search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upgraded GRUB2 to 2.00 release.
[AROS.git] / arch / all-pc / boot / grub2-aros / grub-core / lib / libgcrypt-grub / cipher / des.c
blobe3dd1d52d5c2fca0c9c7df10d65e4e8887c06c63
1 /* This file was automatically imported with
2 import_gcry.py. Please don't modify it */
3 #include <grub/dl.h>
4 GRUB_MOD_LICENSE ("GPLv3+");
5 /* des.c - DES and Triple-DES encryption/decryption Algorithm
6 * Copyright (C) 1998, 1999, 2001, 2002, 2003,
7 * 2008 Free Software Foundation, Inc.
8 *
9 * This file is part of Libgcrypt.
10 *
11 * Libgcrypt is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser general Public License as
13 * published by the Free Software Foundation; either version 2.1 of
14 * the License, or (at your option) any later version.
15 *
16 * Libgcrypt is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
24 *
25 * For a description of triple encryption, see:
26 * Bruce Schneier: Applied Cryptography. Second Edition.
27 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
28 * This implementation is according to the definition of DES in FIPS
29 * PUB 46-2 from December 1993.
30 */
31
32
33 /*
34 * Written by Michael Roth <mroth@nessie.de>, September 1998
35 */
36
37
38 /*
39 * U S A G E
40 * ===========
41 *
42 * For DES or Triple-DES encryption/decryption you must initialize a proper
43 * encryption context with a key.
44 *
45 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
46 * bits are parity bits and they will _not_ checked in this implementation, but
47 * simply ignored.
48 *
49 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
50 * The parity bits will _not_ checked, too.
51 *
52 * After initializing a context with a key you could use this context to
53 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
54 *
55 * (In the examples below the slashes at the beginning and ending of comments
56 * are omited.)
57 *
58 * DES Example
59 * -----------
60 * unsigned char key[8];
61 * unsigned char plaintext[8];
62 * unsigned char ciphertext[8];
63 * unsigned char recoverd[8];
64 * des_ctx context;
65 *
66 * * Fill 'key' and 'plaintext' with some data *
67 * ....
68 *
69 * * Set up the DES encryption context *
70 * des_setkey(context, key);
71 *
72 * * Encrypt the plaintext *
73 * des_ecb_encrypt(context, plaintext, ciphertext);
74 *
75 * * To recover the orginal plaintext from ciphertext use: *
76 * des_ecb_decrypt(context, ciphertext, recoverd);
77 *
78 *
79 * Triple-DES Example
80 * ------------------
81 * unsigned char key1[8];
82 * unsigned char key2[8];
83 * unsigned char key3[8];
84 * unsigned char plaintext[8];
85 * unsigned char ciphertext[8];
86 * unsigned char recoverd[8];
87 * tripledes_ctx context;
88 *
89 * * If you would like to use two 64bit keys, fill 'key1' and'key2'
90 * then setup the encryption context: *
91 * tripledes_set2keys(context, key1, key2);
92 *
93 * * To use three 64bit keys with Triple-DES use: *
94 * tripledes_set3keys(context, key1, key2, key3);
95 *
96 * * Encrypting plaintext with Triple-DES *
97 * tripledes_ecb_encrypt(context, plaintext, ciphertext);
98 *
99 * * Decrypting ciphertext to recover the plaintext with Triple-DES *
100 * tripledes_ecb_decrypt(context, ciphertext, recoverd);
101 *
102 *
103 * Selftest
104 * --------
105 * char *error_msg;
106 *
107 * * To perform a selftest of this DES/Triple-DES implementation use the
108 * function selftest(). It will return an error string if there are
109 * some problems with this library. *
110 *
111 * if ( (error_msg = selftest()) )
112 * {
113 * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
114 * abort();
115 * }
116 */
117
118
119 #include "types.h" /* for byte and u32 typedefs */
120 #include "g10lib.h"
121 #include "cipher.h"
122
123 #if defined(__GNUC__) && defined(__GNU_LIBRARY__)
124 #define working_memcmp memcmp
125 #else
126 /*
127 * According to the SunOS man page, memcmp returns indeterminate sign
128 * depending on whether characters are signed or not.
