2 * FIPS-46-3 compliant Triple-DES implementation
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * This file is part of mbed TLS (https://tls.mbed.org)
22 * DES, on which TDES is based, was originally designed by Horst Feistel
23 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
25 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
28 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include "mbedtls/config.h"
31 #include MBEDTLS_CONFIG_FILE
34 #if defined(MBEDTLS_DES_C)
36 #include "mbedtls/des.h"
40 #if defined(MBEDTLS_SELF_TEST)
41 #if defined(MBEDTLS_PLATFORM_C)
42 #include "mbedtls/platform.h"
45 #define mbedtls_printf printf
46 #endif /* MBEDTLS_PLATFORM_C */
47 #endif /* MBEDTLS_SELF_TEST */
49 #if !defined(MBEDTLS_DES_ALT)
51 /* Implementation that should never be optimized out by the compiler */
52 static void mbedtls_zeroize( void *v
, size_t n
) {
53 volatile unsigned char *p
= v
; while( n
-- ) *p
++ = 0;
57 * 32-bit integer manipulation macros (big endian)
60 #define GET_UINT32_BE(n,b,i) \
62 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
63 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
64 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
65 | ( (uint32_t) (b)[(i) + 3] ); \
70 #define PUT_UINT32_BE(n,b,i) \
72 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
73 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
74 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
75 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80 * Expanded DES S-boxes
82 static const uint32_t SB1
[64] =
84 0x01010400, 0x00000000, 0x00010000, 0x01010404,
85 0x01010004, 0x00010404, 0x00000004, 0x00010000,
86 0x00000400, 0x01010400, 0x01010404, 0x00000400,
87 0x01000404, 0x01010004, 0x01000000, 0x00000004,
88 0x00000404, 0x01000400, 0x01000400, 0x00010400,
89 0x00010400, 0x01010000, 0x01010000, 0x01000404,
90 0x00010004, 0x01000004, 0x01000004, 0x00010004,
91 0x00000000, 0x00000404, 0x00010404, 0x01000000,
92 0x00010000, 0x01010404, 0x00000004, 0x01010000,
93 0x01010400, 0x01000000, 0x01000000, 0x00000400,
94 0x01010004, 0x00010000, 0x00010400, 0x01000004,
95 0x00000400, 0x00000004, 0x01000404, 0x00010404,
96 0x01010404, 0x00010004, 0x01010000, 0x01000404,
97 0x01000004, 0x00000404, 0x00010404, 0x01010400,
98 0x00000404, 0x01000400, 0x01000400, 0x00000000,
99 0x00010004, 0x00010400, 0x00000000, 0x01010004
102 static const uint32_t SB2
[64] =
104 0x80108020, 0x80008000, 0x00008000, 0x00108020,
105 0x00100000, 0x00000020, 0x80100020, 0x80008020,
106 0x80000020, 0x80108020, 0x80108000, 0x80000000,
107 0x80008000, 0x00100000, 0x00000020, 0x80100020,
108 0x00108000, 0x00100020, 0x80008020, 0x00000000,
109 0x80000000, 0x00008000, 0x00108020, 0x80100000,
110 0x00100020, 0x80000020, 0x00000000, 0x00108000,
111 0x00008020, 0x80108000, 0x80100000, 0x00008020,
112 0x00000000, 0x00108020, 0x80100020, 0x00100000,
113 0x80008020, 0x80100000, 0x80108000, 0x00008000,
114 0x80100000, 0x80008000, 0x00000020, 0x80108020,
115 0x00108020, 0x00000020, 0x00008000, 0x80000000,
116 0x00008020, 0x80108000, 0x00100000, 0x80000020,
117 0x00100020, 0x80008020, 0x80000020, 0x00100020,
118 0x00108000, 0x00000000, 0x80008000, 0x00008020,
