search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tests: fix 'invalid path dir' error
[gnulib.git] / lib / des.c
blob8c56bf553d87112dc90771e95e0465682dc56dfd
1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998-1999, 2001-2007, 2009-2017 Free Software Foundation, Inc.
3 *
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published
6 * by the Free Software Foundation; either version 2, or (at your
7 * option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this file; if not, see <https://www.gnu.org/licenses/>.
16 *
17 */
18
19 /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
20
21 /*
22 * For a description of triple encryption, see:
23 * Bruce Schneier: Applied Cryptography. Second Edition.
24 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
25 * This implementation is according to the definition of DES in FIPS
26 * PUB 46-2 from December 1993.
27 *
28 * Written by Michael Roth <mroth@nessie.de>, September 1998
29 */
30
31 /*
32 * U S A G E
33 * ===========
34 *
35 * For DES or Triple-DES encryption/decryption you must initialize a proper
36 * encryption context with a key.
37 *
38 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
39 * bits are parity bits and they will _not_ checked in this implementation, but
40 * simply ignored.
41 *
42 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
43 * The parity bits will _not_ checked, too.
44 *
45 * After initializing a context with a key you could use this context to
46 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
47 *
48 * DES Example
49 * -----------
50 * unsigned char key[8];
51 * unsigned char plaintext[8];
52 * unsigned char ciphertext[8];
53 * unsigned char recoverd[8];
54 * gl_des_ctx context;
55 *
56 * // Fill 'key' and 'plaintext' with some data
57 * ....
58 *
59 * // Set up the DES encryption context
60 * gl_des_setkey(&context, key);
61 *
62 * // Encrypt the plaintext
63 * des_ecb_encrypt(&context, plaintext, ciphertext);
64 *
65 * // To recover the original plaintext from ciphertext use:
66 * des_ecb_decrypt(&context, ciphertext, recoverd);
67 *
68 *
69 * Triple-DES Example
70 * ------------------
71 * unsigned char key1[8];
72 * unsigned char key2[8];
73 * unsigned char key3[8];
74 * unsigned char plaintext[8];
75 * unsigned char ciphertext[8];
76 * unsigned char recoverd[8];
77 * gl_3des_ctx context;
78 *
79 * // If you would like to use two 64bit keys, fill 'key1' and'key2'
80 * // then setup the encryption context:
81 * gl_3des_set2keys(&context, key1, key2);
82 *
83 * // To use three 64bit keys with Triple-DES use:
84 * gl_3des_set3keys(&context, key1, key2, key3);
85 *
86 * // Encrypting plaintext with Triple-DES
87 * gl_3des_ecb_encrypt(&context, plaintext, ciphertext);
88 *
89 * // Decrypting ciphertext to recover the plaintext with Triple-DES
90 * gl_3des_ecb_decrypt(&context, ciphertext, recoverd);
91 */
92
93
94 #include <config.h>
95
96 #include "des.h"
97
98 #include <stdio.h>
99 #include <string.h> /* memcpy, memcmp */
100
101 /*
102 * The s-box values are permuted according to the 'primitive function P'
103 * and are rotated one bit to the left.
104 */
105 static const uint32_t sbox1[64] = {
106 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
107 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
108 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
109 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
110 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
111 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
112 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
113 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
114 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
115 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
116 0x00010004, 0x00010400, 0x00000000, 0x01010004
117 };
118
119 static const uint32_t sbox2[64] = {
120 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
121 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
122 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
123 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
124 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
125 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
126 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
127 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
128 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
129 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
130 0x80000000, 0x80100020, 0x80108020, 0x00108000
131 };
132
133 static const uint32_t sbox3[64] = {
134 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
135 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
136 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
137 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
138 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
139 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
140 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
141 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
142 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
143 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
144 0x00020208, 0x00000008, 0x08020008, 0x00020200
145 };
146
147 static const uint32_t sbox4[64] = {
148 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
149 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
150 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
151 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
152 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
153 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
155 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
156 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
157 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
158 0x00000080, 0x00800000, 0x00002000, 0x00802080
159 };
160
161 static const uint32_t sbox5[64] = {
162 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
163 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
164 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
165 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
166 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
167 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
168 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
169 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
170 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
171 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
172 0x00000000, 0x40080000, 0x02080100, 0x40000100
173 };
174
175 static const uint32_t sbox6[64] = {
176 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
177 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
178 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
179 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
180 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
181 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
182 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
183 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
184 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
185 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
186 0x20404000, 0x20000000, 0x00400010, 0x20004010
187 };
188
189 static const uint32_t sbox7[64] = {
190 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
191 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
192 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
193 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
195 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
196 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
197 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
198 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
199 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
200 0x04000002, 0x04000800, 0x00000800, 0x00200002
201 };
202
203 static const uint32_t sbox8[64] = {
204 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
205 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
206 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
207 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
208 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
209 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
210 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
211 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
212 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
213 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
214 0x00001040, 0x00040040, 0x10000000, 0x10041000
215 };
216
217 /*
218 * These two tables are part of the 'permuted choice 1' function.