129 */
130 static int
131 working_memcmp( const char *a, const char *b, size_t n )
132 {
133 for( ; n; n--, a++, b++ )
134 if( *a != *b )
135 return (int)(*(byte*)a) - (int)(*(byte*)b);
136 return 0;
137 }
138 #endif
139
140 /*
141 * Encryption/Decryption context of DES
142 */
143 typedef struct _des_ctx
144 {
145 u32 encrypt_subkeys[32];
146 u32 decrypt_subkeys[32];
147 }
148 des_ctx[1];
149
150 /*
151 * Encryption/Decryption context of Triple-DES
152 */
153 typedef struct _tripledes_ctx
154 {
155 u32 encrypt_subkeys[96];
156 u32 decrypt_subkeys[96];
157 struct {
158 int no_weak_key;
159 } flags;
160 }
161 tripledes_ctx[1];
162
163 static void des_key_schedule (const byte *, u32 *);
164 static int des_setkey (struct _des_ctx *, const byte *);
165 static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
166 static int tripledes_set3keys (struct _tripledes_ctx *,
167 const byte *, const byte *, const byte *);
168 static int tripledes_ecb_crypt (struct _tripledes_ctx *,
169 const byte *, byte *, int);
170 static int is_weak_key ( const byte *key );
171
172 static int initialized;
173
174
175
176
177 /*
178 * The s-box values are permuted according to the 'primitive function P'
179 * and are rotated one bit to the left.
180 */
181 static u32 sbox1[64] =
182 {
183 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
184 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
185 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
186 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
187 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
188 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
189 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
190 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
191 };
192
193 static u32 sbox2[64] =
194 {
195 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
196 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
197 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
198 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
199 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
200 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
201 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
202 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
203 };
204
205 static u32 sbox3[64] =
206 {
207 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
208 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
209 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
210 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
211 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
212 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
213 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
214 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
215 };
216
217 static u32 sbox4[64] =
218 {
219 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
220 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
221 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
222 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
223 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
224 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
225 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
226 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
227 };
228
229 static u32 sbox5[64] =
230 {
231 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
232 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
233 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
234 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
235 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
236 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
237 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
238 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
239 };
240
241 static u32 sbox6[64] =
242 {
243 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
244 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
245 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
246 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
247 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
248 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
249 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
250 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
251 };
252
253 static u32 sbox7[64] =
254 {
255 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
256 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
257 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
258 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
259 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
260 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
261 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
262 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
263 };
264
265 static u32 sbox8[64] =
266 {
267 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
268 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
269 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
270 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
271 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
272 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
273 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
274 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
275 };
276
277
278 /*
279 * These two tables are part of the 'permuted choice 1' function.
280 * In this implementation several speed improvements are done.
281 */
282 static u32 leftkey_swap[16] =
283 {
284 0x00000000, 0x00000001, 0x00000100, 0x00000101,
285 0x00010000, 0x00010001, 0x00010100, 0x00010101,
286 0x01000000, 0x01000001, 0x01000100, 0x01000101,
287 0x01010000, 0x01010001, 0x01010100, 0x01010101
288 };
289
290 static u32 rightkey_swap[16] =
291 {
292 0x00000000, 0x01000000, 0x00010000, 0x01010000,
293 0x00000100, 0x01000100, 0x00010100, 0x01010100,
294 0x00000001, 0x01000001, 0x00010001, 0x01010001,
295 0x00000101, 0x01000101, 0x00010101, 0x01010101,
296 };
297
298
299
300 /*
301 * Numbers of left shifts per round for encryption subkeys.
302 * To calculate the decryption subkeys we just reverse the
303 * ordering of the calculated encryption subkeys. So their
304 * is no need for a decryption rotate tab.