119 0x80000000, 0x80100020, 0x80108020, 0x00108000
122 static const uint32_t SB3
[64] =
124 0x00000208, 0x08020200, 0x00000000, 0x08020008,
125 0x08000200, 0x00000000, 0x00020208, 0x08000200,
126 0x00020008, 0x08000008, 0x08000008, 0x00020000,
127 0x08020208, 0x00020008, 0x08020000, 0x00000208,
128 0x08000000, 0x00000008, 0x08020200, 0x00000200,
129 0x00020200, 0x08020000, 0x08020008, 0x00020208,
130 0x08000208, 0x00020200, 0x00020000, 0x08000208,
131 0x00000008, 0x08020208, 0x00000200, 0x08000000,
132 0x08020200, 0x08000000, 0x00020008, 0x00000208,
133 0x00020000, 0x08020200, 0x08000200, 0x00000000,
134 0x00000200, 0x00020008, 0x08020208, 0x08000200,
135 0x08000008, 0x00000200, 0x00000000, 0x08020008,
136 0x08000208, 0x00020000, 0x08000000, 0x08020208,
137 0x00000008, 0x00020208, 0x00020200, 0x08000008,
138 0x08020000, 0x08000208, 0x00000208, 0x08020000,
139 0x00020208, 0x00000008, 0x08020008, 0x00020200
142 static const uint32_t SB4
[64] =
144 0x00802001, 0x00002081, 0x00002081, 0x00000080,
145 0x00802080, 0x00800081, 0x00800001, 0x00002001,
146 0x00000000, 0x00802000, 0x00802000, 0x00802081,
147 0x00000081, 0x00000000, 0x00800080, 0x00800001,
148 0x00000001, 0x00002000, 0x00800000, 0x00802001,
149 0x00000080, 0x00800000, 0x00002001, 0x00002080,
150 0x00800081, 0x00000001, 0x00002080, 0x00800080,
151 0x00002000, 0x00802080, 0x00802081, 0x00000081,
152 0x00800080, 0x00800001, 0x00802000, 0x00802081,
153 0x00000081, 0x00000000, 0x00000000, 0x00802000,
154 0x00002080, 0x00800080, 0x00800081, 0x00000001,
155 0x00802001, 0x00002081, 0x00002081, 0x00000080,
156 0x00802081, 0x00000081, 0x00000001, 0x00002000,
157 0x00800001, 0x00002001, 0x00802080, 0x00800081,
158 0x00002001, 0x00002080, 0x00800000, 0x00802001,
159 0x00000080, 0x00800000, 0x00002000, 0x00802080
162 static const uint32_t SB5
[64] =
164 0x00000100, 0x02080100, 0x02080000, 0x42000100,
165 0x00080000, 0x00000100, 0x40000000, 0x02080000,
166 0x40080100, 0x00080000, 0x02000100, 0x40080100,
167 0x42000100, 0x42080000, 0x00080100, 0x40000000,
168 0x02000000, 0x40080000, 0x40080000, 0x00000000,
169 0x40000100, 0x42080100, 0x42080100, 0x02000100,
170 0x42080000, 0x40000100, 0x00000000, 0x42000000,
171 0x02080100, 0x02000000, 0x42000000, 0x00080100,
172 0x00080000, 0x42000100, 0x00000100, 0x02000000,
173 0x40000000, 0x02080000, 0x42000100, 0x40080100,
174 0x02000100, 0x40000000, 0x42080000, 0x02080100,
175 0x40080100, 0x00000100, 0x02000000, 0x42080000,
176 0x42080100, 0x00080100, 0x42000000, 0x42080100,
177 0x02080000, 0x00000000, 0x40080000, 0x42000000,
178 0x00080100, 0x02000100, 0x40000100, 0x00080000,
179 0x00000000, 0x40080000, 0x02080100, 0x40000100
182 static const uint32_t SB6
[64] =
184 0x20000010, 0x20400000, 0x00004000, 0x20404010,
185 0x20400000, 0x00000010, 0x20404010, 0x00400000,
186 0x20004000, 0x00404010, 0x00400000, 0x20000010,
187 0x00400010, 0x20004000, 0x20000000, 0x00004010,
188 0x00000000, 0x00400010, 0x20004010, 0x00004000,
189 0x00404000, 0x20004010, 0x00000010, 0x20400010,
190 0x20400010, 0x00000000, 0x00404010, 0x20404000,
191 0x00004010, 0x00404000, 0x20404000, 0x20000000,
192 0x20004000, 0x00000010, 0x20400010, 0x00404000,
193 0x20404010, 0x00400000, 0x00004010, 0x20000010,
