]> git.zerfleddert.de Git - proxmark3-svn/blob - client/loclass/des.c
Fix issue #103 (hopefully). Quite an old bug which was previously
[proxmark3-svn] / client / loclass / des.c
1 /*
2 * FIPS-46-3 compliant Triple-DES implementation
3 *
4 * Copyright (C) 2006-2014, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25 /*
26 * DES, on which TDES is based, was originally designed by Horst Feistel
27 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
28 *
29 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 */
31
32 //#include "polarssl/config.h"
33 #define POLARSSL_DES_C
34
35 #if defined(POLARSSL_DES_C)
36
37 #include "des.h"
38
39 #if defined(POLARSSL_PLATFORM_C)
40 #include "polarssl/platform.h"
41 #else
42 #define polarssl_printf printf
43 #endif
44
45 #if !defined(POLARSSL_DES_ALT)
46
47 /*
48 * 32-bit integer manipulation macros (big endian)
49 */
50 #ifndef GET_UINT32_BE
51 #define GET_UINT32_BE(n,b,i) \
52 { \
53 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
54 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
55 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
56 | ( (uint32_t) (b)[(i) + 3] ); \
57 }
58 #endif
59
60 #ifndef PUT_UINT32_BE
61 #define PUT_UINT32_BE(n,b,i) \
62 { \
63 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
64 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
65 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
66 (b)[(i) + 3] = (unsigned char) ( (n) ); \
67 }
68 #endif
69
70 /*
71 * Expanded DES S-boxes
72 */
73 static const uint32_t SB1[64] =
74 {
75 0x01010400, 0x00000000, 0x00010000, 0x01010404,
76 0x01010004, 0x00010404, 0x00000004, 0x00010000,
77 0x00000400, 0x01010400, 0x01010404, 0x00000400,
78 0x01000404, 0x01010004, 0x01000000, 0x00000004,
79 0x00000404, 0x01000400, 0x01000400, 0x00010400,
80 0x00010400, 0x01010000, 0x01010000, 0x01000404,
81 0x00010004, 0x01000004, 0x01000004, 0x00010004,
82 0x00000000, 0x00000404, 0x00010404, 0x01000000,
83 0x00010000, 0x01010404, 0x00000004, 0x01010000,
84 0x01010400, 0x01000000, 0x01000000, 0x00000400,
85 0x01010004, 0x00010000, 0x00010400, 0x01000004,
86 0x00000400, 0x00000004, 0x01000404, 0x00010404,
87 0x01010404, 0x00010004, 0x01010000, 0x01000404,
88 0x01000004, 0x00000404, 0x00010404, 0x01010400,
89 0x00000404, 0x01000400, 0x01000400, 0x00000000,
90 0x00010004, 0x00010400, 0x00000000, 0x01010004
91 };
92
93 static const uint32_t SB2[64] =
94 {
95 0x80108020, 0x80008000, 0x00008000, 0x00108020,
96 0x00100000, 0x00000020, 0x80100020, 0x80008020,
97 0x80000020, 0x80108020, 0x80108000, 0x80000000,
98 0x80008000, 0x00100000, 0x00000020, 0x80100020,
99 0x00108000, 0x00100020, 0x80008020, 0x00000000,
100 0x80000000, 0x00008000, 0x00108020, 0x80100000,
101 0x00100020, 0x80000020, 0x00000000, 0x00108000,
102 0x00008020, 0x80108000, 0x80100000, 0x00008020,
103 0x00000000, 0x00108020, 0x80100020, 0x00100000,
104 0x80008020, 0x80100000, 0x80108000, 0x00008000,
105 0x80100000, 0x80008000, 0x00000020, 0x80108020,
106 0x00108020, 0x00000020, 0x00008000, 0x80000000,
107 0x00008020, 0x80108000, 0x00100000, 0x80000020,
108 0x00100020, 0x80008020, 0x80000020, 0x00100020,
109 0x00108000, 0x00000000, 0x80008000, 0x00008020,
110 0x80000000, 0x80100020, 0x80108020, 0x00108000
111 };
112
113 static const uint32_t SB3[64] =
114 {
115 0x00000208, 0x08020200, 0x00000000, 0x08020008,
116 0x08000200, 0x00000000, 0x00020208, 0x08000200,
117 0x00020008, 0x08000008, 0x08000008, 0x00020000,
118 0x08020208, 0x00020008, 0x08020000, 0x00000208,
119 0x08000000, 0x00000008, 0x08020200, 0x00000200,
120 0x00020200, 0x08020000, 0x08020008, 0x00020208,
121 0x08000208, 0x00020200, 0x00020000, 0x08000208,
122 0x00000008, 0x08020208, 0x00000200, 0x08000000,
123 0x08020200, 0x08000000, 0x00020008, 0x00000208,
124 0x00020000, 0x08020200, 0x08000200, 0x00000000,
125 0x00000200, 0x00020008, 0x08020208, 0x08000200,
126 0x08000008, 0x00000200, 0x00000000, 0x08020008,
127 0x08000208, 0x00020000, 0x08000000, 0x08020208,