305 */
306 static byte encrypt_rotate_tab[16] =
307 {
308 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
309 };
310
311
312
313 /*
314 * Table with weak DES keys sorted in ascending order.
315 * In DES their are 64 known keys which are weak. They are weak
316 * because they produce only one, two or four different
317 * subkeys in the subkey scheduling process.
318 * The keys in this table have all their parity bits cleared.
319 */
320 static byte weak_keys[64][8] =
321 {
322 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
323 { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
324 { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
325 { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
326 { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
327 { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
328 { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
329 { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
330 { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
331 { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
332 { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
333 { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
334 { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
335 { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
336 { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
337 { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
338 { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
339 { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
340 { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
341 { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
342 { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
343 { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
344 { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
345 { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
346 { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
347 { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
348 { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
349 { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
350 { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
351 { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
352 { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
353 { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
354 { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
355 { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
356 { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
357 { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
358 { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
359 { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
360 { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
361 { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
362 { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
363 { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
364 { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
365 { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
366 { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
367 { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
368 { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
369 { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
370 { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
371 { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
372 { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
373 { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
374 { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
375 { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
376 { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
377 { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
378 { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
379 { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
380 { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
381 { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
382 { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
383 { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
384 { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
385 { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
386 };
387
388
389
390 /*
391 * Macro to swap bits across two words.
392 */
393 #define DO_PERMUTATION(a, temp, b, offset, mask) \
394 temp = ((a>>offset) ^ b) & mask; \
395 b ^= temp; \
396 a ^= temp<<offset;
397
398
399 /*
400 * This performs the 'initial permutation' of the data to be encrypted
401 * or decrypted. Additionally the resulting two words are rotated one bit
402 * to the left.
403 */
404 #define INITIAL_PERMUTATION(left, temp, right) \
405 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
406 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
407 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
408 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
409 right = (right << 1) | (right >> 31); \
410 temp = (left ^ right) & 0xaaaaaaaa; \
411 right ^= temp; \
412 left ^= temp; \
413 left = (left << 1) | (left >> 31);
414
415 /*
416 * The 'inverse initial permutation'.
417 */
418 #define FINAL_PERMUTATION(left, temp, right) \
419 left = (left << 31) | (left >> 1); \
420 temp = (left ^ right) & 0xaaaaaaaa; \
421 left ^= temp; \
422 right ^= temp; \
423 right = (right << 31) | (right >> 1); \
424 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
425 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
426 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
427 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
428
429
430 /*
431 * A full DES round including 'expansion function', 'sbox substitution'
432 * and 'primitive function P' but without swapping the left and right word.
433 * Please note: The data in 'from' and 'to' is already rotated one bit to
434 * the left, done in the initial permutation.
435 */
436 #define DES_ROUND(from, to, work, subkey) \
437 work = from ^ *subkey++; \
438 to ^= sbox8[ work & 0x3f ]; \
439 to ^= sbox6[ (work>>8) & 0x3f ]; \
440 to ^= sbox4[ (work>>16) & 0x3f ]; \
441 to ^= sbox2[ (work>>24) & 0x3f ]; \
442 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
443 to ^= sbox7[ work & 0x3f ]; \
444 to ^= sbox5[ (work>>8) & 0x3f ]; \
445 to ^= sbox3[ (work>>16) & 0x3f ]; \
446 to ^= sbox1[ (work>>24) & 0x3f ];
447
448 /*
449 * Macros to convert 8 bytes from/to 32bit words.
450 */
451 #define READ_64BIT_DATA(data, left, right) \
452 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
453 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
454
455 #define WRITE_64BIT_DATA(data, left, right) \
456 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
457 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
458 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
459 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
460
461 /*
462 * Handy macros for encryption and decryption of data
463 */
464 #define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
465 #define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
466 #define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
467 #define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
468
469
470
471
472
473
474 /*
475 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
476 * 16 encryption rounds.
477 * To calculate subkeys for decryption the caller
478 * have to reorder the generated subkeys.