194 0x00400000, 0x20004000, 0x20000000, 0x00004010,
195 0x20000010, 0x20404010, 0x00404000, 0x20400000,
196 0x00404010, 0x20404000, 0x00000000, 0x20400010,
197 0x00000010, 0x00004000, 0x20400000, 0x00404010,
198 0x00004000, 0x00400010, 0x20004010, 0x00000000,
199 0x20404000, 0x20000000, 0x00400010, 0x20004010
202 static const uint32_t SB7
[64] =
204 0x00200000, 0x04200002, 0x04000802, 0x00000000,
205 0x00000800, 0x04000802, 0x00200802, 0x04200800,
206 0x04200802, 0x00200000, 0x00000000, 0x04000002,
207 0x00000002, 0x04000000, 0x04200002, 0x00000802,
208 0x04000800, 0x00200802, 0x00200002, 0x04000800,
209 0x04000002, 0x04200000, 0x04200800, 0x00200002,
210 0x04200000, 0x00000800, 0x00000802, 0x04200802,
211 0x00200800, 0x00000002, 0x04000000, 0x00200800,
212 0x04000000, 0x00200800, 0x00200000, 0x04000802,
213 0x04000802, 0x04200002, 0x04200002, 0x00000002,
214 0x00200002, 0x04000000, 0x04000800, 0x00200000,
215 0x04200800, 0x00000802, 0x00200802, 0x04200800,
216 0x00000802, 0x04000002, 0x04200802, 0x04200000,
217 0x00200800, 0x00000000, 0x00000002, 0x04200802,
218 0x00000000, 0x00200802, 0x04200000, 0x00000800,
219 0x04000002, 0x04000800, 0x00000800, 0x00200002
222 static const uint32_t SB8
[64] =
224 0x10001040, 0x00001000, 0x00040000, 0x10041040,
225 0x10000000, 0x10001040, 0x00000040, 0x10000000,
226 0x00040040, 0x10040000, 0x10041040, 0x00041000,
227 0x10041000, 0x00041040, 0x00001000, 0x00000040,
228 0x10040000, 0x10000040, 0x10001000, 0x00001040,
229 0x00041000, 0x00040040, 0x10040040, 0x10041000,
230 0x00001040, 0x00000000, 0x00000000, 0x10040040,
231 0x10000040, 0x10001000, 0x00041040, 0x00040000,
232 0x00041040, 0x00040000, 0x10041000, 0x00001000,
233 0x00000040, 0x10040040, 0x00001000, 0x00041040,
234 0x10001000, 0x00000040, 0x10000040, 0x10040000,
235 0x10040040, 0x10000000, 0x00040000, 0x10001040,
236 0x00000000, 0x10041040, 0x00040040, 0x10000040,
237 0x10040000, 0x10001000, 0x10001040, 0x00000000,
238 0x10041040, 0x00041000, 0x00041000, 0x00001040,
239 0x00001040, 0x00040040, 0x10000000, 0x10041000
243 * PC1: left and right halves bit-swap
245 static const uint32_t LHs
[16] =
247 0x00000000, 0x00000001, 0x00000100, 0x00000101,
248 0x00010000, 0x00010001, 0x00010100, 0x00010101,
249 0x01000000, 0x01000001, 0x01000100, 0x01000101,
250 0x01010000, 0x01010001, 0x01010100, 0x01010101
253 static const uint32_t RHs
[16] =
255 0x00000000, 0x01000000, 0x00010000, 0x01010000,
256 0x00000100, 0x01000100, 0x00010100, 0x01010100,
257 0x00000001, 0x01000001, 0x00010001, 0x01010001,
258 0x00000101, 0x01000101, 0x00010101, 0x01010101,
262 * Initial Permutation macro
264 #define DES_IP(X,Y) \
266 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
267 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
268 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
269 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
270 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
271 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
272 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
276 * Final Permutation macro
278 #define DES_FP(X,Y) \
280 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
281 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