219 * In this implementation several speed improvements are done.
220 */
221 static const uint32_t leftkey_swap[16] = {
222 0x00000000, 0x00000001, 0x00000100, 0x00000101,
223 0x00010000, 0x00010001, 0x00010100, 0x00010101,
224 0x01000000, 0x01000001, 0x01000100, 0x01000101,
225 0x01010000, 0x01010001, 0x01010100, 0x01010101
226 };
227
228 static const uint32_t rightkey_swap[16] = {
229 0x00000000, 0x01000000, 0x00010000, 0x01010000,
230 0x00000100, 0x01000100, 0x00010100, 0x01010100,
231 0x00000001, 0x01000001, 0x00010001, 0x01010001,
232 0x00000101, 0x01000101, 0x00010101, 0x01010101,
233 };
234
235 /*
236 * Numbers of left shifts per round for encryption subkeys. To
237 * calculate the decryption subkeys we just reverse the ordering of
238 * the calculated encryption subkeys, so there is no need for a
239 * decryption rotate tab.
240 */
241 static const unsigned char encrypt_rotate_tab[16] = {
242 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
243 };
244
245 /*
246 * Table with weak DES keys sorted in ascending order. In DES there
247 * are 64 known keys which are weak. They are weak because they
248 * produce only one, two or four different subkeys in the subkey
249 * scheduling process. The keys in this table have all their parity
250 * bits cleared.
251 */
252 static const unsigned char weak_keys[64][8] = {
253 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */
254 {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
255 {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
256 {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
257 {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */
258 {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
259 {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
260 {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
261 {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */
262 {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
263 {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
264 {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
265 {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */
266 {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
267 {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
268 {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
269 {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
270 {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */
271 {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
272 {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
273 {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
274 {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */
275 {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
276 {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
277 {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
278 {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */
279 {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
280 {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
281 {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
282 {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */
283 {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
284 {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
285 {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
286 {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
287 {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */
288 {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
289 {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
290 {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
291 {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */
292 {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
293 {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
294 {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
295 {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */
296 {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
297 {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
298 {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
299 {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */
300 {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
301 {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
302 {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
303 {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
304 {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */
305 {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
306 {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
307 {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
308 {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */
309 {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
310 {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
311 {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
312 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */
313 {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
314 {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
315 {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
316 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */
317 };
318
319 bool
320 gl_des_is_weak_key (const char * key)
321 {
322 char work[8];
323 int i, left, right, middle, cmp_result;
324
325 /* clear parity bits */
326 for (i = 0; i < 8; ++i)
327 work[i] = ((unsigned char)key[i]) & 0xfe;
328
329 /* binary search in the weak key table */
330 left = 0;
331 right = 63;
332 while (left <= right)
333 {
334 middle = (left + right) / 2;
335
336 if (!(cmp_result = memcmp (work, weak_keys[middle], 8)))
337 return -1;
338
339 if (cmp_result > 0)
340 left = middle + 1;
341 else
342 right = middle - 1;
343 }
344
345 return 0;
346 }
347
348 /*
349 * Macro to swap bits across two words.
350 */
351 #define DO_PERMUTATION(a, temp, b, offset, mask) \
352 temp = ((a>>offset) ^ b) & mask; \
353 b ^= temp; \
354 a ^= temp<<offset;
355
356
357 /*
358 * This performs the 'initial permutation' of the data to be encrypted
359 * or decrypted. Additionally the resulting two words are rotated one bit
360 * to the left.
361 */
362 #define INITIAL_PERMUTATION(left, temp, right) \
363 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
364 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
365 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
366 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
367 right = (right << 1) | (right >> 31); \
368 temp = (left ^ right) & 0xaaaaaaaa; \
369 right ^= temp; \
370 left ^= temp; \
371 left = (left << 1) | (left >> 31);
372
373 /*
374 * The 'inverse initial permutation'.
375 */
376 #define FINAL_PERMUTATION(left, temp, right) \
377 left = (left << 31) | (left >> 1); \
378 temp = (left ^ right) & 0xaaaaaaaa; \
379 left ^= temp; \
380 right ^= temp; \
381 right = (right << 31) | (right >> 1); \
382 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
383 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
384 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
385 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
386
387
388 /*
389 * A full DES round including 'expansion function', 'sbox substitution'
390 * and 'primitive function P' but without swapping the left and right word.
