1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm 2 * Copyright (C) 1998-1999, 2001-2007, 2009-2020 Free Software Foundation, Inc. 3 * 4 * This file is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU Lesser General Public License as published 6 * by the Free Software Foundation; either version 2, or (at your 7 * option) any later version. git_stashnull8 * 9 * This file is distributed in the hope that it will be useful, but 10 * WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public License 15 * along with this file; if not, see <https://www.gnu.org/licenses/>. 16 * 17 */ 18 19 /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */ 20 21 /* 22 * For a description of triple encryption, see: 23 * Bruce Schneier: Applied Cryptography. Second Edition. 24 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff. 25 * This implementation is according to the definition of DES in FIPS 26 * PUB 46-2 from December 1993. 27 * 28 * Written by Michael Roth <mroth@nessie.de>, September 1998 29 */ 30 31 /* 32 * U S A G E 33 * =========== 34 * 35 * For DES or Triple-DES encryption/decryption you must initialize a proper 36 * encryption context with a key. 37 * 38 * A DES key is 64bit wide but only 56bits of the key are used. The remaining 39 * bits are parity bits and they will _not_ checked in this implementation, but 40 * simply ignored. 41 * 42 * For Triple-DES you could use either two 64bit keys or three 64bit keys. 43 * The parity bits will _not_ checked, too. 44 * 45 * After initializing a context with a key you could use this context to 46 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode. 47 * 48 * DES Example 49 * ----------- 50 * unsigned char key[8]; 51 * unsigned char plaintext[8]; 52 * unsigned char ciphertext[8]; 53 * unsigned char recoverd[8]; 54 * gl_des_ctx context; 55 * 56 * // Fill 'key' and 'plaintext' with some data 57 * .... 58 * 59 * // Set up the DES encryption context 60 * gl_des_setkey(&context, key); 61 * 62 * // Encrypt the plaintext 63 * des_ecb_encrypt(&context, plaintext, ciphertext); 64 * 65 * // To recover the original plaintext from ciphertext use: 66 * des_ecb_decrypt(&context, ciphertext, recoverd); 67 * 68 * 69 * Triple-DES Example 70 * ------------------ 71 * unsigned char key1[8]; 72 * unsigned char key2[8]; 73 * unsigned char key3[8]; 74 * unsigned char plaintext[8]; 75 * unsigned char ciphertext[8]; 76 * unsigned char recoverd[8]; 77 * gl_3des_ctx context; 78 * 79 * // If you would like to use two 64bit keys, fill 'key1' and'key2' 80 * // then setup the encryption context: 81 * gl_3des_set2keys(&context, key1, key2); 82 * 83 * // To use three 64bit keys with Triple-DES use: 84 * gl_3des_set3keys(&context, key1, key2, key3); 85 * 86 * // Encrypting plaintext with Triple-DES 87 * gl_3des_ecb_encrypt(&context, plaintext, ciphertext); 88 * 89 * // Decrypting ciphertext to recover the plaintext with Triple-DES 90 * gl_3des_ecb_decrypt(&context, ciphertext, recoverd); 91 */ 92 93 94 #include <config.h> 95 96 #include "des.h" 97 98 #include <stdio.h> 99 #include <string.h> /* memcpy, memcmp */ 100 101 /* 102 * The s-box values are permuted according to the 'primitive function P' 103 * and are rotated one bit to the left. 104 */ 105 static const uint32_t sbox1[64] = { 106 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 107 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, 108 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, 109 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, 110 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 111 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, 112 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, 113 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, 114 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 115 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, 116 0x00010004, 0x00010400, 0x00000000, 0x01010004 117 }; 118 119 static const uint32_t sbox2[64] = { 120 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 121 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, 122 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, 123 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, 124 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 125 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, 126 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, 127 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, 128 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 129 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, 130 0x80000000, 0x80100020, 0x80108020, 0x00108000 131 }; 132 133 static const uint32_t sbox3[64] = { 134 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 135 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, 136 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, 137 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, 138 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 139 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, 140 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, 141 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, 142 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 143 