479 *
480 * rawkey: 8 Bytes of key data
481 * subkey: Array of at least 32 u32s. Will be filled
482 * with calculated subkeys.
483 *
484 */
485 static void
486 des_key_schedule (const byte * rawkey, u32 * subkey)
487 {
488 u32 left, right, work;
489 int round;
490
491 READ_64BIT_DATA (rawkey, left, right)
492
493 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
494 DO_PERMUTATION (right, work, left, 0, 0x10101010)
495
496 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
497 | (leftkey_swap[(left >> 8) & 0xf] << 2)
498 | (leftkey_swap[(left >> 16) & 0xf] << 1)
499 | (leftkey_swap[(left >> 24) & 0xf])
500 | (leftkey_swap[(left >> 5) & 0xf] << 7)
501 | (leftkey_swap[(left >> 13) & 0xf] << 6)
502 | (leftkey_swap[(left >> 21) & 0xf] << 5)
503 | (leftkey_swap[(left >> 29) & 0xf] << 4));
504
505 left &= 0x0fffffff;
506
507 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
508 | (rightkey_swap[(right >> 9) & 0xf] << 2)
509 | (rightkey_swap[(right >> 17) & 0xf] << 1)
510 | (rightkey_swap[(right >> 25) & 0xf])
511 | (rightkey_swap[(right >> 4) & 0xf] << 7)
512 | (rightkey_swap[(right >> 12) & 0xf] << 6)
513 | (rightkey_swap[(right >> 20) & 0xf] << 5)
514 | (rightkey_swap[(right >> 28) & 0xf] << 4));
515
516 right &= 0x0fffffff;
517
518 for (round = 0; round < 16; ++round)
519 {
520 left = ((left << encrypt_rotate_tab[round])
521 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
522 right = ((right << encrypt_rotate_tab[round])
523 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
524
525 *subkey++ = (((left << 4) & 0x24000000)
526 | ((left << 28) & 0x10000000)
527 | ((left << 14) & 0x08000000)
528 | ((left << 18) & 0x02080000)
529 | ((left << 6) & 0x01000000)
530 | ((left << 9) & 0x00200000)
531 | ((left >> 1) & 0x00100000)
532 | ((left << 10) & 0x00040000)
533 | ((left << 2) & 0x00020000)
534 | ((left >> 10) & 0x00010000)
535 | ((right >> 13) & 0x00002000)
536 | ((right >> 4) & 0x00001000)
537 | ((right << 6) & 0x00000800)
538 | ((right >> 1) & 0x00000400)
539 | ((right >> 14) & 0x00000200)
540 | (right & 0x00000100)
541 | ((right >> 5) & 0x00000020)
542 | ((right >> 10) & 0x00000010)
543 | ((right >> 3) & 0x00000008)
544 | ((right >> 18) & 0x00000004)
545 | ((right >> 26) & 0x00000002)
546 | ((right >> 24) & 0x00000001));
547
548 *subkey++ = (((left << 15) & 0x20000000)
549 | ((left << 17) & 0x10000000)
550 | ((left << 10) & 0x08000000)
551 | ((left << 22) & 0x04000000)
552 | ((left >> 2) & 0x02000000)
553 | ((left << 1) & 0x01000000)
554 | ((left << 16) & 0x00200000)
555 | ((left << 11) & 0x00100000)
556 | ((left << 3) & 0x00080000)
557 | ((left >> 6) & 0x00040000)
558 | ((left << 15) & 0x00020000)
559 | ((left >> 4) & 0x00010000)
560 | ((right >> 2) & 0x00002000)
561 | ((right << 8) & 0x00001000)
562 | ((right >> 14) & 0x00000808)
563 | ((right >> 9) & 0x00000400)
564 | ((right) & 0x00000200)
565 | ((right << 7) & 0x00000100)
566 | ((right >> 7) & 0x00000020)
567 | ((right >> 3) & 0x00000011)
568 | ((right << 2) & 0x00000004)
569 | ((right >> 21) & 0x00000002));
570 }
571 }
572
573
574 /*
575 * Fill a DES context with subkeys calculated from a 64bit key.
