1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998-1999, 2001-2007, 2009-2011 Free Software Foundation, Inc.
4 * This file is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published
6 * by the Free Software Foundation; either version 2, or (at your
7 * option) any later version.
9 * This file is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this file; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
24 * For a description of triple encryption, see:
25 * Bruce Schneier: Applied Cryptography. Second Edition.
26 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
27 * This implementation is according to the definition of DES in FIPS
28 * PUB 46-2 from December 1993.
30 * Written by Michael Roth <mroth@nessie.de>, September 1998
37 * For DES or Triple-DES encryption/decryption you must initialize a proper
38 * encryption context with a key.
40 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
41 * bits are parity bits and they will _not_ checked in this implementation, but
44 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
45 * The parity bits will _not_ checked, too.
47 * After initializing a context with a key you could use this context to
48 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
52 * unsigned char key[8];
53 * unsigned char plaintext[8];
54 * unsigned char ciphertext[8];
55 * unsigned char recoverd[8];
58 * // Fill 'key' and 'plaintext' with some data
61 * // Set up the DES encryption context
62 * gl_des_setkey(&context, key);
64 * // Encrypt the plaintext
65 * des_ecb_encrypt(&context, plaintext, ciphertext);
67 * // To recover the orginal plaintext from ciphertext use:
68 * des_ecb_decrypt(&context, ciphertext, recoverd);
73 * unsigned char key1[8];
74 * unsigned char key2[8];
75 * unsigned char key3[8];
76 * unsigned char plaintext[8];
77 * unsigned char ciphertext[8];
78 * unsigned char recoverd[8];
79 * gl_3des_ctx context;
81 * // If you would like to use two 64bit keys, fill 'key1' and'key2'
82 * // then setup the encryption context:
83 * gl_3des_set2keys(&context, key1, key2);
85 * // To use three 64bit keys with Triple-DES use:
86 * gl_3des_set3keys(&context, key1, key2, key3);
88 * // Encrypting plaintext with Triple-DES
89 * gl_3des_ecb_encrypt(&context, plaintext, ciphertext);
91 * // Decrypting ciphertext to recover the plaintext with Triple-DES
92 * gl_3des_ecb_decrypt(&context, ciphertext, recoverd);
101 #include <string.h> /* memcpy, memcmp */
104 * The s-box values are permuted according to the 'primitive function P'
105 * and are rotated one bit to the left.
107 static const uint32_t sbox1[64] = {
108 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
109 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
110 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
111 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
112 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
113 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
114 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
115 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
116 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
117 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
118 0x00010004, 0x00010400, 0x00000000, 0x01010004
121 static const uint32_t sbox2[64] = {
122 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
123 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
124 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
125 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
126 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
127 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
128 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
129 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
130 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
131 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
132 0x80000000, 0x80100020, 0x80108020, 0x00108000
135 static const uint32_t sbox3[64] = {
136 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
137 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
138 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
139 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
140 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
141 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
142 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
143 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
144 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
145 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
146 0x00020208, 0x00000008, 0x08020008, 0x00020200
149 static const uint32_t sbox4[64] = {
150 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
151 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
152 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
153 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
154 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
155 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
156 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
157 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
158 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
159 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
160 0x00000080, 0x00800000, 0x00002000, 0x00802080
163 static const uint32_t sbox5[64] = {
164 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
165 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
166 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
167 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
168 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
169 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
170 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
171 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
172 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
173 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
174 0x00000000, 0x40080000, 0x02080100, 0x40000100
177 static const uint32_t sbox6[64] = {
178 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
179 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
180 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
181 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
182 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
183 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
184 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
185 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
186 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
187 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
188 0x20404000, 0x20000000, 0x00400010, 0x20004010
191 static const uint32_t sbox7[64] = {
192 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
193 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
194 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
195 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
196 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
197 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
198 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
199 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
200 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
201 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
202 0x04000002, 0x04000800, 0x00000800, 0x00200002
205 static const uint32_t sbox8[64] = {
206 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
207 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
208 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
209 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
210 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
211 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
212 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
213 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
214 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
215 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
216 0x00001040, 0x00040040, 0x10000000, 0x10041000
220 * These two tables are part of the 'permuted choice 1' function.