282 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
283 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
284 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
285 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
286 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
292 #define DES_ROUND(X,Y) \
295 Y ^= SB8[ (T ) & 0x3F ] ^ \
296 SB6[ (T >> 8) & 0x3F ] ^ \
297 SB4[ (T >> 16) & 0x3F ] ^ \
298 SB2[ (T >> 24) & 0x3F ]; \
300 T = *SK++ ^ ((X << 28) | (X >> 4)); \
301 Y ^= SB7[ (T ) & 0x3F ] ^ \
302 SB5[ (T >> 8) & 0x3F ] ^ \
303 SB3[ (T >> 16) & 0x3F ] ^ \
304 SB1[ (T >> 24) & 0x3F ]; \
307 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
309 void mbedtls_des_init( mbedtls_des_context
*ctx
)
311 memset( ctx
, 0, sizeof( mbedtls_des_context
) );
314 void mbedtls_des_free( mbedtls_des_context
*ctx
)
319 mbedtls_zeroize( ctx
, sizeof( mbedtls_des_context
) );
322 void mbedtls_des3_init( mbedtls_des3_context
*ctx
)
324 memset( ctx
, 0, sizeof( mbedtls_des3_context
) );
327 void mbedtls_des3_free( mbedtls_des3_context
*ctx
)
332 mbedtls_zeroize( ctx
, sizeof( mbedtls_des3_context
) );
335 static const unsigned char odd_parity_table
[128] = { 1, 2, 4, 7, 8,
336 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
337 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
338 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
339 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
340 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
341 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
342 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
343 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
346 void mbedtls_des_key_set_parity( unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
350 for( i
= 0; i
< MBEDTLS_DES_KEY_SIZE
; i
++ )
351 key
[i
] = odd_parity_table
[key
[i
] / 2];
355 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
357 int mbedtls_des_key_check_key_parity( const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
361 for( i
= 0; i
< MBEDTLS_DES_KEY_SIZE
; i
++ )
362 if( key
[i
] != odd_parity_table
[key
[i
] / 2] )
369 * Table of weak and semi-weak keys
371 * Source: http://en.wikipedia.org/wiki/Weak_key
374 * Alternating ones + zeros (0x0101010101010101)
375 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
376 * '0xE0E0E0E0F1F1F1F1'
377 * '0x1F1F1F1F0E0E0E0E'
380 * 0x011F011F010E010E and 0x1F011F010E010E01
381 * 0x01E001E001F101F1 and 0xE001E001F101F101
382 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
383 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
384 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
385 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
389 #define WEAK_KEY_COUNT 16
391 static const unsigned char weak_key_table
[WEAK_KEY_COUNT
][MBEDTLS_DES_KEY_SIZE
] =
393 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
394 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
395 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
396 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
398 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
399 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