576 * Does not check parity bits, but simply ignore them.
577 * Does not check for weak keys.
578 */
579 static int
580 des_setkey (struct _des_ctx *ctx, const byte * key)
581 {
582 static const char *selftest_failed;
583 int i;
584
585 if (!fips_mode () && !initialized)
586 {
587 initialized = 1;
588 selftest_failed = selftest ();
589
590 if (selftest_failed)
591 log_error ("%s\n", selftest_failed);
592 }
593 if (selftest_failed)
594 return GPG_ERR_SELFTEST_FAILED;
595
596 des_key_schedule (key, ctx->encrypt_subkeys);
597 _gcry_burn_stack (32);
598
599 for(i=0; i<32; i+=2)
600 {
601 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
602 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
603 }
604
605 return 0;
606 }
607
608
609
610 /*
611 * Electronic Codebook Mode DES encryption/decryption of data according
612 * to 'mode'.
613 */
614 static int
615 des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
616 {
617 u32 left, right, work;
618 u32 *keys;
619
620 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
621
622 READ_64BIT_DATA (from, left, right)
623 INITIAL_PERMUTATION (left, work, right)
624
625 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
626 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
627 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633
634 FINAL_PERMUTATION (right, work, left)
635 WRITE_64BIT_DATA (to, right, left)
636
637 return 0;
638 }
639
640
641
642 /*
643 * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
644 * Does not check the parity bits of the keys, but simply ignore them.
645 * Does not check for weak keys.
646 */
647
648
649
650 /*
651 * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
652 * Does not check the parity bits of the keys, but simply ignore them.
653 * Does not check for weak keys.
654 */
655 static int
656 tripledes_set3keys (struct _tripledes_ctx *ctx,
657 const byte * key1,
658 const byte * key2,
659 const byte * key3)
660 {
661 static const char *selftest_failed;
662 int i;
663
664 if (!fips_mode () && !initialized)
665 {
666 initialized = 1;
667 selftest_failed = selftest ();
668
669 if (selftest_failed)
670 log_error ("%s\n", selftest_failed);
671 }
672 if (selftest_failed)
673 return GPG_ERR_SELFTEST_FAILED;
674
675 des_key_schedule (key1, ctx->encrypt_subkeys);
676 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
677 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
678 _gcry_burn_stack (32);
679
680 for(i=0; i<32; i+=2)
681 {
682 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
683 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
684
685 ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
686 ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
687
688 ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
689 ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
690 }
691
692 return 0;
693 }
694
695
696
697 /*
698 * Electronic Codebook Mode Triple-DES encryption/decryption of data
699 * according to 'mode'. Sometimes this mode is named 'EDE' mode
700 * (Encryption-Decryption-Encryption).
701 */
702 static int
703 tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
704 byte * to, int mode)
705 {
706 u32 left, right, work;
707 u32 *keys;
708
709 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
710
711 READ_64BIT_DATA (from, left, right)
712 INITIAL_PERMUTATION (left, work, right)
713
714 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
715 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
716 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
717 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
718 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
719 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
720 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
721 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
722
723 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
724 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
725 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
726 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
727 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
728 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
729 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
730 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
731
732 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
733 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
734 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
735 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
736 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
737 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
738 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
739 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
740
741 FINAL_PERMUTATION (right, work, left)
742 WRITE_64BIT_DATA (to, right, left)
743
744 return 0;
745 }
746
747
748
749
750
751 /*
752 * Check whether the 8 byte key is weak.
753 * Does not check the parity bits of the key but simple ignore them.