128 0x00000008, 0x00020208, 0x00020200, 0x08000008,
129 0x08020000, 0x08000208, 0x00000208, 0x08020000,
130 0x00020208, 0x00000008, 0x08020008, 0x00020200
131 };
132
133 static const uint32_t SB4[64] =
134 {
135 0x00802001, 0x00002081, 0x00002081, 0x00000080,
136 0x00802080, 0x00800081, 0x00800001, 0x00002001,
137 0x00000000, 0x00802000, 0x00802000, 0x00802081,
138 0x00000081, 0x00000000, 0x00800080, 0x00800001,
139 0x00000001, 0x00002000, 0x00800000, 0x00802001,
140 0x00000080, 0x00800000, 0x00002001, 0x00002080,
141 0x00800081, 0x00000001, 0x00002080, 0x00800080,
142 0x00002000, 0x00802080, 0x00802081, 0x00000081,
143 0x00800080, 0x00800001, 0x00802000, 0x00802081,
144 0x00000081, 0x00000000, 0x00000000, 0x00802000,
145 0x00002080, 0x00800080, 0x00800081, 0x00000001,
146 0x00802001, 0x00002081, 0x00002081, 0x00000080,
147 0x00802081, 0x00000081, 0x00000001, 0x00002000,
148 0x00800001, 0x00002001, 0x00802080, 0x00800081,
149 0x00002001, 0x00002080, 0x00800000, 0x00802001,
150 0x00000080, 0x00800000, 0x00002000, 0x00802080
151 };
152
153 static const uint32_t SB5[64] =
154 {
155 0x00000100, 0x02080100, 0x02080000, 0x42000100,
156 0x00080000, 0x00000100, 0x40000000, 0x02080000,
157 0x40080100, 0x00080000, 0x02000100, 0x40080100,
158 0x42000100, 0x42080000, 0x00080100, 0x40000000,
159 0x02000000, 0x40080000, 0x40080000, 0x00000000,
160 0x40000100, 0x42080100, 0x42080100, 0x02000100,
161 0x42080000, 0x40000100, 0x00000000, 0x42000000,
162 0x02080100, 0x02000000, 0x42000000, 0x00080100,
163 0x00080000, 0x42000100, 0x00000100, 0x02000000,
164 0x40000000, 0x02080000, 0x42000100, 0x40080100,
165 0x02000100, 0x40000000, 0x42080000, 0x02080100,
166 0x40080100, 0x00000100, 0x02000000, 0x42080000,
167 0x42080100, 0x00080100, 0x42000000, 0x42080100,
168 0x02080000, 0x00000000, 0x40080000, 0x42000000,
169 0x00080100, 0x02000100, 0x40000100, 0x00080000,
170 0x00000000, 0x40080000, 0x02080100, 0x40000100
171 };
172
173 static const uint32_t SB6[64] =
174 {
175 0x20000010, 0x20400000, 0x00004000, 0x20404010,
176 0x20400000, 0x00000010, 0x20404010, 0x00400000,
177 0x20004000, 0x00404010, 0x00400000, 0x20000010,
178 0x00400010, 0x20004000, 0x20000000, 0x00004010,
179 0x00000000, 0x00400010, 0x20004010, 0x00004000,
180 0x00404000, 0x20004010, 0x00000010, 0x20400010,
181 0x20400010, 0x00000000, 0x00404010, 0x20404000,
182 0x00004010, 0x00404000, 0x20404000, 0x20000000,
183 0x20004000, 0x00000010, 0x20400010, 0x00404000,
184 0x20404010, 0x00400000, 0x00004010, 0x20000010,
185 0x00400000, 0x20004000, 0x20000000, 0x00004010,
186 0x20000010, 0x20404010, 0x00404000, 0x20400000,
187 0x00404010, 0x20404000, 0x00000000, 0x20400010,
188 0x00000010, 0x00004000, 0x20400000, 0x00404010,
189 0x00004000, 0x00400010, 0x20004010, 0x00000000,
190 0x20404000, 0x20000000, 0x00400010, 0x20004010
191 };
192
193 static const uint32_t SB7[64] =
194 {
195 0x00200000, 0x04200002, 0x04000802, 0x00000000,
196 0x00000800, 0x04000802, 0x00200802, 0x04200800,
197 0x04200802, 0x00200000, 0x00000000, 0x04000002,
198 0x00000002, 0x04000000, 0x04200002, 0x00000802,
199 0x04000800, 0x00200802, 0x00200002, 0x04000800,
200 0x04000002, 0x04200000, 0x04200800, 0x00200002,
201 0x04200000, 0x00000800, 0x00000802, 0x04200802,
202 0x00200800, 0x00000002, 0x04000000, 0x00200800,
203 0x04000000, 0x00200800, 0x00200000, 0x04000802,
204 0x04000802, 0x04200002, 0x04200002, 0x00000002,
205 0x00200002, 0x04000000, 0x04000800, 0x00200000,
206 0x04200800, 0x00000802, 0x00200802, 0x04200800,
207 0x00000802, 0x04000002, 0x04200802, 0x04200000,
208 0x00200800, 0x00000000, 0x00000002, 0x04200802,
209 0x00000000, 0x00200802, 0x04200000, 0x00000800,
210 0x04000002, 0x04000800, 0x00000800, 0x00200002
211 };
212
213 static const uint32_t SB8[64] =
214 {
215 0x10001040, 0x00001000, 0x00040000, 0x10041040,
216 0x10000000, 0x10001040, 0x00000040, 0x10000000,
217 0x00040040, 0x10040000, 0x10041040, 0x00041000,
