1 /* This file was automatically imported with
2 import_gcry.py. Please don't modify it */
4 GRUB_MOD_LICENSE ("GPLv3+");
5 /* des.c - DES and Triple-DES encryption/decryption Algorithm
6 * Copyright (C) 1998, 1999, 2001, 2002, 2003,
7 * 2008 Free Software Foundation, Inc.
9 * This file is part of Libgcrypt.
11 * Libgcrypt is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser general Public License as
13 * published by the Free Software Foundation; either version 2.1 of
14 * the License, or (at your option) any later version.
16 * Libgcrypt is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU Lesser General Public License for more details.
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
25 * For a description of triple encryption, see:
26 * Bruce Schneier: Applied Cryptography. Second Edition.
27 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
28 * This implementation is according to the definition of DES in FIPS
29 * PUB 46-2 from December 1993.
34 * Written by Michael Roth <mroth@nessie.de>, September 1998
42 * For DES or Triple-DES encryption/decryption you must initialize a proper
43 * encryption context with a key.
45 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
46 * bits are parity bits and they will _not_ checked in this implementation, but
49 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
50 * The parity bits will _not_ checked, too.
52 * After initializing a context with a key you could use this context to
53 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
55 * (In the examples below the slashes at the beginning and ending of comments
60 * unsigned char key[8];
61 * unsigned char plaintext[8];
62 * unsigned char ciphertext[8];
63 * unsigned char recoverd[8];
66 * * Fill 'key' and 'plaintext' with some data *
69 * * Set up the DES encryption context *
70 * des_setkey(context, key);
72 * * Encrypt the plaintext *
73 * des_ecb_encrypt(context, plaintext, ciphertext);
75 * * To recover the orginal plaintext from ciphertext use: *
76 * des_ecb_decrypt(context, ciphertext, recoverd);
81 * unsigned char key1[8];
82 * unsigned char key2[8];
83 * unsigned char key3[8];
84 * unsigned char plaintext[8];
85 * unsigned char ciphertext[8];
86 * unsigned char recoverd[8];
87 * tripledes_ctx context;
89 * * If you would like to use two 64bit keys, fill 'key1' and'key2'
90 * then setup the encryption context: *
91 * tripledes_set2keys(context, key1, key2);
93 * * To use three 64bit keys with Triple-DES use: *
94 * tripledes_set3keys(context, key1, key2, key3);
96 * * Encrypting plaintext with Triple-DES *
97 * tripledes_ecb_encrypt(context, plaintext, ciphertext);
99 * * Decrypting ciphertext to recover the plaintext with Triple-DES *
100 * tripledes_ecb_decrypt(context, ciphertext, recoverd);
107 * * To perform a selftest of this DES/Triple-DES implementation use the
108 * function selftest(). It will return an error string if there are
109 * some problems with this library. *
111 * if ( (error_msg = selftest()) )
113 * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
119 #include "types.h" /* for byte and u32 typedefs */
123 #if defined(__GNUC__) && defined(__GNU_LIBRARY__)
124 #define working_memcmp memcmp
127 * According to the SunOS man page, memcmp returns indeterminate sign
128 * depending on whether characters are signed or not.
131 working_memcmp( const char *a
, const char *b
, size_t n
)
133 for( ; n
; n
--, a
++, b
++ )
135 return (int)(*(byte
*)a
) - (int)(*(byte
*)b
);
141 * Encryption/Decryption context of DES
143 typedef struct _des_ctx
145 u32 encrypt_subkeys
[32];
146 u32 decrypt_subkeys
[32];
151 * Encryption/Decryption context of Triple-DES
153 typedef struct _tripledes_ctx
155 u32 encrypt_subkeys
[96];
156 u32 decrypt_subkeys
[96];
163 static void des_key_schedule (const byte
*, u32
*);
164 static int des_setkey (struct _des_ctx
*, const byte
*);
165 static int des_ecb_crypt (struct _des_ctx
*, const byte
*, byte
*, int);
166 static int tripledes_set3keys (struct _tripledes_ctx
*,
167 const byte
*, const byte
*, const byte
*);
168 static int tripledes_ecb_crypt (struct _tripledes_ctx
*,
169 const byte
*, byte
*, int);
170 static int is_weak_key ( const byte
*key
);
172 static int initialized
;
178 * The s-box values are permuted according to the 'primitive function P'
179 * and are rotated one bit to the left.