221 * In this implementation several speed improvements are done.
223 static const uint32_t leftkey_swap[16] = {
224 0x00000000, 0x00000001, 0x00000100, 0x00000101,
225 0x00010000, 0x00010001, 0x00010100, 0x00010101,
226 0x01000000, 0x01000001, 0x01000100, 0x01000101,
227 0x01010000, 0x01010001, 0x01010100, 0x01010101
230 static const uint32_t rightkey_swap[16] = {
231 0x00000000, 0x01000000, 0x00010000, 0x01010000,
232 0x00000100, 0x01000100, 0x00010100, 0x01010100,
233 0x00000001, 0x01000001, 0x00010001, 0x01010001,
234 0x00000101, 0x01000101, 0x00010101, 0x01010101,
238 * Numbers of left shifts per round for encryption subkeys. To
239 * calculate the decryption subkeys we just reverse the ordering of
240 * the calculated encryption subkeys, so there is no need for a
241 * decryption rotate tab.
243 static const unsigned char encrypt_rotate_tab[16] = {
244 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
248 * Table with weak DES keys sorted in ascending order. In DES there
249 * are 64 known keys which are weak. They are weak because they
250 * produce only one, two or four different subkeys in the subkey
251 * scheduling process. The keys in this table have all their parity
254 static const unsigned char weak_keys[64][8] = {
255 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */
256 {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
257 {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
258 {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
259 {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */
260 {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
261 {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
262 {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
263 {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */
264 {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
265 {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
266 {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
267 {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */
268 {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
269 {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
270 {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
271 {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
272 {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */
273 {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
274 {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
275 {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
276 {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */
277 {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
278 {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
279 {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
280 {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */
281 {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
282 {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
283 {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
284 {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */
285 {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
286 {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
287 {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
288 {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
289 {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */
290 {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
291 {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
292 {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
293 {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */
294 {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
295 {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
296 {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
297 {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */
298 {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
299 {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
300 {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
301 {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */
302 {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
303 {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
304 {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
305 {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
306 {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */
307 {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
308 {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
309 {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
310 {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */
311 {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
312 {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
313 {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
314 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */
315 {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
316 {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
317 {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
318 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */
322 gl_des_is_weak_key (const char * key)
325 int i, left, right, middle, cmp_result;
327 /* clear parity bits */
328 for (i = 0; i < 8; ++i)
329 work[i] = ((unsigned char)key[i]) & 0xfe;
331 /* binary search in the weak key table */
334 while (left <= right)
336 middle = (left + right) / 2;
338 if (!(cmp_result = memcmp (work, weak_keys[middle], 8)))
351 * Macro to swap bits across two words.
353 #define DO_PERMUTATION(a, temp, b, offset, mask) \
354 temp = ((a>>offset) ^ b) & mask; \
360 * This performs the 'initial permutation' of the data to be encrypted
361 * or decrypted. Additionally the resulting two words are rotated one bit
364 #define INITIAL_PERMUTATION(left, temp, right) \
365 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
366 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
367 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
368 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
369 right = (right << 1) | (right >> 31); \
370 temp = (left ^ right) & 0xaaaaaaaa; \
373 left = (left << 1) | (left >> 31);
376 * The 'inverse initial permutation'.
378 #define FINAL_PERMUTATION(left, temp, right) \
379 left = (left << 31) | (left >> 1); \
380 temp = (left ^ right) & 0xaaaaaaaa; \
383 right = (right << 31) | (right >> 1); \
384 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
385 DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
386 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
387 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
391 * A full DES round including 'expansion function', 'sbox substitution'
392 * and 'primitive function P' but without swapping the left and right word.
393 * Please note: The data in 'from' and 'to' is already rotated one bit to
394 * the left, done in the initial permutation.