218 0x10041000, 0x00041040, 0x00001000, 0x00000040,
219 0x10040000, 0x10000040, 0x10001000, 0x00001040,
220 0x00041000, 0x00040040, 0x10040040, 0x10041000,
221 0x00001040, 0x00000000, 0x00000000, 0x10040040,
222 0x10000040, 0x10001000, 0x00041040, 0x00040000,
223 0x00041040, 0x00040000, 0x10041000, 0x00001000,
224 0x00000040, 0x10040040, 0x00001000, 0x00041040,
225 0x10001000, 0x00000040, 0x10000040, 0x10040000,
226 0x10040040, 0x10000000, 0x00040000, 0x10001040,
227 0x00000000, 0x10041040, 0x00040040, 0x10000040,
228 0x10040000, 0x10001000, 0x10001040, 0x00000000,
229 0x10041040, 0x00041000, 0x00041000, 0x00001040,
230 0x00001040, 0x00040040, 0x10000000, 0x10041000
231 };
232
233 /*
234 * PC1: left and right halves bit-swap
235 */
236 static const uint32_t LHs[16] =
237 {
238 0x00000000, 0x00000001, 0x00000100, 0x00000101,
239 0x00010000, 0x00010001, 0x00010100, 0x00010101,
240 0x01000000, 0x01000001, 0x01000100, 0x01000101,
241 0x01010000, 0x01010001, 0x01010100, 0x01010101
242 };
243
244 static const uint32_t RHs[16] =
245 {
246 0x00000000, 0x01000000, 0x00010000, 0x01010000,
247 0x00000100, 0x01000100, 0x00010100, 0x01010100,
248 0x00000001, 0x01000001, 0x00010001, 0x01010001,
249 0x00000101, 0x01000101, 0x00010101, 0x01010101,
250 };
251
252 /*
253 * Initial Permutation macro
254 */
255 #define DES_IP(X,Y) \
256 { \
257 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
258 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
259 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
260 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
261 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
262 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
263 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
264 }
265
266 /*
267 * Final Permutation macro
268 */
269 #define DES_FP(X,Y) \
270 { \
271 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
272 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
273 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
274 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
275 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
276 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
277 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
278 }
279
280 /*
281 * DES round macro
282 */
283 #define DES_ROUND(X,Y) \
284 { \
285 T = *SK++ ^ X; \
286 Y ^= SB8[ (T ) & 0x3F ] ^ \
287 SB6[ (T >> 8) & 0x3F ] ^ \
288 SB4[ (T >> 16) & 0x3F ] ^ \
289 SB2[ (T >> 24) & 0x3F ]; \
290 \
291 T = *SK++ ^ ((X << 28) | (X >> 4)); \
292 Y ^= SB7[ (T ) & 0x3F ] ^ \
293 SB5[ (T >> 8) & 0x3F ] ^ \
294 SB3[ (T >> 16) & 0x3F ] ^ \
295 SB1[ (T >> 24) & 0x3F ]; \
296 }
297
298 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
299
300 static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
301 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
302 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
303 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
304 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
305 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
306 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
307 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
308 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
309 254 };
310
311 void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
312 {
313 int i;
314
315 for( i = 0; i < DES_KEY_SIZE; i++ )
316 key[i] = odd_parity_table[key[i] / 2];
317 }
318
319 /*
320 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
321 */
322 int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
323 {
324 int i;
325
326 for( i = 0; i < DES_KEY_SIZE; i++ )
327 if ( key[i] != odd_parity_table[key[i] / 2] )
328 return( 1 );
329
330 return( 0 );
331 }
332
333 /*
334 * Table of weak and semi-weak keys
335 *
336 * Source: http://en.wikipedia.org/wiki/Weak_key
337 *
338 * Weak:
339 * Alternating ones + zeros (0x0101010101010101)
340 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
