2 * FIPS-46-3 compliant Triple-DES implementation
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * This file is part of mbed TLS (https://tls.mbed.org)
24 * DES, on which TDES is based, was originally designed by Horst Feistel
25 * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
27 * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
30 #if !defined(MBEDTLS_CONFIG_FILE)
31 #include "mbedtls/config.h"
33 #include MBEDTLS_CONFIG_FILE
36 #if defined(MBEDTLS_DES_C)
38 #include "mbedtls/des.h"
42 #if defined(MBEDTLS_SELF_TEST)
43 #if defined(MBEDTLS_PLATFORM_C)
44 #include "mbedtls/platform.h"
47 #define mbedtls_printf printf
48 #endif /* MBEDTLS_PLATFORM_C */
49 #endif /* MBEDTLS_SELF_TEST */
51 #if !defined(MBEDTLS_DES_ALT)
53 /* Implementation that should never be optimized out by the compiler */
54 static void mbedtls_zeroize( void *v
, size_t n
) {
55 volatile unsigned char *p
= (unsigned char*)v
; while( n
-- ) *p
++ = 0;
59 * 32-bit integer manipulation macros (big endian)
62 #define GET_UINT32_BE(n,b,i) \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
72 #define PUT_UINT32_BE(n,b,i) \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
82 * Expanded DES S-boxes
84 static const uint32_t SB1
[64] =
86 0x01010400, 0x00000000, 0x00010000, 0x01010404,
87 0x01010004, 0x00010404, 0x00000004, 0x00010000,
88 0x00000400, 0x01010400, 0x01010404, 0x00000400,
89 0x01000404, 0x01010004, 0x01000000, 0x00000004,
90 0x00000404, 0x01000400, 0x01000400, 0x00010400,
91 0x00010400, 0x01010000, 0x01010000, 0x01000404,
92 0x00010004, 0x01000004, 0x01000004, 0x00010004,
93 0x00000000, 0x00000404, 0x00010404, 0x01000000,
94 0x00010000, 0x01010404, 0x00000004, 0x01010000,
95 0x01010400, 0x01000000, 0x01000000, 0x00000400,
96 0x01010004, 0x00010000, 0x00010400, 0x01000004,
97 0x00000400, 0x00000004, 0x01000404, 0x00010404,
98 0x01010404, 0x00010004, 0x01010000, 0x01000404,
99 0x01000004, 0x00000404, 0x00010404, 0x01010400,
100 0x00000404, 0x01000400, 0x01000400, 0x00000000,
101 0x00010004, 0x00010400, 0x00000000, 0x01010004
104 static const uint32_t SB2
[64] =
106 0x80108020, 0x80008000, 0x00008000, 0x00108020,
107 0x00100000, 0x00000020, 0x80100020, 0x80008020,
108 0x80000020, 0x80108020, 0x80108000, 0x80000000,
109 0x80008000, 0x00100000, 0x00000020, 0x80100020,
110 0x00108000, 0x00100020, 0x80008020, 0x00000000,
111 0x80000000, 0x00008000, 0x00108020, 0x80100000,
112 0x00100020, 0x80000020, 0x00000000, 0x00108000,
113 0x00008020, 0x80108000, 0x80100000, 0x00008020,
114 0x00000000, 0x00108020, 0x80100020, 0x00100000,
115 0x80008020, 0x80100000, 0x80108000, 0x00008000,
116 0x80100000, 0x80008000, 0x00000020, 0x80108020,
117 0x00108020, 0x00000020, 0x00008000, 0x80000000,
118 0x00008020, 0x80108000, 0x00100000, 0x80000020,
119 0x00100020, 0x80008020, 0x80000020, 0x00100020,
120 0x00108000, 0x00000000, 0x80008000, 0x00008020,
121 0x80000000, 0x80100020, 0x80108020, 0x00108000
124 static const uint32_t SB3
[64] =
126 0x00000208, 0x08020200, 0x00000000, 0x08020008,
127 0x08000200, 0x00000000, 0x00020208, 0x08000200,
128 0x00020008, 0x08000008, 0x08000008, 0x00020000,
129 0x08020208, 0x00020008, 0x08020000, 0x00000208,
