search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
exp2l: Work around a NetBSD 10.0/i386 bug.
[gnulib.git] / lib / des.c
blobd5c26023861c77cbe06548c2e9a24ed6daf3abec
1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998-1999, 2001-2007, 2009-2024 Free Software Foundation, Inc.
3 *
4 * This file is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Lesser General Public License as
6 * published by the Free Software Foundation; either version 2.1 of the
7 * License, or (at your option) any later version.
8 *
9 * This file is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 *
17 */
18
19 /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
20
21 /*
22 * For a description of triple encryption, see:
23 * Bruce Schneier: Applied Cryptography. Second Edition.
24 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
25 * This implementation is according to the definition of DES in FIPS
26 * PUB 46-2 from December 1993.
27 *
28 * Written by Michael Roth <mroth@nessie.de>, September 1998
29 */
30
31 /*
32 * U S A G E
33 * ===========
34 *
35 * For DES or Triple-DES encryption/decryption you must initialize a proper
36 * encryption context with a key.
37 *
38 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
39 * bits are parity bits and they will _not_ checked in this implementation, but
40 * simply ignored.
41 *
42 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
43 * The parity bits will _not_ checked, too.
44 *
45 * After initializing a context with a key you could use this context to
46 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
47 *
48 * DES Example
49 * -----------
50 * unsigned char key[8];
51 * unsigned char plaintext[8];
52 * unsigned char ciphertext[8];
53 * unsigned char recovered[8];
54 * gl_des_ctx context;
55 *
56 * // Fill 'key' and 'plaintext' with some data
57 * ....
58 *
59 * // Set up the DES encryption context
60 * gl_des_setkey(&context, key);
61 *
62 * // Encrypt the plaintext
63 * des_ecb_encrypt(&context, plaintext, ciphertext);
64 *
65 * // To recover the original plaintext from ciphertext use:
66 * des_ecb_decrypt(&context, ciphertext, recovered);
67 *
68 *
69 * Triple-DES Example
70 * ------------------
71 * unsigned char key1[8];
72 * unsigned char key2[8];
73 * unsigned char key3[8];
74 * unsigned char plaintext[8];
75 * unsigned char ciphertext[8];
76 * unsigned char recovered[8];
77 * gl_3des_ctx context;
78 *
79 * // If you would like to use two 64bit keys, fill 'key1' and 'key2'
80 * // then setup the encryption context:
81 * gl_3des_set2keys(&context, key1, key2);
82 *
83 * // To use three 64bit keys with Triple-DES use:
84 * gl_3des_set3keys(&context, key1, key2, key3);
85 *
86 * // Encrypting plaintext with Triple-DES
87 * gl_3des_ecb_encrypt(&context, plaintext, ciphertext);
88 *
89 * // Decrypting ciphertext to recover the plaintext with Triple-DES
90 * gl_3des_ecb_decrypt(&context, ciphertext, recovered);
91 */
92
93
94 #include <config.h>
95
96 #include "des.h"
97
98 #include <stdio.h>
99 #include <string.h> /* memcpy, memcmp */
100
101 /*
102 * The s-box values are permuted according to the 'primitive function P'
103 * and are rotated one bit to the left.
104 */
105 static const uint32_t sbox1[64] = {
106 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
107 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
108 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
109 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
110 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
111 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
112 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
113 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
114 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
115 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
116 0x00010004, 0x00010400, 0x00000000, 0x01010004
117 };
118
119 static const uint32_t sbox2[64] = {
120 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
121 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
122 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
123 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
124 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
125 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
126 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
127 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
128 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
129 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
130 0x80000000, 0x80100020, 0x80108020, 0x00108000
131 };
132
133 static const uint32_t sbox3[64] = {
134 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
135 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
136 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
137 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
138 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
139 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
140 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
141 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
142 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
143 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
144 0x00020208, 0x00000008, 0x08020008, 0x00020200
145 };
146
147 static const uint32_t sbox4[64] = {
148 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
149 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
150 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
151 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
152 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
153 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
155 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
156 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
157 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
158 0x00000080, 0x00800000, 0x00002000, 0x00802080
159 };
160
161 static const uint32_t sbox5[64] = {
162 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
163 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
164 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
165 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
166 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
167 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
168 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
169 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
170 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
171 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
172 0x00000000, 0x40080000, 0x02080100, 0x40000100
173 };
174
175 static const uint32_t sbox6[64] = {
176 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
177 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
178 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
179 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
180 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
181 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
182 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
183 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
184 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
185 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
186 0x20404000, 0x20000000, 0x00400010, 0x20004010
187 };
188
189 static const uint32_t sbox7[64] = {
190 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
191 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
192 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
193 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
194 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
195 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
196 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
197 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
198 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
199 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
200 0x04000002, 0x04000800, 0x00000800, 0x00200002
201 };
202
203 static const uint32_t sbox8[64] = {
204 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
205 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
206 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
207 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
208 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
209 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
210 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
211 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
212 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
213 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
214 0x00001040, 0x00040040, 0x10000000, 0x10041000
215 };
216
217 /*
218 * These two tables are part of the 'permuted choice 1' function.