341 * '0xE0E0E0E0F1F1F1F1'
342 * '0x1F1F1F1F0E0E0E0E'
343 *
344 * Semi-weak:
345 * 0x011F011F010E010E and 0x1F011F010E010E01
346 * 0x01E001E001F101F1 and 0xE001E001F101F101
347 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
348 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
349 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
350 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
351 *
352 */
353
354 #define WEAK_KEY_COUNT 16
355
356 static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
357 {
358 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
359 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
360 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
361 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
362
363 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
364 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
365 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
366 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
367 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
368 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
369 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
370 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
371 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
372 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
373 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
374 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
375 };
376
377 int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
378 {
379 int i;
380
381 for( i = 0; i < WEAK_KEY_COUNT; i++ )
382 if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
383 return( 1 );
384
385 return( 0 );
386 }
387
388 static void des_setkey( uint32_t SK[32], const unsigned char key[DES_KEY_SIZE] )
389 {
390 int i;
391 uint32_t X, Y, T;
392
393 GET_UINT32_BE( X, key, 0 );
394 GET_UINT32_BE( Y, key, 4 );
395
396 /*
397 * Permuted Choice 1
398 */
399 T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
400 T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
401
402 X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
403 | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
404 | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
405 | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
406
407 Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
408 | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
409 | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
410 | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
411
412 X &= 0x0FFFFFFF;
413 Y &= 0x0FFFFFFF;
414
415 /*
416 * calculate subkeys
417 */
418 for( i = 0; i < 16; i++ )
419 {
420 if( i < 2 || i == 8 || i == 15 )
421 {
422 X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
423 Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
424 }
425 else
426 {
427 X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
428 Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
429 }
430
431 *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
432 | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
433 | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
434 | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
435 | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
436 | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
437 | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
438 | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
439 | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
440 | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
441 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
442
443 *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
444 | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
445 | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
446 | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
447 | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
448 | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