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, 144 0x00020208, 0x00000008, 0x08020008, 0x00020200 145 }; 146 147 static const uint32_t sbox4[64] = { 148 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 149 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, 150 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, 151 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, 152 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 153 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, 154 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, 155 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, 156 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 157 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, 158 0x00000080, 0x00800000, 0x00002000, 0x00802080 159 }; 160 161 static const uint32_t sbox5[64] = { 162 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 163 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, 164 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, 165 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, 166 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 167 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, 168 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, 169 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, 170 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 171 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, 172 0x00000000, 0x40080000, 0x02080100, 0x40000100 173 }; 174 175 static const uint32_t sbox6[64] = { 176 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 177 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, 178 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, 179 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, 180 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 181 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, 182 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, 183 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, 184 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 185 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, 186 0x20404000, 0x20000000, 0x00400010, 0x20004010 187 }; 188 189 static const uint32_t sbox7[64] = { 190 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 191 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, 192 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, 193 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, 194 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 195 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, 196 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, 197 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, 198 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 199 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, 200 0x04000002, 0x04000800, 0x00000800, 0x00200002 201 }; 202 203 static const uint32_t sbox8[64] = { 204 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 205 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, 206 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, 207 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, 208 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 209 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, 210 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, 211 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, 212 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 213 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, 214 0x00001040, 0x00040040, 0x10000000, 0x10041000 215 }; 216 217 /* 218 * These two tables are part of the 'permuted choice 1' function. 219 * In this implementation several speed improvements are done. 220 */ 221 static const uint32_t leftkey_swap[16] = { 222 0x00000000, 0x00000001, 0x00000100, 0x00000101, 223 0x00010000, 0x00010001, 0x00010100, 0x00010101, 224 0x01000000, 0x01000001, 0x01000100, 0x01000101, 225 0x01010000, 0x01010001, 0x01010100, 0x01010101 226 }; 227 228 static const uint32_t rightkey_swap[16] = { 229 0x00000000, 0x01000000, 0x00010000, 0x01010000, 230 0x00000100, 0x01000100, 0x00010100, 0x01010100, 231 0x00000001, 0x01000001, 0x00010001, 0x01010001, 232 0x00000101, 0x01000101, 0x00010101, 0x01010101, 233 }; 234 235 /* 236 * Numbers of left shifts per round for encryption subkeys. To 237 * calculate the decryption subkeys we just reverse the ordering of 238 * the calculated encryption subkeys, so there is no need for a 239 * decryption rotate tab. 240 */ 241 static const unsigned char encrypt_rotate_tab[16] = { 242 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 243 }; 244 245 /* 246 * Table with weak DES keys sorted in ascending order. In DES there 247 * are 64 known keys which are weak. They are weak because they 248 * produce only one, two or four different subkeys in the subkey 249 * scheduling process. The keys in this table have all their parity 250 * bits cleared. 