130 0x08000000, 0x00000008, 0x08020200, 0x00000200,
131 0x00020200, 0x08020000, 0x08020008, 0x00020208,
132 0x08000208, 0x00020200, 0x00020000, 0x08000208,
133 0x00000008, 0x08020208, 0x00000200, 0x08000000,
134 0x08020200, 0x08000000, 0x00020008, 0x00000208,
135 0x00020000, 0x08020200, 0x08000200, 0x00000000,
136 0x00000200, 0x00020008, 0x08020208, 0x08000200,
137 0x08000008, 0x00000200, 0x00000000, 0x08020008,
138 0x08000208, 0x00020000, 0x08000000, 0x08020208,
139 0x00000008, 0x00020208, 0x00020200, 0x08000008,
140 0x08020000, 0x08000208, 0x00000208, 0x08020000,
141 0x00020208, 0x00000008, 0x08020008, 0x00020200
144 static const uint32_t SB4
[64] =
146 0x00802001, 0x00002081, 0x00002081, 0x00000080,
147 0x00802080, 0x00800081, 0x00800001, 0x00002001,
148 0x00000000, 0x00802000, 0x00802000, 0x00802081,
149 0x00000081, 0x00000000, 0x00800080, 0x00800001,
150 0x00000001, 0x00002000, 0x00800000, 0x00802001,
151 0x00000080, 0x00800000, 0x00002001, 0x00002080,
152 0x00800081, 0x00000001, 0x00002080, 0x00800080,
153 0x00002000, 0x00802080, 0x00802081, 0x00000081,
154 0x00800080, 0x00800001, 0x00802000, 0x00802081,
155 0x00000081, 0x00000000, 0x00000000, 0x00802000,
156 0x00002080, 0x00800080, 0x00800081, 0x00000001,
157 0x00802001, 0x00002081, 0x00002081, 0x00000080,
158 0x00802081, 0x00000081, 0x00000001, 0x00002000,
159 0x00800001, 0x00002001, 0x00802080, 0x00800081,
160 0x00002001, 0x00002080, 0x00800000, 0x00802001,
161 0x00000080, 0x00800000, 0x00002000, 0x00802080
164 static const uint32_t SB5
[64] =
166 0x00000100, 0x02080100, 0x02080000, 0x42000100,
167 0x00080000, 0x00000100, 0x40000000, 0x02080000,
168 0x40080100, 0x00080000, 0x02000100, 0x40080100,
169 0x42000100, 0x42080000, 0x00080100, 0x40000000,
170 0x02000000, 0x40080000, 0x40080000, 0x00000000,
171 0x40000100, 0x42080100, 0x42080100, 0x02000100,
172 0x42080000, 0x40000100, 0x00000000, 0x42000000,
173 0x02080100, 0x02000000, 0x42000000, 0x00080100,
174 0x00080000, 0x42000100, 0x00000100, 0x02000000,
175 0x40000000, 0x02080000, 0x42000100, 0x40080100,
176 0x02000100, 0x40000000, 0x42080000, 0x02080100,
177 0x40080100, 0x00000100, 0x02000000, 0x42080000,
178 0x42080100, 0x00080100, 0x42000000, 0x42080100,
179 0x02080000, 0x00000000, 0x40080000, 0x42000000,
180 0x00080100, 0x02000100, 0x40000100, 0x00080000,
181 0x00000000, 0x40080000, 0x02080100, 0x40000100
184 static const uint32_t SB6
[64] =
186 0x20000010, 0x20400000, 0x00004000, 0x20404010,
187 0x20400000, 0x00000010, 0x20404010, 0x00400000,
188 0x20004000, 0x00404010, 0x00400000, 0x20000010,
189 0x00400010, 0x20004000, 0x20000000, 0x00004010,
190 0x00000000, 0x00400010, 0x20004010, 0x00004000,
191 0x00404000, 0x20004010, 0x00000010, 0x20400010,
192 0x20400010, 0x00000000, 0x00404010, 0x20404000,
193 0x00004010, 0x00404000, 0x20404000, 0x20000000,
194 0x20004000, 0x00000010, 0x20400010, 0x00404000,
195 0x20404010, 0x00400000, 0x00004010, 0x20000010,
196 0x00400000, 0x20004000, 0x20000000, 0x00004010,
197 0x20000010, 0x20404010, 0x00404000, 0x20400000,
198 0x00404010, 0x20404000, 0x00000000, 0x20400010,
199 0x00000010, 0x00004000, 0x20400000, 0x00404010,
200 0x00004000, 0x00400010, 0x20004010, 0x00000000,