181 static u32 sbox1
[64] =
183 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
184 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
185 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
186 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
187 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
188 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
189 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
190 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
193 static u32 sbox2
[64] =
195 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
196 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
197 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
198 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
199 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
200 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
201 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
202 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
205 static u32 sbox3
[64] =
207 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
208 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
209 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
210 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
211 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
212 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
213 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
214 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
217 static u32 sbox4
[64] =
219 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
220 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
221 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
222 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
223 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
224 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
225 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
226 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
229 static u32 sbox5
[64] =
231 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
232 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
233 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
234 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
235 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
236 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
237 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
238 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
241 static u32 sbox6
[64] =
243 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
244 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
245 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
246 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
247 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
248 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
249 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
250 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
253 static u32 sbox7
[64] =
255 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
256 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
257 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
258 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
259 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
260 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
261 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
262 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
265 static u32 sbox8
[64] =
267 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
268 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
269 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
270 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
271 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
272 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
273 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
274 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
279 * These two tables are part of the 'permuted choice 1' function.
280 * In this implementation several speed improvements are done.
282 static u32 leftkey_swap
[16] =
284 0x00000000, 0x00000001, 0x00000100, 0x00000101,
285 0x00010000, 0x00010001, 0x00010100, 0x00010101,
286 0x01000000, 0x01000001, 0x01000100, 0x01000101,
287 0x01010000, 0x01010001, 0x01010100, 0x01010101
290 static u32 rightkey_swap
[16] =
292 0x00000000, 0x01000000, 0x00010000, 0x01010000,
293 0x00000100, 0x01000100, 0x00010100, 0x01010100,
294 0x00000001, 0x01000001, 0x00010001, 0x01010001,
295 0x00000101, 0x01000101, 0x00010101, 0x01010101,
301 * Numbers of left shifts per round for encryption subkeys.
302 * To calculate the decryption subkeys we just reverse the
303 * ordering of the calculated encryption subkeys. So their
304 * is no need for a decryption rotate tab.
306 static byte encrypt_rotate_tab
[16] =
308 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
314 * Table with weak DES keys sorted in ascending order.
315 * In DES their are 64 known keys which are weak. They are weak
316 * because they produce only one, two or four different
317 * subkeys in the subkey scheduling process.
318 * The keys in this table have all their parity bits cleared.
320 static byte weak_keys
[64][8] =
322 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
323 { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
324 { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
325 { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
326 { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
327 { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
328 { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
329 { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
330 { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
331 { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
332 { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
333 { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
334 { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
335 { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
336 { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
337 { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
338 { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
339 { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
340 { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
341 { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
342 { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
343 { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
344 { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
345 { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
346 { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
347 { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
348 { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
349 { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
350 { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
351 { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
352 { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
353 { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
354 { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
355 { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
356 { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
357 { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
358 { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
359 { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
360 { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
361 { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
362 { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
363 { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
364 { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
365 { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
366 { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
367 { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
368 { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
369 { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
370 { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
371 { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
372 { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
373 { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
374 { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
375 { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
376 { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
377 { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
378 { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
379 { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
380 { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
381 { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
382 { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
383 { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
384 { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
385 { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
391 * Macro to swap bits across two words.
393 #define DO_PERMUTATION(a, temp, b, offset, mask) \
394 temp = ((a>>offset) ^ b) & mask; \
400 * This performs the 'initial permutation' of the data to be encrypted
401 * or decrypted. Additionally the resulting two words are rotated one bit
404 #define INITIAL_PERMUTATION(left, temp, right) \
405 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
406 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
407 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
408 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
409 right = (right << 1) | (right >> 31); \
410 temp = (left ^ right) & 0xaaaaaaaa; \
413 left = (left << 1) | (left >> 31);
416 * The 'inverse initial permutation'.
418 #define FINAL_PERMUTATION(left, temp, right) \
419 left = (left << 31) | (left >> 1); \
420 temp = (left ^ right) & 0xaaaaaaaa; \
423 right = (right << 31) | (right >> 1); \
424 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
425 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
426 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
427 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
431 * A full DES round including 'expansion function', 'sbox substitution'
432 * and 'primitive function P' but without swapping the left and right word.
433 * Please note: The data in 'from' and 'to' is already rotated one bit to
434 * the left, done in the initial permutation.
436 #define DES_ROUND(from, to, work, subkey) \
437 work = from ^ *subkey++; \
438 to ^= sbox8[ work & 0x3f ]; \
439 to ^= sbox6[ (work>>8) & 0x3f ]; \
440 to ^= sbox4[ (work>>16) & 0x3f ]; \
441 to ^= sbox2[ (work>>24) & 0x3f ]; \
442 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
443 to ^= sbox7[ work & 0x3f ]; \
444 to ^= sbox5[ (work>>8) & 0x3f ]; \
445 to ^= sbox3[ (work>>16) & 0x3f ]; \
446 to ^= sbox1[ (work>>24) & 0x3f ];
449 * Macros to convert 8 bytes from/to 32bit words.