400 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
401 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
402 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
403 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
404 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
405 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
406 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
407 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
408 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
409 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
412 int mbedtls_des_key_check_weak( const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
416 for( i
= 0; i
< WEAK_KEY_COUNT
; i
++ )
417 if( memcmp( weak_key_table
[i
], key
, MBEDTLS_DES_KEY_SIZE
) == 0 )
423 #if !defined(MBEDTLS_DES_SETKEY_ALT)
424 void mbedtls_des_setkey( uint32_t SK
[32], const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
429 GET_UINT32_BE( X
, key
, 0 );
430 GET_UINT32_BE( Y
, key
, 4 );
435 T
= ((Y
>> 4) ^ X
) & 0x0F0F0F0F; X
^= T
; Y
^= (T
<< 4);
436 T
= ((Y
) ^ X
) & 0x10101010; X
^= T
; Y
^= (T
);
438 X
= (LHs
[ (X
) & 0xF] << 3) | (LHs
[ (X
>> 8) & 0xF ] << 2)
439 | (LHs
[ (X
>> 16) & 0xF] << 1) | (LHs
[ (X
>> 24) & 0xF ] )
440 | (LHs
[ (X
>> 5) & 0xF] << 7) | (LHs
[ (X
>> 13) & 0xF ] << 6)
441 | (LHs
[ (X
>> 21) & 0xF] << 5) | (LHs
[ (X
>> 29) & 0xF ] << 4);
443 Y
= (RHs
[ (Y
>> 1) & 0xF] << 3) | (RHs
[ (Y
>> 9) & 0xF ] << 2)
444 | (RHs
[ (Y
>> 17) & 0xF] << 1) | (RHs
[ (Y
>> 25) & 0xF ] )
445 | (RHs
[ (Y
>> 4) & 0xF] << 7) | (RHs
[ (Y
>> 12) & 0xF ] << 6)
446 | (RHs
[ (Y
>> 20) & 0xF] << 5) | (RHs
[ (Y
>> 28) & 0xF ] << 4);
454 for( i
= 0; i
< 16; i
++ )
456 if( i
< 2 || i
== 8 || i
== 15 )
458 X
= ((X
<< 1) | (X
>> 27)) & 0x0FFFFFFF;
459 Y
= ((Y
<< 1) | (Y
>> 27)) & 0x0FFFFFFF;
463 X
= ((X
<< 2) | (X
>> 26)) & 0x0FFFFFFF;
464 Y
= ((Y
<< 2) | (Y
>> 26)) & 0x0FFFFFFF;
467 *SK
++ = ((X
<< 4) & 0x24000000) | ((X
<< 28) & 0x10000000)
468 | ((X
<< 14) & 0x08000000) | ((X
<< 18) & 0x02080000)
469 | ((X
<< 6) & 0x01000000) | ((X
<< 9) & 0x00200000)
470 | ((X
>> 1) & 0x00100000) | ((X
<< 10) & 0x00040000)
471 | ((X
<< 2) & 0x00020000) | ((X
>> 10) & 0x00010000)
472 | ((Y
>> 13) & 0x00002000) | ((Y
>> 4) & 0x00001000)
473 | ((Y
<< 6) & 0x00000800) | ((Y
>> 1) & 0x00000400)
474 | ((Y
>> 14) & 0x00000200) | ((Y
) & 0x00000100)
475 | ((Y
>> 5) & 0x00000020) | ((Y
>> 10) & 0x00000010)
476 | ((Y
>> 3) & 0x00000008) | ((Y
>> 18) & 0x00000004)
477 | ((Y
>> 26) & 0x00000002) | ((Y
>> 24) & 0x00000001);
479 *SK
++ = ((X
<< 15) & 0x20000000) | ((X
<< 17) & 0x10000000)
480 | ((X
<< 10) & 0x08000000) | ((X
<< 22) & 0x04000000)
481 | ((X
>> 2) & 0x02000000) | ((X
<< 1) & 0x01000000)
482 | ((X
<< 16) & 0x00200000) | ((X
<< 11) & 0x00100000)
483 | ((X
<< 3) & 0x00080000) | ((X
>> 6) & 0x00040000)
484 | ((X
<< 15) & 0x00020000) | ((X
>> 4) & 0x00010000)
485 | ((Y
>> 2) & 0x00002000) | ((Y
<< 8) & 0x00001000)
486 | ((Y
>> 14) & 0x00000808) | ((Y
>> 9) & 0x00000400)
487 | ((Y
) & 0x00000200) | ((Y
<< 7) & 0x00000100)
488 | ((Y
>> 7) & 0x00000020) | ((Y
>> 3) & 0x00000011)
489 | ((Y
<< 2) & 0x00000004) | ((Y
>> 21) & 0x00000002);
492 #endif /* !MBEDTLS_DES_SETKEY_ALT */