201 0x20404000, 0x20000000, 0x00400010, 0x20004010
204 static const uint32_t SB7
[64] =
206 0x00200000, 0x04200002, 0x04000802, 0x00000000,
207 0x00000800, 0x04000802, 0x00200802, 0x04200800,
208 0x04200802, 0x00200000, 0x00000000, 0x04000002,
209 0x00000002, 0x04000000, 0x04200002, 0x00000802,
210 0x04000800, 0x00200802, 0x00200002, 0x04000800,
211 0x04000002, 0x04200000, 0x04200800, 0x00200002,
212 0x04200000, 0x00000800, 0x00000802, 0x04200802,
213 0x00200800, 0x00000002, 0x04000000, 0x00200800,
214 0x04000000, 0x00200800, 0x00200000, 0x04000802,
215 0x04000802, 0x04200002, 0x04200002, 0x00000002,
216 0x00200002, 0x04000000, 0x04000800, 0x00200000,
217 0x04200800, 0x00000802, 0x00200802, 0x04200800,
218 0x00000802, 0x04000002, 0x04200802, 0x04200000,
219 0x00200800, 0x00000000, 0x00000002, 0x04200802,
220 0x00000000, 0x00200802, 0x04200000, 0x00000800,
221 0x04000002, 0x04000800, 0x00000800, 0x00200002
224 static const uint32_t SB8
[64] =
226 0x10001040, 0x00001000, 0x00040000, 0x10041040,
227 0x10000000, 0x10001040, 0x00000040, 0x10000000,
228 0x00040040, 0x10040000, 0x10041040, 0x00041000,
229 0x10041000, 0x00041040, 0x00001000, 0x00000040,
230 0x10040000, 0x10000040, 0x10001000, 0x00001040,
231 0x00041000, 0x00040040, 0x10040040, 0x10041000,
232 0x00001040, 0x00000000, 0x00000000, 0x10040040,
233 0x10000040, 0x10001000, 0x00041040, 0x00040000,
234 0x00041040, 0x00040000, 0x10041000, 0x00001000,
235 0x00000040, 0x10040040, 0x00001000, 0x00041040,
236 0x10001000, 0x00000040, 0x10000040, 0x10040000,
237 0x10040040, 0x10000000, 0x00040000, 0x10001040,
238 0x00000000, 0x10041040, 0x00040040, 0x10000040,
239 0x10040000, 0x10001000, 0x10001040, 0x00000000,
240 0x10041040, 0x00041000, 0x00041000, 0x00001040,
241 0x00001040, 0x00040040, 0x10000000, 0x10041000
245 * PC1: left and right halves bit-swap
247 static const uint32_t LHs
[16] =
249 0x00000000, 0x00000001, 0x00000100, 0x00000101,
250 0x00010000, 0x00010001, 0x00010100, 0x00010101,
251 0x01000000, 0x01000001, 0x01000100, 0x01000101,
252 0x01010000, 0x01010001, 0x01010100, 0x01010101
255 static const uint32_t RHs
[16] =
257 0x00000000, 0x01000000, 0x00010000, 0x01010000,
258 0x00000100, 0x01000100, 0x00010100, 0x01010100,
259 0x00000001, 0x01000001, 0x00010001, 0x01010001,
260 0x00000101, 0x01000101, 0x00010101, 0x01010101,
264 * Initial Permutation macro
266 #define DES_IP(X,Y) \
268 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
269 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
270 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
271 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
272 Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
273 T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
274 X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
278 * Final Permutation macro
280 #define DES_FP(X,Y) \
282 X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
283 T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
284 Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
285 T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
286 T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