219 * In this implementation several speed improvements are done.
220 */
221 static const uint32_t leftkey_swap[16] = {
222 0x00000000, 0x00000001, 0x00000100, 0x00000101,
223 0x00010000, 0x00010001, 0x00010100, 0x00010101,
224 0x01000000, 0x01000001, 0x01000100, 0x01000101,
225 0x01010000, 0x01010001, 0x01010100, 0x01010101
226 };
227
228 static const uint32_t rightkey_swap[16] = {
229 0x00000000, 0x01000000, 0x00010000, 0x01010000,
230 0x00000100, 0x01000100, 0x00010100, 0x01010100,
231 0x00000001, 0x01000001, 0x00010001, 0x01010001,
232 0x00000101, 0x01000101, 0x00010101, 0x01010101,
233 };
234
235 /*
236 * Numbers of left shifts per round for encryption subkeys. To
237 * calculate the decryption subkeys we just reverse the ordering of
238 * the calculated encryption subkeys, so there is no need for a
239 * decryption rotate tab.
240 */
241 static const unsigned char encrypt_rotate_tab[16] = {
242 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
243 };
244
245 /*
246 * Table with weak DES keys sorted in ascending order. In DES there
247 * are 64 known keys which are weak. They are weak because they
248 * produce only one, two or four different subkeys in the subkey
249 * scheduling process. The keys in this table have all their parity
250 * bits cleared.
251 */
252 static const unsigned char weak_keys[64][8] = {
253 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */
254 {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
255 {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
256 {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
257 {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */
258 {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
259 {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
260 {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
261 {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */
262 {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
263 {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
264 {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
265 {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */
266 {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
267 {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
268 {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
269 {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
270 {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */
271 {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
272 {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
273 {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
274 {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */
275 {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
276 {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
277 {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
278 {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */
279 {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
280 {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
281 {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
282 {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */
283 {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
284 {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
285 {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
286 {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
287 {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */
288 {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
289 {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
290 {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
291 {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */
292 {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
293 {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
294 {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
295 {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */
296 {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
297 {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
298 {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
299 {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */
300 {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
301 {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
302 {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
303 {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
304 {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */
305 {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
306 {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
307 {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
308 {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */
309 {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
310 {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
311 {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
312 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */
313 {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
314 {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
315 {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
316 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */
317 };
318
319 bool
320 gl_des_is_weak_key (const char * key)
321 {
322 char work[8];
323 int i, left, right, middle, cmp_result;
324
325 /* clear parity bits */
326 for (i = 0; i < 8; ++i)
327 work[i] = ((unsigned char)key[i]) & 0xfe;
328
329 /* binary search in the weak key table */
330 left = 0;
331 right = 63;
332 while (left <= right)
333 {
334 middle = (left + right) / 2;
335
336 if (!(cmp_result = memcmp (work, weak_keys[middle], 8)))
337 return -1;
338
339 if (cmp_result > 0)
340 left = middle + 1;
341 else
342 right = middle - 1;
343 }
344
345 return 0;
346 }
347
348 /*
349 * Macro to swap bits across two words.
350 */
351 #define DO_PERMUTATION(a, temp, b, offset, mask) \
352 temp = ((a>>offset) ^ b) & mask; \
353 b ^= temp; \
354 a ^= temp<<offset;
355
356
357 /*
358 * This performs the 'initial permutation' of the data to be encrypted
359 * or decrypted. Additionally the resulting two words are rotated one bit
360 * to the left.
361 */
362 #define INITIAL_PERMUTATION(left, temp, right) \
363 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
364 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
365 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
366 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
367 right = (right << 1) | (right >> 31); \
368 temp = (left ^ right) & 0xaaaaaaaa; \
369 right ^= temp; \
370 left ^= temp; \
371 left = (left << 1) | (left >> 31);
372
373 /*
374 * The 'inverse initial permutation'.
375 */
376 #define FINAL_PERMUTATION(left, temp, right) \
377 left = (left << 31) | (left >> 1); \
378 temp = (left ^ right) & 0xaaaaaaaa; \
379 left ^= temp; \
380 right ^= temp; \
381 right = (right << 31) | (right >> 1); \
382 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
383 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
384 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
385 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
386
387
388 /*
389 * A full DES round including 'expansion function', 'sbox substitution'
390 * and 'primitive function P' but without swapping the left and right word.