754 */
755 static int
756 is_weak_key ( const byte *key )
757 {
758 byte work[8];
759 int i, left, right, middle, cmp_result;
760
761 /* clear parity bits */
762 for(i=0; i<8; ++i)
763 work[i] = key[i] & 0xfe;
764
765 /* binary search in the weak key table */
766 left = 0;
767 right = 63;
768 while(left <= right)
769 {
770 middle = (left + right) / 2;
771
772 if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
773 return -1;
774
775 if ( cmp_result > 0 )
776 left = middle + 1;
777 else
778 right = middle - 1;
779 }
780
781 return 0;
782 }
783
784
785
786 /*
787 * Performs a selftest of this DES/Triple-DES implementation.
788 * Returns an string with the error text on failure.
789 * Returns NULL if all is ok.
790 */
791
792
793 static gcry_err_code_t
794 do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
795 {
796 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
797
798 if( keylen != 24 )
799 return GPG_ERR_INV_KEYLEN;
800
801 tripledes_set3keys ( ctx, key, key+8, key+16);
802
803 if (ctx->flags.no_weak_key)
804 ; /* Detection has been disabled. */
805 else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
806 {
807 _gcry_burn_stack (64);
808 return GPG_ERR_WEAK_KEY;
809 }
810 _gcry_burn_stack (64);
811
812 return GPG_ERR_NO_ERROR;
813 }
814
815
816
817
818 static void
819 do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
820 {
821 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
822
823 tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
824 _gcry_burn_stack (32);
825 }
826
827 static void
828 do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
829 {
830 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
831 tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
832 _gcry_burn_stack (32);
833 }
834
835 static gcry_err_code_t
836 do_des_setkey (void *context, const byte *key, unsigned keylen)
837 {
838 struct _des_ctx *ctx = (struct _des_ctx *) context;
839
840 if (keylen != 8)
841 return GPG_ERR_INV_KEYLEN;
842
843 des_setkey (ctx, key);
844
845 if (is_weak_key (key)) {
846 _gcry_burn_stack (64);
847 return GPG_ERR_WEAK_KEY;
848 }
849 _gcry_burn_stack (64);
850
851 return GPG_ERR_NO_ERROR;
852 }
853
854
855 static void
856 do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
857 {
858 struct _des_ctx *ctx = (struct _des_ctx *) context;
859
860 des_ecb_encrypt ( ctx, inbuf, outbuf );
861 _gcry_burn_stack (32);
862 }
863
864 static void
865 do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
866 {
867 struct _des_ctx *ctx = (struct _des_ctx *) context;
868
869 des_ecb_decrypt ( ctx, inbuf, outbuf );
870 _gcry_burn_stack (32);
871 }
872
873
874
875 \f
876 /*
877 Self-test section.
878 */
879
880
881 /* Selftest for TripleDES. */
882
883
884
885 /* Run a full self-test for ALGO and return 0 on success. */
886
887
888 \f
889 gcry_cipher_spec_t _gcry_cipher_spec_des =
890 {
891 "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
892 do_des_setkey, do_des_encrypt, do_des_decrypt
893 ,
894 #ifdef GRUB_UTIL
895 .modname = "gcry_des",
896 #endif
897 };
898
899 static gcry_cipher_oid_spec_t oids_tripledes[] =
900 {
901 { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
902 /* Teletrust specific OID for 3DES. */
903 { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
904 /* pbeWithSHAAnd3_KeyTripleDES_CBC */
905 { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
906 { NULL }
907 };
908
909 gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
910 {
911 "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
912 do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
913 ,
914 #ifdef GRUB_UTIL
915 .modname = "gcry_des",
916 #endif
917 };
918
919
920
921 GRUB_MOD_INIT(gcry_des)
922 {
923 grub_cipher_register (&_gcry_cipher_spec_des);
924 grub_cipher_register (&_gcry_cipher_spec_tripledes);
925 }
926
927 GRUB_MOD_FINI(gcry_des)
928 {
929 grub_cipher_unregister (&_gcry_cipher_spec_des);
930 grub_cipher_unregister (&_gcry_cipher_spec_tripledes);
931 }
Mirror of AROS' svn.