396 #define DES_ROUND(from, to, work, subkey) \
397 work = from ^ *subkey++; \
398 to ^= sbox8[ work & 0x3f ]; \
399 to ^= sbox6[ (work>>8) & 0x3f ]; \
400 to ^= sbox4[ (work>>16) & 0x3f ]; \
401 to ^= sbox2[ (work>>24) & 0x3f ]; \
402 work = ((from << 28) | (from >> 4)) ^ *subkey++; \
403 to ^= sbox7[ work & 0x3f ]; \
404 to ^= sbox5[ (work>>8) & 0x3f ]; \
405 to ^= sbox3[ (work>>16) & 0x3f ]; \
406 to ^= sbox1[ (work>>24) & 0x3f ];
409 * Macros to convert 8 bytes from/to 32bit words.
411 #define READ_64BIT_DATA(data, left, right) \
412 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
413 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
415 #define WRITE_64BIT_DATA(data, left, right) \
416 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
417 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
418 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
419 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
422 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
423 * 16 encryption rounds.
424 * To calculate subkeys for decryption the caller
425 * have to reorder the generated subkeys.
427 * rawkey: 8 Bytes of key data
428 * subkey: Array of at least 32 uint32_ts. Will be filled
429 * with calculated subkeys.
433 des_key_schedule (const char * _rawkey, uint32_t * subkey)
435 const unsigned char *rawkey = (const unsigned char *) _rawkey;
436 uint32_t left, right, work;
439 READ_64BIT_DATA (rawkey, left, right)
440 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
441 DO_PERMUTATION (right, work, left, 0, 0x10101010)
442 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
443 | (leftkey_swap[(left >> 8) & 0xf] << 2)
444 | (leftkey_swap[(left >> 16) & 0xf] << 1)
445 | (leftkey_swap[(left >> 24) & 0xf])
446 | (leftkey_swap[(left >> 5) & 0xf] << 7)
447 | (leftkey_swap[(left >> 13) & 0xf] << 6)
448 | (leftkey_swap[(left >> 21) & 0xf] << 5)
449 | (leftkey_swap[(left >> 29) & 0xf] << 4));
453 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
454 | (rightkey_swap[(right >> 9) & 0xf] << 2)
455 | (rightkey_swap[(right >> 17) & 0xf] << 1)
456 | (rightkey_swap[(right >> 25) & 0xf])
457 | (rightkey_swap[(right >> 4) & 0xf] << 7)
458 | (rightkey_swap[(right >> 12) & 0xf] << 6)
459 | (rightkey_swap[(right >> 20) & 0xf] << 5)
460 | (rightkey_swap[(right >> 28) & 0xf] << 4));
464 for (round = 0; round < 16; ++round)
466 left = ((left << encrypt_rotate_tab[round])
467 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
468 right = ((right << encrypt_rotate_tab[round])
469 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
471 *subkey++ = (((left << 4) & 0x24000000)
472 | ((left << 28) & 0x10000000)
473 | ((left << 14) & 0x08000000)
474 | ((left << 18) & 0x02080000)
475 | ((left << 6) & 0x01000000)
476 | ((left << 9) & 0x00200000)
477 | ((left >> 1) & 0x00100000)
478 | ((left << 10) & 0x00040000)
479 | ((left << 2) & 0x00020000)
480 | ((left >> 10) & 0x00010000)
481 | ((right >> 13) & 0x00002000)
482 | ((right >> 4) & 0x00001000)
483 | ((right << 6) & 0x00000800)
484 | ((right >> 1) & 0x00000400)
485 | ((right >> 14) & 0x00000200)
486 | (right & 0x00000100)
487 | ((right >> 5) & 0x00000020)
488 | ((right >> 10) & 0x00000010)
489 | ((right >> 3) & 0x00000008)
490 | ((right >> 18) & 0x00000004)
491 | ((right >> 26) & 0x00000002)
492 | ((right >> 24) & 0x00000001));
494 *subkey++ = (((left << 15) & 0x20000000)
495 | ((left << 17) & 0x10000000)
496 | ((left << 10) & 0x08000000)
497 | ((left << 22) & 0x04000000)
498 | ((left >> 2) & 0x02000000)
499 | ((left << 1) & 0x01000000)
500 | ((left << 16) & 0x00200000)
501 | ((left << 11) & 0x00100000)
502 | ((left << 3) & 0x00080000)
503 | ((left >> 6) & 0x00040000)
504 | ((left << 15) & 0x00020000)
505 | ((left >> 4) & 0x00010000)
506 | ((right >> 2) & 0x00002000)
507 | ((right << 8) & 0x00001000)
508 | ((right >> 14) & 0x00000808)
509 | ((right >> 9) & 0x00000400)
510 | ((right) & 0x00000200)
511 | ((right << 7) & 0x00000100)
512 | ((right >> 7) & 0x00000020)
513 | ((right >> 3) & 0x00000011)
514 | ((right << 2) & 0x00000004)
515 | ((right >> 21) & 0x00000002));
520 gl_des_setkey (gl_des_ctx *ctx, const char * key)
524 des_key_schedule (key, ctx->encrypt_subkeys);
526 for (i = 0; i < 32; i += 2)
