_ENCRYPT ) 00624 { 00625 while( length > 0 ) 00626 { 00627 for( i = 0; i < 8; i++ ) 00628 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00629 00630 des_crypt_ecb( ctx, output, output ); 00631 memcpy( iv, output, 8 ); 00632 00633 input += 8; 00634 output += 8; 00635 length -= 8; 00636 } 00637 } 00638 else /* DES_DECRYPT */ 00639 { 00640 while( length > 0 ) 00641 { 00642 memcpy( temp, input, 8 ); 00643 des_crypt_ecb( ctx, input, output ); 00644 00645 for( i = 0; i < 8; i++ ) 00646 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00647 00648 memcpy( iv, temp, 8 ); 00649 00650 input += 8; 00651 output += 8; 00652 length -= 8; 00653 } 00654 } 00655 00656 return( 0 ); 00657 } 00658 00659 /* 00660 * 3DES-ECB block encryption/decryption 00661 */ 00662 int des3_crypt_ecb( des3_context *ctx, 00663 const unsigned char input[8], 00664 unsigned char output[8] ) 00665 { 00666 int i; 00667 unsigned long X, Y, T, *SK; 00668 00669 SK = ctx->sk; 00670 00671 GET_ULONG_BE( X, input, 0 ); 00672 GET_ULONG_BE( Y, input, 4 ); 00673 00674 DES_IP( X, Y ); 00675 00676 for( i = 0; i < 8; i++ ) 00677 { 00678 DES_ROUND( Y, X ); 00679 DES_ROUND( X, Y ); 00680 } 00681 00682 for( i = 0; i < 8; i++ ) 00683 { 00684 DES_ROUND( X, Y ); 00685 DES_ROUND( Y, X ); 00686 } 00687 00688 for( i = 0; i < 8; i++ ) 00689 { 00690 DES_ROUND( Y, X ); 00691 DES_ROUND( X, Y ); 00692 } 00693 00694 DES_FP( Y, X ); 00695 00696 PUT_ULONG_BE( Y, output, 0 ); 00697 PUT_ULONG_BE( X, output, 4 ); 00698 00699 return( 0 ); 00700 } 00701 00702 /* 00703 * 3DES-CBC buffer encryption/decryption 00704 */ 00705 int des3_crypt_cbc( des3_context *ctx, 00706 int mode, 00707 size_t length, 00708 unsigned char iv[8], 00709 const unsigned char *input, 00710 unsigned char *output ) 00711 { 00712 int i; 00713 unsigned char temp[8]; 00714 00715 if( length % 8 ) 00716 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH ); 00717 00718 if( mode == DES_ENCRYPT ) 00719 { 00720 while( length > 0 ) 00721 { 00722 for( i = 0; i < 8; i++ ) 00723 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00724 00725 des3_crypt_ecb( ctx, output, output ); 00726 memcpy( iv, output, 8 ); 00727 00728 input += 8; 00729 output += 8; 00730 length -= 8; 00731 } 00732 } 00733 else /* DES_DECRYPT */ 00734 { 00735 while( length > 0 ) 00736 { 00737 memcpy( temp, input, 8 ); 00738 des3_crypt_ecb( ctx, input, output ); 00739 00740 for( i = 0; i < 8; i++ ) 00741 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00742 00743 memcpy( iv, temp, 8 ); 00744 00745 input += 8; 00746 output += 8; 00747 length -= 8; 00748 } 00749 } 00750 00751 return( 0 ); 00752 } 00753 00754 #if defined(POLARSSL_SELF_TEST) 00755 00756 #include <stdio.h> 00757 00758 /* 00759 * DES and 3DES test vectors from: 00760 * 00761 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip 00762 */ 00763 static const unsigned char des3_test_keys[24] = 00764 { 00765 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 00766 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 00767 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 00768 }; 00769 00770 static const unsigned char des3_test_iv[8] = 00771 { 00772 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 00773 }; 00774 00775 static const unsigned char des3_test_buf[8] = 00776 { 00777 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 00778 }; 00779 00780 static const unsigned char des3_test_ecb_dec[3][8] = 00781 { 00782 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, 00783 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, 00784 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } 00785 }; 00786 00787 static const unsigned char des3_test_ecb_enc[3][8] = 00788 { 00789 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, 00790 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, 00791 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } 00792 }; 00793 00794 static const unsigned char des3_test_cbc_dec[3][8] = 00795 { 00796 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, 00797 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, 00798 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } 00799 }; 00800 00801 static const unsigned char des3_test_cbc_enc[3][8] = 00802 { 00803 