451 #define READ_64BIT_DATA(data, left, right) \
452 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
453 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
455 #define WRITE_64BIT_DATA(data, left, right) \
456 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
457 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
458 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
459 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
462 * Handy macros for encryption and decryption of data
464 #define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
465 #define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
466 #define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
467 #define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
475 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
476 * 16 encryption rounds.
477 * To calculate subkeys for decryption the caller
478 * have to reorder the generated subkeys.
480 * rawkey: 8 Bytes of key data
481 * subkey: Array of at least 32 u32s. Will be filled
482 * with calculated subkeys.
486 des_key_schedule (const byte
* rawkey
, u32
* subkey
)
488 u32 left
, right
, work
;
491 READ_64BIT_DATA (rawkey
, left
, right
)
493 DO_PERMUTATION (right
, work
, left
, 4, 0x0f0f0f0f)
494 DO_PERMUTATION (right
, work
, left
, 0, 0x10101010)
496 left
= ((leftkey_swap
[(left
>> 0) & 0xf] << 3)
497 | (leftkey_swap
[(left
>> 8) & 0xf] << 2)
498 | (leftkey_swap
[(left
>> 16) & 0xf] << 1)
499 | (leftkey_swap
[(left
>> 24) & 0xf])
500 | (leftkey_swap
[(left
>> 5) & 0xf] << 7)
501 | (leftkey_swap
[(left
>> 13) & 0xf] << 6)
502 | (leftkey_swap
[(left
>> 21) & 0xf] << 5)
503 | (leftkey_swap
[(left
>> 29) & 0xf] << 4));
507 right
= ((rightkey_swap
[(right
>> 1) & 0xf] << 3)
508 | (rightkey_swap
[(right
>> 9) & 0xf] << 2)
509 | (rightkey_swap
[(right
>> 17) & 0xf] << 1)
510 | (rightkey_swap
[(right
>> 25) & 0xf])
511 | (rightkey_swap
[(right
>> 4) & 0xf] << 7)
512 | (rightkey_swap
[(right
>> 12) & 0xf] << 6)
513 | (rightkey_swap
[(right
>> 20) & 0xf] << 5)
514 | (rightkey_swap
[(right
>> 28) & 0xf] << 4));
518 for (round
= 0; round
< 16; ++round
)
520 left
= ((left
<< encrypt_rotate_tab
[round
])
521 | (left
>> (28 - encrypt_rotate_tab
[round
]))) & 0x0fffffff;
522 right
= ((right
<< encrypt_rotate_tab
[round
])
523 | (right
>> (28 - encrypt_rotate_tab
[round
]))) & 0x0fffffff;
525 *subkey
++ = (((left
<< 4) & 0x24000000)
526 | ((left
<< 28) & 0x10000000)
527 | ((left
<< 14) & 0x08000000)
528 | ((left
<< 18) & 0x02080000)
529 | ((left
<< 6) & 0x01000000)
530 | ((left
<< 9) & 0x00200000)
531 | ((left
>> 1) & 0x00100000)
532 | ((left
<< 10) & 0x00040000)
533 | ((left
<< 2) & 0x00020000)
534 | ((left
>> 10) & 0x00010000)
535 | ((right
>> 13) & 0x00002000)
536 | ((right
>> 4) & 0x00001000)
537 | ((right
<< 6) & 0x00000800)
538 | ((right
>> 1) & 0x00000400)
539 | ((right
>> 14) & 0x00000200)
540 | (right
& 0x00000100)
541 | ((right
>> 5) & 0x00000020)
542 | ((right
>> 10) & 0x00000010)
543 | ((right
>> 3) & 0x00000008)
544 | ((right
>> 18) & 0x00000004)
545 | ((right
>> 26) & 0x00000002)
546 | ((right
>> 24) & 0x00000001));
548 *subkey
++ = (((left
<< 15) & 0x20000000)
549 | ((left
<< 17) & 0x10000000)
550 | ((left
<< 10) & 0x08000000)
551 | ((left
<< 22) & 0x04000000)
552 | ((left
>> 2) & 0x02000000)
553 | ((left
<< 1) & 0x01000000)
554 | ((left
<< 16) & 0x00200000)
555 | ((left
<< 11) & 0x00100000)
556 | ((left
<< 3) & 0x00080000)
557 | ((left
>> 6) & 0x00040000)
558 | ((left
<< 15) & 0x00020000)
559 | ((left
>> 4) & 0x00010000)
560 | ((right
>> 2) & 0x00002000)
561 | ((right
<< 8) & 0x00001000)
562 | ((right
>> 14) & 0x00000808)
563 | ((right
>> 9) & 0x00000400)
564 | ((right
) & 0x00000200)
565 | ((right
<< 7) & 0x00000100)
566 | ((right
>> 7) & 0x00000020)
567 | ((right
>> 3) & 0x00000011)
568 | ((right
<< 2) & 0x00000004)
569 | ((right
>> 21) & 0x00000002));
575 * Fill a DES context with subkeys calculated from a 64bit key.