287 T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
288 T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
294 #define DES_ROUND(X,Y) \
297 Y ^= SB8[ (T ) & 0x3F ] ^ \
298 SB6[ (T >> 8) & 0x3F ] ^ \
299 SB4[ (T >> 16) & 0x3F ] ^ \
300 SB2[ (T >> 24) & 0x3F ]; \
302 T = *SK++ ^ ((X << 28) | (X >> 4)); \
303 Y ^= SB7[ (T ) & 0x3F ] ^ \
304 SB5[ (T >> 8) & 0x3F ] ^ \
305 SB3[ (T >> 16) & 0x3F ] ^ \
306 SB1[ (T >> 24) & 0x3F ]; \
309 #define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
311 void mbedtls_des_init( mbedtls_des_context
*ctx
)
313 memset( ctx
, 0, sizeof( mbedtls_des_context
) );
316 void mbedtls_des_free( mbedtls_des_context
*ctx
)
321 mbedtls_zeroize( ctx
, sizeof( mbedtls_des_context
) );
324 void mbedtls_des3_init( mbedtls_des3_context
*ctx
)
326 memset( ctx
, 0, sizeof( mbedtls_des3_context
) );
329 void mbedtls_des3_free( mbedtls_des3_context
*ctx
)
334 mbedtls_zeroize( ctx
, sizeof( mbedtls_des3_context
) );
337 static const unsigned char odd_parity_table
[128] = { 1, 2, 4, 7, 8,
338 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
339 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
340 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
341 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
342 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
343 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
344 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
345 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
348 void mbedtls_des_key_set_parity( unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
352 for( i
= 0; i
< MBEDTLS_DES_KEY_SIZE
; i
++ )
353 key
[i
] = odd_parity_table
[key
[i
] / 2];
357 * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
359 int mbedtls_des_key_check_key_parity( const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
363 for( i
= 0; i
< MBEDTLS_DES_KEY_SIZE
; i
++ )
364 if( key
[i
] != odd_parity_table
[key
[i
] / 2] )
371 * Table of weak and semi-weak keys
373 * Source: http://en.wikipedia.org/wiki/Weak_key
376 * Alternating ones + zeros (0x0101010101010101)
377 * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
378 * '0xE0E0E0E0F1F1F1F1'
379 * '0x1F1F1F1F0E0E0E0E'
382 * 0x011F011F010E010E and 0x1F011F010E010E01
383 * 0x01E001E001F101F1 and 0xE001E001F101F101
384 * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
385 * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
386 * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
387 * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
391 #define WEAK_KEY_COUNT 16
393 static const unsigned char weak_key_table
[WEAK_KEY_COUNT
][MBEDTLS_DES_KEY_SIZE
] =
395 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
396 { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
397 { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
398 { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
400 { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
401 { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
402 { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
403 { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
404 { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