449 | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
450 | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
451 | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
452 | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
453 | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
454 }
455 }
456
457 /*
458 * DES key schedule (56-bit, encryption)
459 */
460 int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
461 {
462 des_setkey( ctx->sk, key );
463
464 return( 0 );
465 }
466
467 /*
468 * DES key schedule (56-bit, decryption)
469 */
470 int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
471 {
472 int i;
473
474 des_setkey( ctx->sk, key );
475
476 for( i = 0; i < 16; i += 2 )
477 {
478 SWAP( ctx->sk[i ], ctx->sk[30 - i] );
479 SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
480 }
481
482 return( 0 );
483 }
484
485 static void des3_set2key( uint32_t esk[96],
486 uint32_t dsk[96],
487 const unsigned char key[DES_KEY_SIZE*2] )
488 {
489 int i;
490
491 des_setkey( esk, key );
492 des_setkey( dsk + 32, key + 8 );
493
494 for( i = 0; i < 32; i += 2 )
495 {
496 dsk[i ] = esk[30 - i];
497 dsk[i + 1] = esk[31 - i];
498
499 esk[i + 32] = dsk[62 - i];
500 esk[i + 33] = dsk[63 - i];
501
502 esk[i + 64] = esk[i ];
503 esk[i + 65] = esk[i + 1];
504
505 dsk[i + 64] = dsk[i ];
506 dsk[i + 65] = dsk[i + 1];
507 }
508 }
509
510 /*
511 * Triple-DES key schedule (112-bit, encryption)
512 */
513 int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
514 {
515 uint32_t sk[96];
516
517 des3_set2key( ctx->sk, sk, key );
518 memset( sk, 0, sizeof( sk ) );
519
520 return( 0 );
521 }
522
523 /*
524 * Triple-DES key schedule (112-bit, decryption)
525 */
526 int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
527 {
528 uint32_t sk[96];
529
530 des3_set2key( sk, ctx->sk, key );
531 memset( sk, 0, sizeof( sk ) );
532
533 return( 0 );
534 }
535
536 static void des3_set3key( uint32_t esk[96],
537 uint32_t dsk[96],
538 const unsigned char key[24] )
539 {
540 int i;
541
542 des_setkey( esk, key );
543 des_setkey( dsk + 32, key + 8 );
544 des_setkey( esk + 64, key + 16 );
545
546 for( i = 0; i < 32; i += 2 )
547 {
548 dsk[i ] = esk[94 - i];
549 dsk[i + 1] = esk[95 - i];
550
551 esk[i + 32] = dsk[62 - i];
552 esk[i + 33] = dsk[63 - i];
553
554 dsk[i + 64] = esk[30 - i];
555 dsk[i + 65] = esk[31 - i];
556 }
557 }
558
559 /*
560 * Triple-DES key schedule (168-bit, encryption)
561 */
562 int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
563 {
564 uint32_t sk[96];
565
566 des3_set3key( ctx->sk, sk, key );
567 memset( sk, 0, sizeof( sk ) );
568
569 return( 0 );
570 }
571
572 /*
573 * Triple-DES key schedule (168-bit, decryption)
574 */
575 int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
576 {
577 uint32_t sk[96];
578
579 des3_set3key( sk, ctx->sk, key );
580 memset( sk, 0, sizeof( sk ) );
581
582 return( 0 );
583 }
584
585 /*
586 * DES-ECB block encryption/decryption
587 */
588 int des_crypt_ecb( des_context *ctx,
589 const unsigned char input[8],
590 unsigned char output[8] )
591 {
592 int i;
593 uint32_t X, Y, T, *SK;
594
595 SK = ctx->sk;
596
597 GET_UINT32_BE( X, input, 0 );
598 GET_UINT32_BE( Y, input, 4 );
599
600 DES_IP( X, Y );
601
602 for( i = 0; i < 8; i++ )
603 {
604 DES_ROUND( Y, X );
605 DES_ROUND( X, Y );
606 }
607
608 DES_FP( Y, X );
609
610 PUT_UINT32_BE( Y, output, 0 );
611 PUT_UINT32_BE( X, output, 4 );
612
613 return( 0 );
614 }
615
616 #if defined(POLARSSL_CIPHER_MODE_CBC)
617 /*
618 * DES-CBC buffer encryption/decryption
619 */
620 int des_crypt_cbc( des_context *ctx,
621 int mode,
622 size_t length,
623 unsigned char iv[8],
624 const unsigned char *input,
625 unsigned char *output )
626 {
627 int i;
628 unsigned char temp[8];
629
630 if( length % 8 )
631 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
632
633 if( mode == DES_ENCRYPT )
634 {
635 while( length > 0 )
636 {
637 for( i = 0; i < 8; i++ )