576 * Does not check parity bits, but simply ignore them.
577 * Does not check for weak keys.
580 des_setkey (struct _des_ctx
*ctx
, const byte
* key
)
582 static const char *selftest_failed
;
585 if (!fips_mode () && !initialized
)
588 selftest_failed
= selftest ();
591 log_error ("%s\n", selftest_failed
);
594 return GPG_ERR_SELFTEST_FAILED
;
596 des_key_schedule (key
, ctx
->encrypt_subkeys
);
597 _gcry_burn_stack (32);
601 ctx
->decrypt_subkeys
[i
] = ctx
->encrypt_subkeys
[30-i
];
602 ctx
->decrypt_subkeys
[i
+1] = ctx
->encrypt_subkeys
[31-i
];
611 * Electronic Codebook Mode DES encryption/decryption of data according
615 des_ecb_crypt (struct _des_ctx
*ctx
, const byte
* from
, byte
* to
, int mode
)
617 u32 left
, right
, work
;
620 keys
= mode
? ctx
->decrypt_subkeys
: ctx
->encrypt_subkeys
;
622 READ_64BIT_DATA (from
, left
, right
)
623 INITIAL_PERMUTATION (left
, work
, right
)
625 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
626 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
627 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
628 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
629 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
630 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
631 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
632 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
634 FINAL_PERMUTATION (right
, work
, left
)
635 WRITE_64BIT_DATA (to
, right
, left
)
643 * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
644 * Does not check the parity bits of the keys, but simply ignore them.
645 * Does not check for weak keys.
651 * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
652 * Does not check the parity bits of the keys, but simply ignore them.
653 * Does not check for weak keys.
656 tripledes_set3keys (struct _tripledes_ctx
*ctx
,
661 static const char *selftest_failed
;
664 if (!fips_mode () && !initialized
)
667 selftest_failed
= selftest ();
670 log_error ("%s\n", selftest_failed
);
673 return GPG_ERR_SELFTEST_FAILED
;
675 des_key_schedule (key1
, ctx
->encrypt_subkeys
);
676 des_key_schedule (key2
, &(ctx
->decrypt_subkeys
[32]));
677 des_key_schedule (key3
, &(ctx
->encrypt_subkeys
[64]));
678 _gcry_burn_stack (32);
682 ctx
->decrypt_subkeys
[i
] = ctx
->encrypt_subkeys
[94-i
];
683 ctx
->decrypt_subkeys
[i
+1] = ctx
->encrypt_subkeys
[95-i
];
685 ctx
->encrypt_subkeys
[i
+32] = ctx
->decrypt_subkeys
[62-i
];
686 ctx
->encrypt_subkeys
[i
+33] = ctx
->decrypt_subkeys
[63-i
];
688 ctx
->decrypt_subkeys
[i
+64] = ctx
->encrypt_subkeys
[30-i
];
689 ctx
->decrypt_subkeys
[i
+65] = ctx
->encrypt_subkeys
[31-i
];
698 * Electronic Codebook Mode Triple-DES encryption/decryption of data
699 * according to 'mode'. Sometimes this mode is named 'EDE' mode
700 * (Encryption-Decryption-Encryption).
703 tripledes_ecb_crypt (struct _tripledes_ctx
*ctx
, const byte
* from
,
706 u32 left
, right
, work
;
709 keys
= mode
? ctx
->decrypt_subkeys
: ctx
->encrypt_subkeys
;
711 READ_64BIT_DATA (from
, left
, right
)
712 INITIAL_PERMUTATION (left
, work
, right
)
714 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
715 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
716 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
717 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
718 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
719 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
720 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
721 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
723 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
724 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
725 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
726 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
727 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
728 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
729 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
730 DES_ROUND (left
, right
, work
, keys
) DES_ROUND (right
, left
, work
, keys
)
732 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
733 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
734 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
735 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
736 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
737 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
738 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
739 DES_ROUND (right
, left
, work
, keys
) DES_ROUND (left
, right
, work
, keys
)
741 FINAL_PERMUTATION (right
, work
, left
)
742 WRITE_64BIT_DATA (to
, right
, left
)
752 * Check whether the 8 byte key is weak.