391 * Please note: The data in 'from' and 'to' is already rotated one bit to
392 * the left, done in the initial permutation.
393 */
394 #define DES_ROUND(from, to, work, subkey) \
395 work = from ^ *subkey++; \
396 to ^= sbox8[ work & 0x3f ]; \
397 to ^= sbox6[ (work>>8) & 0x3f ]; \
398 to ^= sbox4[ (work>>16) & 0x3f ]; \
399 to ^= sbox2[ (work>>24) & 0x3f ]; \
400 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
401 to ^= sbox7[ work & 0x3f ]; \
402 to ^= sbox5[ (work>>8) & 0x3f ]; \
403 to ^= sbox3[ (work>>16) & 0x3f ]; \
404 to ^= sbox1[ (work>>24) & 0x3f ];
405
406 /*
407 * Macros to convert 8 bytes from/to 32bit words.
408 */
409 #define READ_64BIT_DATA(data, left, right) \
410 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
411 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
412
413 #define WRITE_64BIT_DATA(data, left, right) \
414 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
415 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
416 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
417 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
418
419 /*
420 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
421 * 16 encryption rounds.
422 * To calculate subkeys for decryption the caller
423 * have to reorder the generated subkeys.
424 *
425 * rawkey: 8 Bytes of key data
426 * subkey: Array of at least 32 uint32_ts. Will be filled
427 * with calculated subkeys.
428 *
429 */
430 static void
431 des_key_schedule (const char * _rawkey, uint32_t * subkey)
432 {
433 const unsigned char *rawkey = (const unsigned char *) _rawkey;
434 uint32_t left, right, work;
435 int round;
436
437 READ_64BIT_DATA (rawkey, left, right)
438 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
439 DO_PERMUTATION (right, work, left, 0, 0x10101010)
440 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
441 | (leftkey_swap[(left >> 8) & 0xf] << 2)
442 | (leftkey_swap[(left >> 16) & 0xf] << 1)
443 | (leftkey_swap[(left >> 24) & 0xf])
444 | (leftkey_swap[(left >> 5) & 0xf] << 7)
445 | (leftkey_swap[(left >> 13) & 0xf] << 6)
446 | (leftkey_swap[(left >> 21) & 0xf] << 5)
447 | (leftkey_swap[(left >> 29) & 0xf] << 4));
448
449 left &= 0x0fffffff;
450
451 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
452 | (rightkey_swap[(right >> 9) & 0xf] << 2)
453 | (rightkey_swap[(right >> 17) & 0xf] << 1)
454 | (rightkey_swap[(right >> 25) & 0xf])
455 | (rightkey_swap[(right >> 4) & 0xf] << 7)
456 | (rightkey_swap[(right >> 12) & 0xf] << 6)
457 | (rightkey_swap[(right >> 20) & 0xf] << 5)
458 | (rightkey_swap[(right >> 28) & 0xf] << 4));
459
460 right &= 0x0fffffff;
461
462 for (round = 0; round < 16; ++round)
463 {
464 left = ((left << encrypt_rotate_tab[round])
465 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
466 right = ((right << encrypt_rotate_tab[round])
467 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
468
469 *subkey++ = (((left << 4) & 0x24000000)
470 | ((left << 28) & 0x10000000)
471 | ((left << 14) & 0x08000000)
472 | ((left << 18) & 0x02080000)
473 | ((left << 6) & 0x01000000)
474 | ((left << 9) & 0x00200000)
475 | ((left >> 1) & 0x00100000)
476 | ((left << 10) & 0x00040000)
477 | ((left << 2) & 0x00020000)
478 | ((left >> 10) & 0x00010000)
479 | ((right >> 13) & 0x00002000)
480 | ((right >> 4) & 0x00001000)
481 | ((right << 6) & 0x00000800)
482 | ((right >> 1) & 0x00000400)
483 | ((right >> 14) & 0x00000200)
484 | (right & 0x00000100)
485 | ((right >> 5) & 0x00000020)
486 | ((right >> 10) & 0x00000010)
487 | ((right >> 3) & 0x00000008)
488 | ((right >> 18) & 0x00000004)
489 | ((right >> 26) & 0x00000002)
490 | ((right >> 24) & 0x00000001));
491
492 *subkey++ = (((left << 15) & 0x20000000)
493 | ((left << 17) & 0x10000000)
494 | ((left << 10) & 0x08000000)
495 | ((left << 22) & 0x04000000)
496 | ((left >> 2) & 0x02000000)
497 | ((left << 1) & 0x01000000)
498 | ((left << 16) & 0x00200000)
499 | ((left << 11) & 0x00100000)
500 | ((left << 3) & 0x00080000)
501 | ((left >> 6) & 0x00040000)
502 | ((left << 15) & 0x00020000)
503 | ((left >> 4) & 0x00010000)
504 | ((right >> 2) & 0x00002000)
505 | ((right << 8) & 0x00001000)
506 | ((right >> 14) & 0x00000808)
507 | ((right >> 9) & 0x00000400)
508 | ((right) & 0x00000200)
509 | ((right << 7) & 0x00000100)
510 | ((right >> 7) & 0x00000020)
511 | ((right >> 3) & 0x00000011)
512 | ((right << 2) & 0x00000004)
513 | ((right >> 21) & 0x00000002));
514 }
515 }
516
517 void
518 gl_des_setkey (gl_des_ctx *ctx, const char * key)
519 {
520 int i;
521
522 des_key_schedule (key, ctx->encrypt_subkeys);
523
524 for (i = 0; i < 32; i += 2)