495 * DES key schedule (56-bit, encryption)
497 int mbedtls_des_setkey_enc( mbedtls_des_context
*ctx
, const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
499 mbedtls_des_setkey( ctx
->sk
, key
);
505 * DES key schedule (56-bit, decryption)
507 int mbedtls_des_setkey_dec( mbedtls_des_context
*ctx
, const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
511 mbedtls_des_setkey( ctx
->sk
, key
);
513 for( i
= 0; i
< 16; i
+= 2 )
515 SWAP( ctx
->sk
[i
], ctx
->sk
[30 - i
] );
516 SWAP( ctx
->sk
[i
+ 1], ctx
->sk
[31 - i
] );
522 static void des3_set2key( uint32_t esk
[96],
524 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
*2] )
528 mbedtls_des_setkey( esk
, key
);
529 mbedtls_des_setkey( dsk
+ 32, key
+ 8 );
531 for( i
= 0; i
< 32; i
+= 2 )
533 dsk
[i
] = esk
[30 - i
];
534 dsk
[i
+ 1] = esk
[31 - i
];
536 esk
[i
+ 32] = dsk
[62 - i
];
537 esk
[i
+ 33] = dsk
[63 - i
];
539 esk
[i
+ 64] = esk
[i
];
540 esk
[i
+ 65] = esk
[i
+ 1];
542 dsk
[i
+ 64] = dsk
[i
];
543 dsk
[i
+ 65] = dsk
[i
+ 1];
548 * Triple-DES key schedule (112-bit, encryption)
550 int mbedtls_des3_set2key_enc( mbedtls_des3_context
*ctx
,
551 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 2] )
555 des3_set2key( ctx
->sk
, sk
, key
);
556 mbedtls_zeroize( sk
, sizeof( sk
) );
562 * Triple-DES key schedule (112-bit, decryption)
564 int mbedtls_des3_set2key_dec( mbedtls_des3_context
*ctx
,
565 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 2] )
569 des3_set2key( sk
, ctx
->sk
, key
);
570 mbedtls_zeroize( sk
, sizeof( sk
) );
575 static void des3_set3key( uint32_t esk
[96],
577 const unsigned char key
[24] )
581 mbedtls_des_setkey( esk
, key
);
582 mbedtls_des_setkey( dsk
+ 32, key
+ 8 );
583 mbedtls_des_setkey( esk
+ 64, key
+ 16 );
585 for( i
= 0; i
< 32; i
+= 2 )
587 dsk
[i
] = esk
[94 - i
];
588 dsk
[i
+ 1] = esk
[95 - i
];
590 esk
[i
+ 32] = dsk
[62 - i
];
591 esk
[i
+ 33] = dsk
[63 - i
];
593 dsk
[i
+ 64] = esk
[30 - i
];
594 dsk
[i
+ 65] = esk
[31 - i
];
599 * Triple-DES key schedule (168-bit, encryption)
601 int mbedtls_des3_set3key_enc( mbedtls_des3_context
*ctx
,
602 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 3] )
606 des3_set3key( ctx
->sk
, sk
, key
);
607 mbedtls_zeroize( sk
, sizeof( sk
) );
613 * Triple-DES key schedule (168-bit, decryption)
615 int mbedtls_des3_set3key_dec( mbedtls_des3_context
*ctx
,
616 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 3] )
620 des3_set3key( sk
, ctx
->sk
, key
);
621 mbedtls_zeroize( sk
, sizeof( sk
) );
627 * DES-ECB block encryption/decryption
629 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
630 int mbedtls_des_crypt_ecb( mbedtls_des_context
*ctx
,
631 const unsigned char input
[8],
632 unsigned char output
[8] )
635 uint32_t X
, Y
, T
, *SK
;
639 GET_UINT32_BE( X
, input
, 0 );
640 GET_UINT32_BE( Y
, input
, 4 );
644 for( i
= 0; i
< 8; i
++ )
652 PUT_UINT32_BE( Y
, output
, 0 );
653 PUT_UINT32_BE( X
, output
, 4 );
657 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
659 #if defined(MBEDTLS_CIPHER_MODE_CBC)
661 * DES-CBC buffer encryption/decryption
663 int mbedtls_des_crypt_cbc( mbedtls_des_context
*ctx
,
667 const unsigned char *input
,
668 unsigned char *output
)