251 */ 252 static const unsigned char weak_keys[64][8] = { 253 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */ 254 {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e}, 255 {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0}, 256 {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe}, 257 {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */ 258 {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00}, 259 {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe}, 260 {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0}, 261 {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */ 262 {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe}, 263 {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00}, 264 {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e}, 265 {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */ 266 {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0}, 267 {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e}, 268 {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00}, 269 {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e}, 270 {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */ 271 {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe}, 272 {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0}, 273 {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00}, 274 {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */ 275 {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0}, 276 {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe}, 277 {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe}, 278 {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */ 279 {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e}, 280 {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00}, 281 {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0}, 282 {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */ 283 {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00}, 284 {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e}, 285 {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0}, 286 {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe}, 287 {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */ 288 {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e}, 289 {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe}, 290 {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0}, 291 {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */ 292 {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00}, 293 {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00}, 294 {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e}, 295 {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */ 296 {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe}, 297 {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e}, 298 {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00}, 299 {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */ 300 {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0}, 301 {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe}, 302 {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0}, 303 {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e}, 304 {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */ 305 {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0}, 306 {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe}, 307 {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00}, 308 {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */ 309 {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e}, 310 {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00}, 311 {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe}, 312 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */ 313 {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00}, 314 {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e}, 315 {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0}, 316 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */ 317 }; 318 319 bool 320 gl_des_is_weak_key (const char * key) 321 { 322 char work[8]; 323 int i, left, right, middle, cmp_result; 324 325 /* clear parity bits */ 326 for (i = 0; i < 8; ++i) 327 work[i] = ((unsigned char)key[i]) & 0xfe; 328 329 /* binary search in the weak key table */ 330 left = 0; 331 right = 63; 332 while (left <= right) 333 { 334 middle = (left + right) / 2; 335 336 if (!(cmp_result = memcmp (work, weak_keys[middle], 8))) 337 return -1; 338 339 if (cmp_result > 0) 340 left = middle + 1; 341 else 342 right = middle - 1; 343 } 344 345 return 0; 346 } 347 348 /* 349 * Macro to swap bits across two words. 350 */ 351 #define DO_PERMUTATION(a, temp, b, offset, mask) \ 352 temp = ((a>>offset) ^ b) & mask; \ 353 b ^= temp; \ 354 a ^= temp<<offset; 355 356 357 /* 358 * This performs the 'initial permutation' of the data to be encrypted 359 * or decrypted. Additionally the resulting two words are rotated one bit 360 * to the left. 361 */ 362 #define INITIAL_PERMUTATION(left, temp, right) \ 363 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \ 364 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ 365 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ 366 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ 367 right = (right << 1) | (right >> 31); \ 368 temp = (left ^ right) & 0xaaaaaaaa; \ 369 right ^= temp; \ 370 left ^= temp; \ 371 left = (left << 1) | (left >> 31); 372 373 /* 374 * The 'inverse initial permutation'. 