753 * Does not check the parity bits of the key but simple ignore them.
756 is_weak_key ( const byte
*key
)
759 int i
, left
, right
, middle
, cmp_result
;
761 /* clear parity bits */
763 work
[i
] = key
[i
] & 0xfe;
765 /* binary search in the weak key table */
770 middle
= (left
+ right
) / 2;
772 if ( !(cmp_result
=working_memcmp(work
, weak_keys
[middle
], 8)) )
775 if ( cmp_result
> 0 )
787 * Performs a selftest of this DES/Triple-DES implementation.
788 * Returns an string with the error text on failure.
789 * Returns NULL if all is ok.
793 static gcry_err_code_t
794 do_tripledes_setkey ( void *context
, const byte
*key
, unsigned keylen
)
796 struct _tripledes_ctx
*ctx
= (struct _tripledes_ctx
*) context
;
799 return GPG_ERR_INV_KEYLEN
;
801 tripledes_set3keys ( ctx
, key
, key
+8, key
+16);
803 if (ctx
->flags
.no_weak_key
)
804 ; /* Detection has been disabled. */
805 else if (is_weak_key (key
) || is_weak_key (key
+8) || is_weak_key (key
+16))
807 _gcry_burn_stack (64);
808 return GPG_ERR_WEAK_KEY
;
810 _gcry_burn_stack (64);
812 return GPG_ERR_NO_ERROR
;
819 do_tripledes_encrypt( void *context
, byte
*outbuf
, const byte
*inbuf
)
821 struct _tripledes_ctx
*ctx
= (struct _tripledes_ctx
*) context
;
823 tripledes_ecb_encrypt ( ctx
, inbuf
, outbuf
);
824 _gcry_burn_stack (32);
828 do_tripledes_decrypt( void *context
, byte
*outbuf
, const byte
*inbuf
)
830 struct _tripledes_ctx
*ctx
= (struct _tripledes_ctx
*) context
;
831 tripledes_ecb_decrypt ( ctx
, inbuf
, outbuf
);
832 _gcry_burn_stack (32);
835 static gcry_err_code_t
836 do_des_setkey (void *context
, const byte
*key
, unsigned keylen
)
838 struct _des_ctx
*ctx
= (struct _des_ctx
*) context
;
841 return GPG_ERR_INV_KEYLEN
;
843 des_setkey (ctx
, key
);
845 if (is_weak_key (key
)) {
846 _gcry_burn_stack (64);
847 return GPG_ERR_WEAK_KEY
;
849 _gcry_burn_stack (64);
851 return GPG_ERR_NO_ERROR
;
856 do_des_encrypt( void *context
, byte
*outbuf
, const byte
*inbuf
)
858 struct _des_ctx
*ctx
= (struct _des_ctx
*) context
;
860 des_ecb_encrypt ( ctx
, inbuf
, outbuf
);
861 _gcry_burn_stack (32);
865 do_des_decrypt( void *context
, byte
*outbuf
, const byte
*inbuf
)
867 struct _des_ctx
*ctx
= (struct _des_ctx
*) context
;
869 des_ecb_decrypt ( ctx
, inbuf
, outbuf
);
870 _gcry_burn_stack (32);
881 /* Selftest for TripleDES. */
885 /* Run a full self-test for ALGO and return 0 on success. */
889 gcry_cipher_spec_t _gcry_cipher_spec_des
=
891 "DES", NULL
, NULL
, 8, 64, sizeof (struct _des_ctx
),
892 do_des_setkey
, do_des_encrypt
, do_des_decrypt
895 .modname
= "gcry_des",
899 static gcry_cipher_oid_spec_t oids_tripledes
[] =
901 { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC
},
902 /* Teletrust specific OID for 3DES. */
903 { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC
},
904 /* pbeWithSHAAnd3_KeyTripleDES_CBC */
905 { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC
},
909 gcry_cipher_spec_t _gcry_cipher_spec_tripledes
=
911 "3DES", NULL
, oids_tripledes
, 8, 192, sizeof (struct _tripledes_ctx
),
912 do_tripledes_setkey
, do_tripledes_encrypt
, do_tripledes_decrypt
915 .modname
= "gcry_des",
921 GRUB_MOD_INIT(gcry_des
)
923 grub_cipher_register (&_gcry_cipher_spec_des
);
924 grub_cipher_register (&_gcry_cipher_spec_tripledes
);
927 GRUB_MOD_FINI(gcry_des
)
929 grub_cipher_unregister (&_gcry_cipher_spec_des
);
930 grub_cipher_unregister (&_gcry_cipher_spec_tripledes
);