671 unsigned char temp
[8];
674 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
);
676 if( mode
== MBEDTLS_DES_ENCRYPT
)
680 for( i
= 0; i
< 8; i
++ )
681 output
[i
] = (unsigned char)( input
[i
] ^ iv
[i
] );
683 mbedtls_des_crypt_ecb( ctx
, output
, output
);
684 memcpy( iv
, output
, 8 );
691 else /* MBEDTLS_DES_DECRYPT */
695 memcpy( temp
, input
, 8 );
696 mbedtls_des_crypt_ecb( ctx
, input
, output
);
698 for( i
= 0; i
< 8; i
++ )
699 output
[i
] = (unsigned char)( output
[i
] ^ iv
[i
] );
701 memcpy( iv
, temp
, 8 );
711 #endif /* MBEDTLS_CIPHER_MODE_CBC */
714 * 3DES-ECB block encryption/decryption
716 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
717 int mbedtls_des3_crypt_ecb( mbedtls_des3_context
*ctx
,
718 const unsigned char input
[8],
719 unsigned char output
[8] )
722 uint32_t X
, Y
, T
, *SK
;
726 GET_UINT32_BE( X
, input
, 0 );
727 GET_UINT32_BE( Y
, input
, 4 );
731 for( i
= 0; i
< 8; i
++ )
737 for( i
= 0; i
< 8; i
++ )
743 for( i
= 0; i
< 8; i
++ )
751 PUT_UINT32_BE( Y
, output
, 0 );
752 PUT_UINT32_BE( X
, output
, 4 );
756 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
758 #if defined(MBEDTLS_CIPHER_MODE_CBC)
760 * 3DES-CBC buffer encryption/decryption
762 int mbedtls_des3_crypt_cbc( mbedtls_des3_context
*ctx
,
766 const unsigned char *input
,
767 unsigned char *output
)
770 unsigned char temp
[8];
773 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
);
775 if( mode
== MBEDTLS_DES_ENCRYPT
)
779 for( i
= 0; i
< 8; i
++ )
780 output
[i
] = (unsigned char)( input
[i
] ^ iv
[i
] );
782 mbedtls_des3_crypt_ecb( ctx
, output
, output
);
783 memcpy( iv
, output
, 8 );
790 else /* MBEDTLS_DES_DECRYPT */
794 memcpy( temp
, input
, 8 );
795 mbedtls_des3_crypt_ecb( ctx
, input
, output
);
797 for( i
= 0; i
< 8; i
++ )
798 output
[i
] = (unsigned char)( output
[i
] ^ iv
[i
] );
800 memcpy( iv
, temp
, 8 );
810 #endif /* MBEDTLS_CIPHER_MODE_CBC */
812 #endif /* !MBEDTLS_DES_ALT */
814 #if defined(MBEDTLS_SELF_TEST)
816 * DES and 3DES test vectors from:
818 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
820 static const unsigned char des3_test_keys
[24] =
822 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
823 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
824 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
827 static const unsigned char des3_test_buf
[8] =
829 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
832 static const unsigned char des3_test_ecb_dec
[3][8] =
834 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
835 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
836 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
839 static const unsigned char des3_test_ecb_enc
[3][8] =
841 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
842 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
843 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
846 #if defined(MBEDTLS_CIPHER_MODE_CBC)
847 static const unsigned char des3_test_iv
[8] =
849 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
852 static const unsigned char des3_test_cbc_dec
[3][8] =
854 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
855 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