405 { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
406 { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
407 { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
408 { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
409 { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
410 { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
411 { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
414 int mbedtls_des_key_check_weak( const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
418 for( i
= 0; i
< WEAK_KEY_COUNT
; i
++ )
419 if( memcmp( weak_key_table
[i
], key
, MBEDTLS_DES_KEY_SIZE
) == 0 )
425 #if !defined(MBEDTLS_DES_SETKEY_ALT)
426 void mbedtls_des_setkey( uint32_t SK
[32], const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
431 GET_UINT32_BE( X
, key
, 0 );
432 GET_UINT32_BE( Y
, key
, 4 );
437 T
= ((Y
>> 4) ^ X
) & 0x0F0F0F0F; X
^= T
; Y
^= (T
<< 4);
438 T
= ((Y
) ^ X
) & 0x10101010; X
^= T
; Y
^= (T
);
440 X
= (LHs
[ (X
) & 0xF] << 3) | (LHs
[ (X
>> 8) & 0xF ] << 2)
441 | (LHs
[ (X
>> 16) & 0xF] << 1) | (LHs
[ (X
>> 24) & 0xF ] )
442 | (LHs
[ (X
>> 5) & 0xF] << 7) | (LHs
[ (X
>> 13) & 0xF ] << 6)
443 | (LHs
[ (X
>> 21) & 0xF] << 5) | (LHs
[ (X
>> 29) & 0xF ] << 4);
445 Y
= (RHs
[ (Y
>> 1) & 0xF] << 3) | (RHs
[ (Y
>> 9) & 0xF ] << 2)
446 | (RHs
[ (Y
>> 17) & 0xF] << 1) | (RHs
[ (Y
>> 25) & 0xF ] )
447 | (RHs
[ (Y
>> 4) & 0xF] << 7) | (RHs
[ (Y
>> 12) & 0xF ] << 6)
448 | (RHs
[ (Y
>> 20) & 0xF] << 5) | (RHs
[ (Y
>> 28) & 0xF ] << 4);
456 for( i
= 0; i
< 16; i
++ )
458 if( i
< 2 || i
== 8 || i
== 15 )
460 X
= ((X
<< 1) | (X
>> 27)) & 0x0FFFFFFF;
461 Y
= ((Y
<< 1) | (Y
>> 27)) & 0x0FFFFFFF;
465 X
= ((X
<< 2) | (X
>> 26)) & 0x0FFFFFFF;
466 Y
= ((Y
<< 2) | (Y
>> 26)) & 0x0FFFFFFF;
469 *SK
++ = ((X
<< 4) & 0x24000000) | ((X
<< 28) & 0x10000000)
470 | ((X
<< 14) & 0x08000000) | ((X
<< 18) & 0x02080000)
471 | ((X
<< 6) & 0x01000000) | ((X
<< 9) & 0x00200000)
472 | ((X
>> 1) & 0x00100000) | ((X
<< 10) & 0x00040000)
473 | ((X
<< 2) & 0x00020000) | ((X
>> 10) & 0x00010000)
474 | ((Y
>> 13) & 0x00002000) | ((Y
>> 4) & 0x00001000)
475 | ((Y
<< 6) & 0x00000800) | ((Y
>> 1) & 0x00000400)
476 | ((Y
>> 14) & 0x00000200) | ((Y
) & 0x00000100)
477 | ((Y
>> 5) & 0x00000020) | ((Y
>> 10) & 0x00000010)
478 | ((Y
>> 3) & 0x00000008) | ((Y
>> 18) & 0x00000004)
479 | ((Y
>> 26) & 0x00000002) | ((Y
>> 24) & 0x00000001);
481 *SK
++ = ((X
<< 15) & 0x20000000) | ((X
<< 17) & 0x10000000)
482 | ((X
<< 10) & 0x08000000) | ((X
<< 22) & 0x04000000)
483 | ((X
>> 2) & 0x02000000) | ((X
<< 1) & 0x01000000)
484 | ((X
<< 16) & 0x00200000) | ((X
<< 11) & 0x00100000)
485 | ((X
<< 3) & 0x00080000) | ((X
>> 6) & 0x00040000)
486 | ((X
<< 15) & 0x00020000) | ((X
>> 4) & 0x00010000)
487 | ((Y
>> 2) & 0x00002000) | ((Y
<< 8) & 0x00001000)
488 | ((Y
>> 14) & 0x00000808) | ((Y
>> 9) & 0x00000400)
489 | ((Y
) & 0x00000200) | ((Y
<< 7) & 0x00000100)
490 | ((Y
>> 7) & 0x00000020) | ((Y
>> 3) & 0x00000011)
491 | ((Y
<< 2) & 0x00000004) | ((Y
>> 21) & 0x00000002);
494 #endif /* !MBEDTLS_DES_SETKEY_ALT */
497 * DES key schedule (56-bit, encryption)
499 int mbedtls_des_setkey_enc( mbedtls_des_context
*ctx