391 * Please note: The data in 'from' and 'to' is already rotated one bit to
392 * the left, done in the initial permutation.
393 */
394 #define DES_ROUND(from, to, work, subkey) \
395 work = from ^ *subkey++; \
396 to ^= sbox8[ work & 0x3f ]; \
397 to ^= sbox6[ (work>>8) & 0x3f ]; \
398 to ^= sbox4[ (work>>16) & 0x3f ]; \
399 to ^= sbox2[ (work>>24) & 0x3f ]; \
400 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
401 to ^= sbox7[ work & 0x3f ]; \
402 to ^= sbox5[ (work>>8) & 0x3f ]; \
403 to ^= sbox3[ (work>>16) & 0x3f ]; \
404 to ^= sbox1[ (work>>24) & 0x3f ];
405
406 /*
407 * Macros to convert 8 bytes from/to 32bit words.
408 */
409 #define READ_64BIT_DATA(data, left, right) \
410 left = ((uint32_t) data[0] << 24) \
411 | ((uint32_t) data[1] << 16) \
412 | ((uint32_t) data[2] << 8) \
413 | (uint32_t) data[3]; \
414 right = ((uint32_t) data[4] << 24) \
415 | ((uint32_t) data[5] << 16) \
416 | ((uint32_t) data[6] << 8) \
417 | (uint32_t) data[7];
418
419 #define WRITE_64BIT_DATA(data, left, right) \
420 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
421 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
422 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
423 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
424
425 /*
426 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
427 * 16 encryption rounds.
428 * To calculate subkeys for decryption the caller
429 * have to reorder the generated subkeys.
430 *
431 * rawkey: 8 Bytes of key data
432 * subkey: Array of at least 32 uint32_ts. Will be filled
433 * with calculated subkeys.
434 *
435 */
436 static void
437 des_key_schedule (const char * _rawkey, uint32_t * subkey)
438 {
439 const unsigned char *rawkey = (const unsigned char *) _rawkey;
440 uint32_t left, right, work;
441 int round;
442
443 READ_64BIT_DATA (rawkey, left, right)
444 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
445 DO_PERMUTATION (right, work, left, 0, 0x10101010)
446 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
447 | (leftkey_swap[(left >> 8) & 0xf] << 2)
448 | (leftkey_swap[(left >> 16) & 0xf] << 1)
449 | (leftkey_swap[(left >> 24) & 0xf])
450 | (leftkey_swap[(left >> 5) & 0xf] << 7)
451 | (leftkey_swap[(left >> 13) & 0xf] << 6)
452 | (leftkey_swap[(left >> 21) & 0xf] << 5)
453 | (leftkey_swap[(left >> 29) & 0xf] << 4));
454
455 left &= 0x0fffffff;
456
457 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
458 | (rightkey_swap[(right >> 9) & 0xf] << 2)
459 | (rightkey_swap[(right >> 17) & 0xf] << 1)
460 | (rightkey_swap[(right >> 25) & 0xf])
461 | (rightkey_swap[(right >> 4) & 0xf] << 7)
462 | (rightkey_swap[(right >> 12) & 0xf] << 6)
463 | (rightkey_swap[(right >> 20) & 0xf] << 5)
464 | (rightkey_swap[(right >> 28) & 0xf] << 4));
465
466 right &= 0x0fffffff;
467
468 for (round = 0; round < 16; ++round)
469 {
470 left = ((left << encrypt_rotate_tab[round])
471 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
472 right = ((right << encrypt_rotate_tab[round])
473 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
474
475 *subkey++ = (((left << 4) & 0x24000000)
476 | ((left << 28) & 0x10000000)
477 | ((left << 14) & 0x08000000)
478 | ((left << 18) & 0x02080000)
479 | ((left << 6) & 0x01000000)
480 | ((left << 9) & 0x00200000)
481 | ((left >> 1) & 0x00100000)
482 | ((left << 10) & 0x00040000)
483 | ((left << 2) & 0x00020000)
484 | ((left >> 10) & 0x00010000)
485 | ((right >> 13) & 0x00002000)
486 | ((right >> 4) & 0x00001000)
487 | ((right << 6) & 0x00000800)
488 | ((right >> 1) & 0x00000400)
489 | ((right >> 14) & 0x00000200)
490 | (right & 0x00000100)
491 | ((right >> 5) & 0x00000020)
492 | ((right >> 10) & 0x00000010)
493 | ((right >> 3) & 0x00000008)
494 | ((right >> 18) & 0x00000004)
495 | ((right >> 26) & 0x00000002)
496 | ((right >> 24) & 0x00000001));
497
498 *subkey++ = (((left << 15) & 0x20000000)
499 | ((left << 17) & 0x10000000)
500 | ((left << 10) & 0x08000000)
501 | ((left << 22) & 0x04000000)
502 | ((left >> 2) & 0x02000000)
503 | ((left << 1) & 0x01000000)
504 | ((left << 16) & 0x00200000)
505 | ((left << 11) & 0x00100000)
506 | ((left << 3) & 0x00080000)
507 | ((left >> 6) & 0x00040000)
508 | ((left << 15) & 0x00020000)
509 | ((left >> 4) & 0x00010000)
510 | ((right >> 2) & 0x00002000)
511 | ((right << 8) & 0x00001000)
512 | ((right >> 14) & 0x00000808)
513 | ((right >> 9) & 0x00000400)
514 | ((right) & 0x00000200)
515 | ((right << 7) & 0x00000100)
516 | ((right >> 7) & 0x00000020)
517 | ((right >> 3) & 0x00000011)
518 | ((right << 2) & 0x00000004)
519 | ((right >> 21) & 0x00000002));
520 }
521 }
522
523 void
524 gl_des_setkey (gl_des_ctx *ctx, const char * key)
525 {
526 int i;
527
528 des_key_schedule (key, ctx->encrypt_subkeys);
529
530 for (i = 0; i < 32; i += 2)
531 {
532 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