856 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
859 static const unsigned char des3_test_cbc_enc
[3][8] =
861 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
862 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
863 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
865 #endif /* MBEDTLS_CIPHER_MODE_CBC */
870 int mbedtls_des_self_test( int verbose
)
872 int i
, j
, u
, v
, ret
= 0;
873 mbedtls_des_context ctx
;
874 mbedtls_des3_context ctx3
;
875 unsigned char buf
[8];
876 #if defined(MBEDTLS_CIPHER_MODE_CBC)
877 unsigned char prv
[8];
881 mbedtls_des_init( &ctx
);
882 mbedtls_des3_init( &ctx3
);
886 for( i
= 0; i
< 6; i
++ )
892 mbedtls_printf( " DES%c-ECB-%3d (%s): ",
893 ( u
== 0 ) ? ' ' : '3', 56 + u
* 56,
894 ( v
== MBEDTLS_DES_DECRYPT
) ? "dec" : "enc" );
896 memcpy( buf
, des3_test_buf
, 8 );
901 mbedtls_des_setkey_dec( &ctx
, des3_test_keys
);
905 mbedtls_des_setkey_enc( &ctx
, des3_test_keys
);
909 mbedtls_des3_set2key_dec( &ctx3
, des3_test_keys
);
913 mbedtls_des3_set2key_enc( &ctx3
, des3_test_keys
);
917 mbedtls_des3_set3key_dec( &ctx3
, des3_test_keys
);
921 mbedtls_des3_set3key_enc( &ctx3
, des3_test_keys
);
928 for( j
= 0; j
< 10000; j
++ )
931 mbedtls_des_crypt_ecb( &ctx
, buf
, buf
);
933 mbedtls_des3_crypt_ecb( &ctx3
, buf
, buf
);
936 if( ( v
== MBEDTLS_DES_DECRYPT
&&
937 memcmp( buf
, des3_test_ecb_dec
[u
], 8 ) != 0 ) ||
938 ( v
!= MBEDTLS_DES_DECRYPT
&&
939 memcmp( buf
, des3_test_ecb_enc
[u
], 8 ) != 0 ) )
942 mbedtls_printf( "failed\n" );
949 mbedtls_printf( "passed\n" );
953 mbedtls_printf( "\n" );
955 #if defined(MBEDTLS_CIPHER_MODE_CBC)
959 for( i
= 0; i
< 6; i
++ )
965 mbedtls_printf( " DES%c-CBC-%3d (%s): ",
966 ( u
== 0 ) ? ' ' : '3', 56 + u
* 56,
967 ( v
== MBEDTLS_DES_DECRYPT
) ? "dec" : "enc" );
969 memcpy( iv
, des3_test_iv
, 8 );
970 memcpy( prv
, des3_test_iv
, 8 );
971 memcpy( buf
, des3_test_buf
, 8 );
976 mbedtls_des_setkey_dec( &ctx
, des3_test_keys
);
980 mbedtls_des_setkey_enc( &ctx
, des3_test_keys
);
984 mbedtls_des3_set2key_dec( &ctx3
, des3_test_keys
);
988 mbedtls_des3_set2key_enc( &ctx3
, des3_test_keys
);
992 mbedtls_des3_set3key_dec( &ctx3
, des3_test_keys
);
996 mbedtls_des3_set3key_enc( &ctx3
, des3_test_keys
);
1003 if( v
== MBEDTLS_DES_DECRYPT
)
1005 for( j
= 0; j
< 10000; j
++ )
1008 mbedtls_des_crypt_cbc( &ctx
, v
, 8, iv
, buf
, buf
);
1010 mbedtls_des3_crypt_cbc( &ctx3
, v
, 8, iv
, buf
, buf
);
1015 for( j
= 0; j
< 10000; j
++ )
1017 unsigned char tmp
[8];
1020 mbedtls_des_crypt_cbc( &ctx
, v
, 8, iv
, buf
, buf
);
1022 mbedtls_des3_crypt_cbc( &ctx3
, v
, 8, iv
, buf
, buf
);
1024 memcpy( tmp
, prv
, 8 );
1025 memcpy( prv
, buf
, 8 );
1026 memcpy( buf
, tmp
, 8 );
1029 memcpy( buf
, prv
, 8 );
1032 if( ( v
== MBEDTLS_DES_DECRYPT
&&
1033 memcmp( buf
, des3_test_cbc_dec
[u
], 8 ) != 0 ) ||
1034 ( v
!= MBEDTLS_DES_DECRYPT
&&
1035 memcmp( buf
, des3_test_cbc_enc
[u
], 8 ) != 0 ) )
1038 mbedtls_printf( "failed\n" );
1045 mbedtls_printf( "passed\n" );
1047 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1050 mbedtls_printf( "\n" );
1053 mbedtls_des_free( &ctx
);
1054 mbedtls_des3_free( &ctx3
);
1059 #endif /* MBEDTLS_SELF_TEST */
1061 #endif /* MBEDTLS_DES_C */