, const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
501 mbedtls_des_setkey( ctx
->sk
, key
);
507 * DES key schedule (56-bit, decryption)
509 int mbedtls_des_setkey_dec( mbedtls_des_context
*ctx
, const unsigned char key
[MBEDTLS_DES_KEY_SIZE
] )
513 mbedtls_des_setkey( ctx
->sk
, key
);
515 for( i
= 0; i
< 16; i
+= 2 )
517 SWAP( ctx
->sk
[i
], ctx
->sk
[30 - i
] );
518 SWAP( ctx
->sk
[i
+ 1], ctx
->sk
[31 - i
] );
524 static void des3_set2key( uint32_t esk
[96],
526 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
*2] )
530 mbedtls_des_setkey( esk
, key
);
531 mbedtls_des_setkey( dsk
+ 32, key
+ 8 );
533 for( i
= 0; i
< 32; i
+= 2 )
535 dsk
[i
] = esk
[30 - i
];
536 dsk
[i
+ 1] = esk
[31 - i
];
538 esk
[i
+ 32] = dsk
[62 - i
];
539 esk
[i
+ 33] = dsk
[63 - i
];
541 esk
[i
+ 64] = esk
[i
];
542 esk
[i
+ 65] = esk
[i
+ 1];
544 dsk
[i
+ 64] = dsk
[i
];
545 dsk
[i
+ 65] = dsk
[i
+ 1];
550 * Triple-DES key schedule (112-bit, encryption)
552 int mbedtls_des3_set2key_enc( mbedtls_des3_context
*ctx
,
553 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 2] )
557 des3_set2key( ctx
->sk
, sk
, key
);
558 mbedtls_zeroize( sk
, sizeof( sk
) );
564 * Triple-DES key schedule (112-bit, decryption)
566 int mbedtls_des3_set2key_dec( mbedtls_des3_context
*ctx
,
567 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 2] )
571 des3_set2key( sk
, ctx
->sk
, key
);
572 mbedtls_zeroize( sk
, sizeof( sk
) );
577 static void des3_set3key( uint32_t esk
[96],
579 const unsigned char key
[24] )
583 mbedtls_des_setkey( esk
, key
);
584 mbedtls_des_setkey( dsk
+ 32, key
+ 8 );
585 mbedtls_des_setkey( esk
+ 64, key
+ 16 );
587 for( i
= 0; i
< 32; i
+= 2 )
589 dsk
[i
] = esk
[94 - i
];
590 dsk
[i
+ 1] = esk
[95 - i
];
592 esk
[i
+ 32] = dsk
[62 - i
];
593 esk
[i
+ 33] = dsk
[63 - i
];
595 dsk
[i
+ 64] = esk
[30 - i
];
596 dsk
[i
+ 65] = esk
[31 - i
];
601 * Triple-DES key schedule (168-bit, encryption)
603 int mbedtls_des3_set3key_enc( mbedtls_des3_context
*ctx
,
604 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 3] )
608 des3_set3key( ctx
->sk
, sk
, key
);
609 mbedtls_zeroize( sk
, sizeof( sk
) );
615 * Triple-DES key schedule (168-bit, decryption)
617 int mbedtls_des3_set3key_dec( mbedtls_des3_context
*ctx
,
618 const unsigned char key
[MBEDTLS_DES_KEY_SIZE
* 3] )
622 des3_set3key( sk
, ctx
->sk
, key
);
623 mbedtls_zeroize( sk
, sizeof( sk
) );
629 * DES-ECB block encryption/decryption
631 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
632 int mbedtls_des_crypt_ecb( mbedtls_des_context
*ctx
,
633 const unsigned char input
[8],
634 unsigned char output
[8] )
637 uint32_t X
, Y
, T
, *SK
;
641 GET_UINT32_BE( X
, input
, 0 );
642 GET_UINT32_BE( Y
, input
, 4 );
646 for( i
= 0; i
< 8; i
++ )
654 PUT_UINT32_BE( Y
, output
, 0 );
655 PUT_UINT32_BE( X
, output
, 4 );
659 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
661 #if defined(MBEDTLS_CIPHER_MODE_CBC)
663 * DES-CBC buffer encryption/decryption
665 int mbedtls_des_crypt_cbc( mbedtls_des_context
*ctx
,
669 const unsigned char *input
,
670 unsigned char *output
)
673 unsigned char temp
[8];
676 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
);