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, 00804 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, 00805 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } 00806 }; 00807 00808 /* 00809 * Checkup routine 00810 */ 00811 int des_self_test( int verbose ) 00812 { 00813 int i, j, u, v; 00814 des_context ctx; 00815 des3_context ctx3; 00816 unsigned char key[24]; 00817 unsigned char buf[8]; 00818 unsigned char prv[8]; 00819 unsigned char iv[8]; 00820 00821 memset( key, 0, 24 ); 00822 00823 /* 00824 * ECB mode 00825 */ 00826 for( i = 0; i < 6; i++ ) 00827 { 00828 u = i >> 1; 00829 v = i & 1; 00830 00831 if( verbose != 0 ) 00832 printf( " DES%c-ECB-%3d (%s): ", 00833 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00834 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00835 00836 memcpy( buf, des3_test_buf, 8 ); 00837 00838 switch( i ) 00839 { 00840 case 0: 00841 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); 00842 break; 00843 00844 case 1: 00845 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); 00846 break; 00847 00848 case 2: 00849 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); 00850 break; 00851 00852 case 3: 00853 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); 00854 break; 00855 00856 case 4: 00857 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); 00858 break; 00859 00860 case 5: 00861 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); 00862 break; 00863 00864 default: 00865 return( 1 ); 00866 } 00867 00868 for( j = 0; j < 10000; j++ ) 00869 { 00870 if( u == 0 ) 00871 des_crypt_ecb( &ctx, buf, buf ); 00872 else 00873 des3_crypt_ecb( &ctx3, buf, buf ); 00874 } 00875 00876 if( ( v == DES_DECRYPT && 00877 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || 00878 ( v != DES_DECRYPT && 00879 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) 00880 { 00881 if( verbose != 0 ) 00882 printf( "failed\n" ); 00883 00884 return( 1 ); 00885 } 00886 00887 if( verbose != 0 ) 00888 printf( "passed\n" ); 00889 } 00890 00891 if( verbose != 0 ) 00892 printf( "\n" ); 00893 00894 /* 00895 * CBC mode 00896 */ 00897 for( i = 0; i < 6; i++ ) 00898 { 00899 u = i >> 1; 00900 v = i & 1; 00901 00902 if( verbose != 0 ) 00903 printf( " DES%c-CBC-%3d (%s): ", 00904 ( u == 0 ) ? ' ' : '3', 56 + u * 56, 00905 ( v == DES_DECRYPT ) ? "dec" : "enc" ); 00906 00907 memcpy( iv, des3_test_iv, 8 ); 00908 memcpy( prv, des3_test_iv, 8 ); 00909 memcpy( buf, des3_test_buf, 8 ); 00910 00911 switch( i ) 00912 { 00913 case 0: 00914 des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); 00915 break; 00916 00917 case 1: 00918 des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); 00919 break; 00920 00921 case 2: 00922 des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); 00923 break; 00924 00925 case 3: 00926 des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); 00927 break; 00928 00929 case 4: 00930 des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); 00931 break; 00932 00933 case 5: 00934 des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); 00935 break; 00936 00937 default: 00938 return( 1 ); 00939 } 00940 00941 if( v == DES_DECRYPT ) 00942 { 00943 for( j = 0; j < 10000; j++ ) 00944 { 00945 if( u == 0 ) 00946 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 00947 else 00948 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 00949 } 00950 } 00951 else 00952 { 00953 for( j = 0; j < 10000; j++ ) 00954 { 00955 unsigned char tmp[8]; 00956 00957 if( u == 0 ) 00958 des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); 00959 else 00960 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); 00961 00962 memcpy( tmp, prv, 8 ); 00963 memcpy( prv, buf, 8 ); 00964 memcpy( buf, tmp, 8 ); 00965 } 00966 00967 memcpy( buf, prv, 8 ); 00968 } 00969 00970 if( ( v == DES_DECRYPT && 00971 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || 00972 ( v != DES_DECRYPT && 00973 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) 00974 { 00975 if( verbose != 0 ) 00976 printf( "failed\n" ); 00977 00978 return( 1 ); 00979 } 00980 00981 if( verbose != 0 ) 00982 printf( "passed\n" ); 00983 } 00984 00985 if( verbose != 0 ) 00986 printf( "\n" ); 00987 00988 return( 0 ); 00989 } 00990 00991 #endif 00992 00993 #endif