638 output[i] = (unsigned char)( input[i] ^ iv[i] );
639
640 des_crypt_ecb( ctx, output, output );
641 memcpy( iv, output, 8 );
642
643 input += 8;
644 output += 8;
645 length -= 8;
646 }
647 }
648 else /* DES_DECRYPT */
649 {
650 while( length > 0 )
651 {
652 memcpy( temp, input, 8 );
653 des_crypt_ecb( ctx, input, output );
654
655 for( i = 0; i < 8; i++ )
656 output[i] = (unsigned char)( output[i] ^ iv[i] );
657
658 memcpy( iv, temp, 8 );
659
660 input += 8;
661 output += 8;
662 length -= 8;
663 }
664 }
665
666 return( 0 );
667 }
668 #endif /* POLARSSL_CIPHER_MODE_CBC */
669
670 /*
671 * 3DES-ECB block encryption/decryption
672 */
673 int des3_crypt_ecb( des3_context *ctx,
674 const unsigned char input[8],
675 unsigned char output[8] )
676 {
677 int i;
678 uint32_t X, Y, T, *SK;
679
680 SK = ctx->sk;
681
682 GET_UINT32_BE( X, input, 0 );
683 GET_UINT32_BE( Y, input, 4 );
684
685 DES_IP( X, Y );
686
687 for( i = 0; i < 8; i++ )
688 {
689 DES_ROUND( Y, X );
690 DES_ROUND( X, Y );
691 }
692
693 for( i = 0; i < 8; i++ )
694 {
695 DES_ROUND( X, Y );
696 DES_ROUND( Y, X );
697 }
698
699 for( i = 0; i < 8; i++ )
700 {
701 DES_ROUND( Y, X );
702 DES_ROUND( X, Y );
703 }
704
705 DES_FP( Y, X );
706
707 PUT_UINT32_BE( Y, output, 0 );
708 PUT_UINT32_BE( X, output, 4 );
709
710 return( 0 );
711 }
712
713 #if defined(POLARSSL_CIPHER_MODE_CBC)
714 /*
715 * 3DES-CBC buffer encryption/decryption
716 */
717 int des3_crypt_cbc( des3_context *ctx,
718 int mode,
719 size_t length,
720 unsigned char iv[8],
721 const unsigned char *input,
722 unsigned char *output )
723 {
724 int i;
725 unsigned char temp[8];
726
727 if( length % 8 )
728 return( POLARSSL_ERR_DES_INVALID_INPUT_LENGTH );
729
730 if( mode == DES_ENCRYPT )
731 {
732 while( length > 0 )
733 {
734 for( i = 0; i < 8; i++ )
735 output[i] = (unsigned char)( input[i] ^ iv[i] );
736
737 des3_crypt_ecb( ctx, output, output );
738 memcpy( iv, output, 8 );
739
740 input += 8;
741 output += 8;
742 length -= 8;
743 }
744 }
745 else /* DES_DECRYPT */
746 {
747 while( length > 0 )
748 {
749 memcpy( temp, input, 8 );
750 des3_crypt_ecb( ctx, input, output );
751
752 for( i = 0; i < 8; i++ )
753 output[i] = (unsigned char)( output[i] ^ iv[i] );
754
755 memcpy( iv, temp, 8 );
756
757 input += 8;
758 output += 8;
759 length -= 8;
760 }
761 }
762
763 return( 0 );
764 }
765 #endif /* POLARSSL_CIPHER_MODE_CBC */
766
767 #endif /* !POLARSSL_DES_ALT */
768
769 #if defined(POLARSSL_SELF_TEST)
770
771 #include <stdio.h>
772
773 /*
774 * DES and 3DES test vectors from:
775 *
776 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
777 */
778 static const unsigned char des3_test_keys[24] =
779 {
780 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
781 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
782 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
783 };
784
785 static const unsigned char des3_test_buf[8] =
786 {
787 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
788 };
789
790 static const unsigned char des3_test_ecb_dec[3][8] =
791 {
792 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
793 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
794 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
795 };
796
797 static const unsigned char des3_test_ecb_enc[3][8] =
798 {
799 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
800 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
801 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
802 };
803
804 #if defined(POLARSSL_CIPHER_MODE_CBC)
805 static const unsigned char des3_test_iv[8] =
806 {
807 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
808 };
809
810 static const unsigned char des3_test_cbc_dec[3][8] =
811 {
812 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
813 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
814 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
815 };
816
817 static const unsigned char des3_test_cbc_enc[3][8] =
818 {