533 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
534 }
535 }
536
537 bool
538 gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen)
539 {
540 if (keylen != 8)
541 return false;
542
543 gl_des_setkey (ctx, key);
544
545 return !gl_des_is_weak_key (key);
546 }
547
548 void
549 gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode)
550 {
551 const unsigned char *from = (const unsigned char *) _from;
552 unsigned char *to = (unsigned char *) _to;
553 uint32_t left, right, work;
554 uint32_t *keys;
555
556 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
557
558 READ_64BIT_DATA (from, left, right)
559 INITIAL_PERMUTATION (left, work, right)
560 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
561 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
562 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
563 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
564 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
565 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
566 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
567 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
568 FINAL_PERMUTATION (right, work, left)
569 WRITE_64BIT_DATA (to, right, left)
570 }
571
572 void
573 gl_3des_set2keys (gl_3des_ctx *ctx, const char * key1, const char * key2)
574 {
575 int i;
576
577 des_key_schedule (key1, ctx->encrypt_subkeys);
578 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
579
580 for (i = 0; i < 32; i += 2)
581 {
582 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
583 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
584
585 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
586 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
587
588 ctx->encrypt_subkeys[i + 64] = ctx->encrypt_subkeys[i];
589 ctx->encrypt_subkeys[i + 65] = ctx->encrypt_subkeys[i + 1];
590
591 ctx->decrypt_subkeys[i + 64] = ctx->decrypt_subkeys[i];
592 ctx->decrypt_subkeys[i + 65] = ctx->decrypt_subkeys[i + 1];
593 }
594 }
595
596 void
597 gl_3des_set3keys (gl_3des_ctx *ctx, const char * key1,
598 const char * key2, const char * key3)
599 {
600 int i;
601
602 des_key_schedule (key1, ctx->encrypt_subkeys);
603 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
604 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
605
606 for (i = 0; i < 32; i += 2)
607 {
608 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94 - i];
609 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[95 - i];
610
611 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
612 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
613
614 ctx->decrypt_subkeys[i + 64] = ctx->encrypt_subkeys[30 - i];
615 ctx->decrypt_subkeys[i + 65] = ctx->encrypt_subkeys[31 - i];
616 }
617 }
618
619 void
620 gl_3des_ecb_crypt (gl_3des_ctx *ctx,
621 const char * _from,
622 char * _to, int mode)
623 {
624 const unsigned char *from = (const unsigned char *) _from;
625 unsigned char *to = (unsigned char *) _to;
626 uint32_t left, right, work;
627 uint32_t *keys;
628
629 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
630
631 READ_64BIT_DATA (from, left, right)
632 INITIAL_PERMUTATION (left, work, right)
633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
636 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
637 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
638 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
639 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
640 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
641 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
642 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
643 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
644 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
645 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
646 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
647 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
648 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
649 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
650 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
651 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
652 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
653 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
654 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
655 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
656 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
657 FINAL_PERMUTATION (right, work, left)
658 WRITE_64BIT_DATA (to, right, left)
659 }
660
661 bool
662 gl_3des_makekey (gl_3des_ctx *ctx, const char * key, size_t keylen)
663 {
664 if (keylen != 24)
665 return false;
666
667 gl_3des_set3keys (ctx, key, key + 8, key + 16);
668
669 return !(gl_des_is_weak_key (key)
670 || gl_des_is_weak_key (key + 8)
671 || gl_des_is_weak_key (key + 16));
672 }
Mirror of the GNU Gnulib repository