528 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
529 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
534 gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen)
539 gl_des_setkey (ctx, key);
541 return !gl_des_is_weak_key (key);
545 gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode)
547 const unsigned char *from = (const unsigned char *) _from;
548 unsigned char *to = (unsigned char *) _to;
549 uint32_t left, right, work;
552 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
554 READ_64BIT_DATA (from, left, right)
555 INITIAL_PERMUTATION (left, work, right)
556 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
557 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
558 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
559 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
560 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
561 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
562 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
563 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
564 FINAL_PERMUTATION (right, work, left)
565 WRITE_64BIT_DATA (to, right, left)
569 gl_3des_set2keys (gl_3des_ctx *ctx, const char * key1, const char * key2)
573 des_key_schedule (key1, ctx->encrypt_subkeys);
574 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
576 for (i = 0; i < 32; i += 2)
578 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
579 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
581 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
582 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
584 ctx->encrypt_subkeys[i + 64] = ctx->encrypt_subkeys[i];
585 ctx->encrypt_subkeys[i + 65] = ctx->encrypt_subkeys[i + 1];
587 ctx->decrypt_subkeys[i + 64] = ctx->decrypt_subkeys[i];
588 ctx->decrypt_subkeys[i + 65] = ctx->decrypt_subkeys[i + 1];
593 gl_3des_set3keys (gl_3des_ctx *ctx, const char * key1,
594 const char * key2, const char * key3)
598 des_key_schedule (key1, ctx->encrypt_subkeys);
599 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
600 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
602 for (i = 0; i < 32; i += 2)
604 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94 - i];
605 ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[95 - i];
607 ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
608 ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
610 ctx->decrypt_subkeys[i + 64] = ctx->encrypt_subkeys[30 - i];
611 ctx->decrypt_subkeys[i + 65] = ctx->encrypt_subkeys[31 - i];
616 gl_3des_ecb_crypt (gl_3des_ctx *ctx,
618 char * _to, int mode)
620 const unsigned char *from = (const unsigned char *) _from;
621 unsigned char *to = (unsigned char *) _to;
622 uint32_t left, right, work;
625 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
627 READ_64BIT_DATA (from, left, right)
628 INITIAL_PERMUTATION (left, work, right)
629 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
636 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
637 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
638 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
639 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
640 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
641 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
642 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
643 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
644 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
645 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
646 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
647 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
648 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
649 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
650 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
651 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
652 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
653 FINAL_PERMUTATION (right, work, left)
654 WRITE_64BIT_DATA (to, right, left)
658 gl_3des_makekey (gl_3des_ctx *ctx, const char * key, size_t keylen)
663 gl_3des_set3keys (ctx, key, key + 8, key + 16);
665 return !(gl_des_is_weak_key (key)
666 || gl_des_is_weak_key (key + 8)
667 || gl_des_is_weak_key (key + 16));