525 {
526 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
527 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
528 }
529 }
530
531 bool
532 gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen)
533 {
534 if (keylen != 8)
535 return false;
536
537 gl_des_setkey (ctx, key);
538
539 return !gl_des_is_weak_key (key);
540 }
541
542 void
543 gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode)
544 {
545 const unsigned char *from = (const unsigned char *) _from;
546 unsigned char *to = (unsigned char *) _to;
547 uint32_t left, right, work;
548 uint32_t *keys;
549
550 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
551
552 READ_64BIT_DATA (from, left, right)
553 INITIAL_PERMUTATION (left, work, right)
554 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
555 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
556 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
557 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
558 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
559 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
560 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
561 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
562 FINAL_PERMUTATION (right, work, left)
563 WRITE_64BIT_DATA (to, right, left)
564 }
565
566 void
567 gl_3des_set2keys (gl_3des_ctx *ctx, const char * key1, const char * key2)
568 {
569 int i;
570
571 des_key_schedule (key1, ctx->encrypt_subkeys);
572 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
573
574 for (i = 0; i < 32; i += 2)
575 {
576 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
577 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
578
579 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
580 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
581
582 ctx->encrypt_subkeys[i + 64] = ctx->encrypt_subkeys[i];
583 ctx->encrypt_subkeys[i + 65] = ctx->encrypt_subkeys[i + 1];
584
585 ctx->decrypt_subkeys[i + 64] = ctx->decrypt_subkeys[i];
586 ctx->decrypt_subkeys[i + 65] = ctx->decrypt_subkeys[i + 1];
587 }
588 }
589
590 void
591 gl_3des_set3keys (gl_3des_ctx *ctx, const char * key1,
592 const char * key2, const char * key3)
593 {
594 int i;
595
596 des_key_schedule (key1, ctx->encrypt_subkeys);
597 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
598 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
599
600 for (i = 0; i < 32; i += 2)
601 {
602 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94 - i];
603 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[95 - i];
604
605 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
606 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
607
608 ctx->decrypt_subkeys[i + 64] = ctx->encrypt_subkeys[30 - i];
609 ctx->decrypt_subkeys[i + 65] = ctx->encrypt_subkeys[31 - i];
610 }
611 }
612
613 void
614 gl_3des_ecb_crypt (gl_3des_ctx *ctx,
615 const char * _from,
616 char * _to, int mode)
617 {
618 const unsigned char *from = (const unsigned char *) _from;
619 unsigned char *to = (unsigned char *) _to;
620 uint32_t left, right, work;
621 uint32_t *keys;
622
623 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
624
625 READ_64BIT_DATA (from, left, right)
626 INITIAL_PERMUTATION (left, work, right)
627 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
636 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
637 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
638 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
639 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
640 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
641 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
642 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
643 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
644 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
645 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
646 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
647 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
648 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
649 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
650 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
651 FINAL_PERMUTATION (right, work, left)
652 WRITE_64BIT_DATA (to, right, left)
653 }
654
655 bool
656 gl_3des_makekey (gl_3des_ctx *ctx, const char * key, size_t keylen)
657 {
658 if (keylen != 24)
659 return false;
660
661 gl_3des_set3keys (ctx, key, key + 8, key + 16);
662
663 return !(gl_des_is_weak_key (key)
664 || gl_des_is_weak_key (key + 8)
665 || gl_des_is_weak_key (key + 16));
666 }
Mirror of the GNU Gnulib repository