375 */ 376 #define FINAL_PERMUTATION(left, temp, right) \ 377 left = (left << 31) | (left >> 1); \ 378 temp = (left ^ right) & 0xaaaaaaaa; \ 379 left ^= temp; \ 380 right ^= temp; \ 381 right = (right << 31) | (right >> 1); \ 382 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ 383 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ 384 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ 385 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) 386 387 388 /* 389 * A full DES round including 'expansion function', 'sbox substitution' 390 * and 'primitive function P' but without swapping the left and right word. 391 * Please note: The data in 'from' and 'to' is already rotated one bit to 392 * the left, done in the initial permutation. 393 */ 394 #define DES_ROUND(from, to, work, subkey) \ 395 work = from ^ *subkey++; \ 396 to ^= sbox8[ work & 0x3f ]; \ 397 to ^= sbox6[ (work>>8) & 0x3f ]; \ 398 to ^= sbox4[ (work>>16) & 0x3f ]; \ 399 to ^= sbox2[ (work>>24) & 0x3f ]; \ 400 work = ((from << 28) | (from >> 4)) ^ *subkey++; \ 401 to ^= sbox7[ work & 0x3f ]; \ 402 to ^= sbox5[ (work>>8) & 0x3f ]; \ 403 to ^= sbox3[ (work>>16) & 0x3f ]; \ 404 to ^= sbox1[ (work>>24) & 0x3f ]; 405 406 /* 407 * Macros to convert 8 bytes from/to 32bit words. 408 */ 409 #define READ_64BIT_DATA(data, left, right) \ 410 left = ((uint32_t) data[0] << 24) \ 411 | ((uint32_t) data[1] << 16) \ 412 | ((uint32_t) data[2] << 8) \ 413 | (uint32_t) data[3]; \ 414 right = ((uint32_t) data[4] << 24) \ 415 | ((uint32_t) data[5] << 16) \ 416 | ((uint32_t) data[6] << 8) \ 417 | (uint32_t) data[7]; 418 419 #define WRITE_64BIT_DATA(data, left, right) \ 420 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \ 421 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \ 422 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \ 423 data[6] = (right >> 8) &0xff; data[7] = right &0xff; 424 425 /* 426 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for 427 * 16 encryption rounds. 428 * To calculate subkeys for decryption the caller 429 * have to reorder the generated subkeys. 430 * 431 * rawkey: 8 Bytes of key data 432 * subkey: Array of at least 32 uint32_ts. Will be filled 433 * with calculated subkeys. 434 * 435 */ 436 static void 437 des_key_schedule (const char * _rawkey, uint32_t * subkey) 438 { 439 const unsigned char *rawkey = (const unsigned char *) _rawkey; 440 uint32_t left, right, work; 441 int round; 442 443 READ_64BIT_DATA (rawkey, left, right) 444 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f) 445 DO_PERMUTATION (right, work, left, 0, 0x10101010) 446 left = ((leftkey_swap[(left >> 0) & 0xf] << 3) 447 | (leftkey_swap[(left >> 8) & 0xf] << 2) 448 | (leftkey_swap[(left >> 16) & 0xf] << 1) 449 | (leftkey_swap[(left >> 24) & 0xf]) 450 | (leftkey_swap[(left >> 5) & 0xf] << 7) 451 | (leftkey_swap[(left >> 13) & 0xf] << 6) 452 | (leftkey_swap[(left >> 21) & 0xf] << 5) 453 | (leftkey_swap[(left >> 29) & 0xf] << 4)); 454 455 left &= 0x0fffffff; 456 457 right = ((rightkey_swap[(right >> 1) & 0xf] << 3) 458 | (rightkey_swap[(right >> 9) & 0xf] << 2) 459 | (rightkey_swap[(right >> 17) & 0xf] << 1) 460 | (rightkey_swap[(right >> 25) & 0xf]) 461 | (rightkey_swap[(right >> 4) & 0xf] << 7) 462 | (rightkey_swap[(right >> 12) & 0xf] << 6) 463 | (rightkey_swap[(right >> 20) & 0xf] << 5) 464 | (rightkey_swap[(right >> 28) & 0xf] << 4)); 465 466 right &= 0x0fffffff; 467 468 for (round = 0; round < 16; ++round) 469 { 470 left = ((left << encrypt_rotate_tab[round]) 471 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; 472 right = ((right << encrypt_rotate_tab[round]) 473 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; 474 475 *subkey++ = (((left << 4) & 0x24000000) 476 | ((left << 28) & 0x10000000) 477 | ((left << 14) & 0x08000000) 478 | ((left << 18) & 0x02080000) 479 | ((left << 6) & 0x01000000) 480 | ((left << 9) & 0x00200000) 481 | ((left >> 1) & 0x00100000) 482 | ((left << 10) & 0x00040000) 483 | ((left << 2) & 0x00020000) 484 | ((left >> 10) & 0x00010000) 485 | ((right >> 13) & 0x00002000) 486 | ((right >> 4) & 0x00001000) 487 | ((right << 6) & 0x00000800) 488 | ((right >> 1) & 0x00000400) 489 | ((right >> 14) & 0x00000200) 490 | (right & 0x00000100) 491 | ((right >> 5) & 0x00000020) 492 | ((right >> 10) & 0x00000010) 493 | ((right >> 3) & 0x00000008) 494 | ((right >> 18) & 0x00000004) 495 | ((right >> 26) & 0x00000002) 496 | ((right >> 24) & 0x00000001)); 497 498 *subkey++ = (((left << 15) & 0x20000000) 499 | ((left << 17) & 0x10000000) 500 | ((left << 10) & 0x08000000) 501 | ((left << 22) & 0x04000000) 502 | ((left >> 2) & 0x02000000) 503 | ((left << 1) & 0x01000000) 504 | ((left << 16) & 0x00200000) 505 | ((left << 11) & 0x00100000) 506 | ((left << 3) & 0x00080000) 507 | ((left >> 6) & 0x00040000) 508 | ((left << 15) & 0x00020000) 509 | ((left >> 4) & 0x00010000) 510 | ((right >> 2) & 0x00002000) 511 | ((right << 8) & 0x00001000) 512 | ((right >> 14) & 0x00000808) 513 | ((right >> 9) & 0x00000400) 514 | ((right) & 0x00000200) 515 | ((right << 7) & 0x00000100) 516 | ((right >> 7) & 0x00000020) 517 | ((right >> 3) & 0x00000011) 518 | ((right << 2) & 0x00000004) 519 | ((right >> 