819 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
820 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
821 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
822 };
823 #endif /* POLARSSL_CIPHER_MODE_CBC */
824
825 /*
826 * Checkup routine
827 */
828 int des_self_test( int verbose )
829 {
830 int i, j, u, v;
831 des_context ctx;
832 des3_context ctx3;
833 unsigned char key[24];
834 unsigned char buf[8];
835 #if defined(POLARSSL_CIPHER_MODE_CBC)
836 unsigned char prv[8];
837 unsigned char iv[8];
838 #endif
839
840 memset( key, 0, 24 );
841
842 /*
843 * ECB mode
844 */
845 for( i = 0; i < 6; i++ )
846 {
847 u = i >> 1;
848 v = i & 1;
849
850 if( verbose != 0 )
851 polarssl_printf( " DES%c-ECB-%3d (%s): ",
852 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
853 ( v == DES_DECRYPT ) ? "dec" : "enc" );
854
855 memcpy( buf, des3_test_buf, 8 );
856
857 switch( i )
858 {
859 case 0:
860 des_setkey_dec( &ctx, des3_test_keys );
861 break;
862
863 case 1:
864 des_setkey_enc( &ctx, des3_test_keys );
865 break;
866
867 case 2:
868 des3_set2key_dec( &ctx3, des3_test_keys );
869 break;
870
871 case 3:
872 des3_set2key_enc( &ctx3, des3_test_keys );
873 break;
874
875 case 4:
876 des3_set3key_dec( &ctx3, des3_test_keys );
877 break;
878
879 case 5:
880 des3_set3key_enc( &ctx3, des3_test_keys );
881 break;
882
883 default:
884 return( 1 );
885 }
886
887 for( j = 0; j < 10000; j++ )
888 {
889 if( u == 0 )
890 des_crypt_ecb( &ctx, buf, buf );
891 else
892 des3_crypt_ecb( &ctx3, buf, buf );
893 }
894
895 if( ( v == DES_DECRYPT &&
896 memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
897 ( v != DES_DECRYPT &&
898 memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
899 {
900 if( verbose != 0 )
901 polarssl_printf( "failed\n" );
902
903 return( 1 );
904 }
905
906 if( verbose != 0 )
907 polarssl_printf( "passed\n" );
908 }
909
910 if( verbose != 0 )
911 polarssl_printf( "\n" );
912
913 #if defined(POLARSSL_CIPHER_MODE_CBC)
914 /*
915 * CBC mode
916 */
917 for( i = 0; i < 6; i++ )
918 {
919 u = i >> 1;
920 v = i & 1;
921
922 if( verbose != 0 )
923 polarssl_printf( " DES%c-CBC-%3d (%s): ",
924 ( u == 0 ) ? ' ' : '3', 56 + u * 56,
925 ( v == DES_DECRYPT ) ? "dec" : "enc" );
926
927 memcpy( iv, des3_test_iv, 8 );
928 memcpy( prv, des3_test_iv, 8 );
929 memcpy( buf, des3_test_buf, 8 );
930
931 switch( i )
932 {
933 case 0:
934 des_setkey_dec( &ctx, des3_test_keys );
935 break;
936
937 case 1:
938 des_setkey_enc( &ctx, des3_test_keys );
939 break;
940
941 case 2:
942 des3_set2key_dec( &ctx3, des3_test_keys );
943 break;
944
945 case 3:
946 des3_set2key_enc( &ctx3, des3_test_keys );
947 break;
948
949 case 4:
950 des3_set3key_dec( &ctx3, des3_test_keys );
951 break;
952
953 case 5:
954 des3_set3key_enc( &ctx3, des3_test_keys );
955 break;
956
957 default:
958 return( 1 );
959 }
960
961 if( v == DES_DECRYPT )
962 {
963 for( j = 0; j < 10000; j++ )
964 {
965 if( u == 0 )
966 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
967 else
968 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
969 }
970 }
971 else
972 {
973 for( j = 0; j < 10000; j++ )
974 {
975 unsigned char tmp[8];
976
977 if( u == 0 )
978 des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
979 else
980 des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
981
982 memcpy( tmp, prv, 8 );
983 memcpy( prv, buf, 8 );
984 memcpy( buf, tmp, 8 );
985 }
986
987 memcpy( buf, prv, 8 );
988 }
989
990 if( ( v == DES_DECRYPT &&
991 memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
992 ( v != DES_DECRYPT &&
993 memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
994 {
995 if( verbose != 0 )
996 polarssl_printf( "failed\n" );
997
998 return( 1 );
999 }
1000
1001 if( verbose != 0 )
1002 polarssl_printf( "passed\n" );
1003 }
1004 #endif /* POLARSSL_CIPHER_MODE_CBC */
1005
1006 if( verbose != 0 )
1007 polarssl_printf( "\n" );
1008
1009 return( 0 );
1010 }
1011
1012 #endif
1013
1014 #endif
Impressum, Datenschutz