678 if( mode
== MBEDTLS_DES_ENCRYPT
)
682 for( i
= 0; i
< 8; i
++ )
683 output
[i
] = (unsigned char)( input
[i
] ^ iv
[i
] );
685 mbedtls_des_crypt_ecb( ctx
, output
, output
);
686 memcpy( iv
, output
, 8 );
693 else /* MBEDTLS_DES_DECRYPT */
697 memcpy( temp
, input
, 8 );
698 mbedtls_des_crypt_ecb( ctx
, input
, output
);
700 for( i
= 0; i
< 8; i
++ )
701 output
[i
] = (unsigned char)( output
[i
] ^ iv
[i
] );
703 memcpy( iv
, temp
, 8 );
713 #endif /* MBEDTLS_CIPHER_MODE_CBC */
716 * 3DES-ECB block encryption/decryption
718 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
719 int mbedtls_des3_crypt_ecb( mbedtls_des3_context
*ctx
,
720 const unsigned char input
[8],
721 unsigned char output
[8] )
724 uint32_t X
, Y
, T
, *SK
;
728 GET_UINT32_BE( X
, input
, 0 );
729 GET_UINT32_BE( Y
, input
, 4 );
733 for( i
= 0; i
< 8; i
++ )
739 for( i
= 0; i
< 8; i
++ )
745 for( i
= 0; i
< 8; i
++ )
753 PUT_UINT32_BE( Y
, output
, 0 );
754 PUT_UINT32_BE( X
, output
, 4 );
758 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
760 #if defined(MBEDTLS_CIPHER_MODE_CBC)
762 * 3DES-CBC buffer encryption/decryption
764 int mbedtls_des3_crypt_cbc( mbedtls_des3_context
*ctx
,
768 const unsigned char *input
,
769 unsigned char *output
)
772 unsigned char temp
[8];
775 return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
);
777 if( mode
== MBEDTLS_DES_ENCRYPT
)
781 for( i
= 0; i
< 8; i
++ )
782 output
[i
] = (unsigned char)( input
[i
] ^ iv
[i
] );
784 mbedtls_des3_crypt_ecb( ctx
, output
, output
);
785 memcpy( iv
, output
, 8 );
792 else /* MBEDTLS_DES_DECRYPT */
796 memcpy( temp
, input
, 8 );
797 mbedtls_des3_crypt_ecb( ctx
, input
, output
);
799 for( i
= 0; i
< 8; i
++ )
800 output
[i
] = (unsigned char)( output
[i
] ^ iv
[i
] );
802 memcpy( iv
, temp
, 8 );
812 #endif /* MBEDTLS_CIPHER_MODE_CBC */
814 #endif /* !MBEDTLS_DES_ALT */
816 #if defined(MBEDTLS_SELF_TEST)
818 * DES and 3DES test vectors from:
820 * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
822 static const unsigned char des3_test_keys
[24] =
824 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
825 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
826 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
829 static const unsigned char des3_test_buf
[8] =
831 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
834 static const unsigned char des3_test_ecb_dec
[3][8] =
836 { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
837 { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
838 { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
841 static const unsigned char des3_test_ecb_enc
[3][8] =
843 { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
844 { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
845 { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
848 #if defined(MBEDTLS_CIPHER_MODE_CBC)
849 static const unsigned char des3_test_iv
[8] =
851 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
854 static const unsigned char des3_test_cbc_dec
[3][8] =
856 { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
857 { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
858 { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