21) & 0x00000002)); 520 } 521 } 522 523 void 524 gl_des_setkey (gl_des_ctx *ctx, const char * key) 525 { 526 int i; 527 528 des_key_schedule (key, ctx->encrypt_subkeys); 529 530 for (i = 0; i < 32; i += 2) 531 { 532 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i]; 533 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i]; 534 } 535 } 536 537 bool 538 gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen) 539 { 540 if (keylen != 8) 541 return false; 542 543 gl_des_setkey (ctx, key); 544 545 return !gl_des_is_weak_key (key); 546 } 547 548 void 549 gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode) 550 { 551 const unsigned char *from = (const unsigned char *) _from; 552 unsigned char *to = (unsigned char *) _to; 553 uint32_t left, right, work; 554 uint32_t *keys; 555 556 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; 557 558 READ_64BIT_DATA (from, left, right) 559 INITIAL_PERMUTATION (left, work, right) 560 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 561 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 562 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 563 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 564 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 565 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 566 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 567 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 568 FINAL_PERMUTATION (right, work, left) 569 WRITE_64BIT_DATA (to, right, left) 570 } 571 572 void 573 gl_3des_set2keys (gl_3des_ctx *ctx, const char * key1, const char * key2) 574 { 575 int i; 576 577 des_key_schedule (key1, ctx->encrypt_subkeys); 578 des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); 579 580 for (i = 0; i < 32; i += 2) 581 { 582 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i]; 583 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i]; 584 585 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i]; 586 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i]; 587 588 ctx->encrypt_subkeys[i + 64] = ctx->encrypt_subkeys[i]; 589 ctx->encrypt_subkeys[i + 65] = ctx->encrypt_subkeys[i + 1]; 590 591 ctx->decrypt_subkeys[i + 64] = ctx->decrypt_subkeys[i]; 592 ctx->decrypt_subkeys[i + 65] = ctx->decrypt_subkeys[i + 1]; 593 } 594 } 595 596 void 597 gl_3des_set3keys (gl_3des_ctx *ctx, const char * key1, 598 const char * key2, const char * key3) 599 { 600 int i; 601 602 des_key_schedule (key1, ctx->encrypt_subkeys); 603 des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); 604 des_key_schedule (key3, &(ctx->encrypt_subkeys[64])); 605 606 for (i = 0; i < 32; i += 2) 607 { 608 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94 - i]; 609 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[95 - i]; 610 611 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i]; 612 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i]; 613 614 ctx->decrypt_subkeys[i + 64] = ctx->encrypt_subkeys[30 - i]; 615 ctx->decrypt_subkeys[i + 65] = ctx->encrypt_subkeys[31 - i]; 616 } 617 } 618 619 void 620 gl_3des_ecb_crypt (gl_3des_ctx *ctx, 621 const char * _from, 622 char * _to, int mode) 623 { 624 const unsigned char *from = (const unsigned char *) _from; 625 unsigned char *to = (unsigned char *) _to; 626 uint32_t left, right, work; 627 uint32_t *keys; 628 629 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; 630 631 READ_64BIT_DATA (from, left, right) 632 INITIAL_PERMUTATION (left, work, right) 633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 635 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 636 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 637 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 638 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 639 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 640 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 641 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 642 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 643 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 644 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 645 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 646 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 647 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 648 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) 649 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 650 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 651 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 652 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 653 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 654 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 655 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 656 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) 657 FINAL_PERMUTATION (right, work, left) 658 WRITE_64BIT_DATA (to, right, left) 659 } 660 661 bool 662 gl_3des_makekey (gl_3des_ctx *ctx, const char * key, size_t keylen) 663 { 664 if (keylen != 24) 665 return false; 666 667 gl_3des_set3keys (ctx, key, key + 8, key + 16); 668 669 return !(gl_des_is_weak_key (key) 670 || gl_des_is_weak_key (key + 8) 671 || gl_des_is_weak_key (key + 16)); 672 } 673