861 static const unsigned char des3_test_cbc_enc
[3][8] =
863 { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
864 { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
865 { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
867 #endif /* MBEDTLS_CIPHER_MODE_CBC */
872 int mbedtls_des_self_test( int verbose
)
874 int i
, j
, u
, v
, ret
= 0;
875 mbedtls_des_context ctx
;
876 mbedtls_des3_context ctx3
;
877 unsigned char buf
[8];
878 #if defined(MBEDTLS_CIPHER_MODE_CBC)
879 unsigned char prv
[8];
883 mbedtls_des_init( &ctx
);
884 mbedtls_des3_init( &ctx3
);
888 for( i
= 0; i
< 6; i
++ )
894 mbedtls_printf( " DES%c-ECB-%3d (%s): ",
895 ( u
== 0 ) ? ' ' : '3', 56 + u
* 56,
896 ( v
== MBEDTLS_DES_DECRYPT
) ? "dec" : "enc" );
898 memcpy( buf
, des3_test_buf
, 8 );
903 mbedtls_des_setkey_dec( &ctx
, des3_test_keys
);
907 mbedtls_des_setkey_enc( &ctx
, des3_test_keys
);
911 mbedtls_des3_set2key_dec( &ctx3
, des3_test_keys
);
915 mbedtls_des3_set2key_enc( &ctx3
, des3_test_keys
);
919 mbedtls_des3_set3key_dec( &ctx3
, des3_test_keys
);
923 mbedtls_des3_set3key_enc( &ctx3
, des3_test_keys
);
930 for( j
= 0; j
< 10000; j
++ )
933 mbedtls_des_crypt_ecb( &ctx
, buf
, buf
);
935 mbedtls_des3_crypt_ecb( &ctx3
, buf
, buf
);
938 if( ( v
== MBEDTLS_DES_DECRYPT
&&
939 memcmp( buf
, des3_test_ecb_dec
[u
], 8 ) != 0 ) ||
940 ( v
!= MBEDTLS_DES_DECRYPT
&&
941 memcmp( buf
, des3_test_ecb_enc
[u
], 8 ) != 0 ) )
944 mbedtls_printf( "failed\n" );
951 mbedtls_printf( "passed\n" );
955 mbedtls_printf( "\n" );
957 #if defined(MBEDTLS_CIPHER_MODE_CBC)
961 for( i
= 0; i
< 6; i
++ )
967 mbedtls_printf( " DES%c-CBC-%3d (%s): ",
968 ( u
== 0 ) ? ' ' : '3', 56 + u
* 56,
969 ( v
== MBEDTLS_DES_DECRYPT
) ? "dec" : "enc" );
971 memcpy( iv
, des3_test_iv
, 8 );
972 memcpy( prv
, des3_test_iv
, 8 );
973 memcpy( buf
, des3_test_buf
, 8 );
978 mbedtls_des_setkey_dec( &ctx
, des3_test_keys
);
982 mbedtls_des_setkey_enc( &ctx
, des3_test_keys
);
986 mbedtls_des3_set2key_dec( &ctx3
, des3_test_keys
);
990 mbedtls_des3_set2key_enc( &ctx3
, des3_test_keys
);
994 mbedtls_des3_set3key_dec( &ctx3
, des3_test_keys
);
998 mbedtls_des3_set3key_enc( &ctx3
, des3_test_keys
);
1005 if( v
== MBEDTLS_DES_DECRYPT
)
1007 for( j
= 0; j
< 10000; j
++ )
1010 mbedtls_des_crypt_cbc( &ctx
, v
, 8, iv
, buf
, buf
);
1012 mbedtls_des3_crypt_cbc( &ctx3
, v
, 8, iv
, buf
, buf
);
1017 for( j
= 0; j
< 10000; j
++ )
1019 unsigned char tmp
[8];
1022 mbedtls_des_crypt_cbc( &ctx
, v
, 8, iv
, buf
, buf
);
1024 mbedtls_des3_crypt_cbc( &ctx3
, v
, 8, iv
, buf
, buf
);
1026 memcpy( tmp
, prv
, 8 );
1027 memcpy( prv
, buf
, 8 );
1028 memcpy( buf
, tmp
, 8 );
1031 memcpy( buf
, prv
, 8 );
1034 if( ( v
== MBEDTLS_DES_DECRYPT
&&
1035 memcmp( buf
, des3_test_cbc_dec
[u
], 8 ) != 0 ) ||
1036 ( v
!= MBEDTLS_DES_DECRYPT
&&
1037 memcmp( buf
, des3_test_cbc_enc
[u
], 8 ) != 0 ) )
1040 mbedtls_printf( "failed\n" );
1047 mbedtls_printf( "passed\n" );
1049 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1052 mbedtls_printf( "\n" );
1055 mbedtls_des_free( &ctx
);
1056 mbedtls_des3_free( &ctx3
);
1061 #endif /* MBEDTLS_SELF_TEST */
1063 #endif /* MBEDTLS_DES_C */