root/maint/gnulib/lib/des.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. gl_des_is_weak_key
  2. des_key_schedule
  3. gl_des_setkey
  4. gl_des_makekey
  5. gl_des_ecb_crypt
  6. gl_3des_set2keys
  7. gl_3des_set3keys
  8. gl_3des_ecb_crypt
  9. gl_3des_makekey

   1 /* des.c --- DES and Triple-DES encryption/decryption Algorithm
   2  * Copyright (C) 1998-1999, 2001-2007, 2009-2021 Free Software Foundation, Inc.
   3  *
   4  * This file is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Lesser General Public License as
   6  * published by the Free Software Foundation; either version 2.1 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This file is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public License
  15  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16  *
  17  */
  18 
  19 /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
  20 
  21 /*
  22  * For a description of triple encryption, see:
  23  *   Bruce Schneier: Applied Cryptography. Second Edition.
  24  *   John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
  25  * This implementation is according to the definition of DES in FIPS
  26  * PUB 46-2 from December 1993.
  27  *
  28  * Written by Michael Roth <mroth@nessie.de>, September 1998
  29  */
  30 
  31 /*
  32  *  U S A G E
  33  * ===========
  34  *
  35  * For DES or Triple-DES encryption/decryption you must initialize a proper
  36  * encryption context with a key.
  37  *
  38  * A DES key is 64bit wide but only 56bits of the key are used. The remaining
  39  * bits are parity bits and they will _not_ checked in this implementation, but
  40  * simply ignored.
  41  *
  42  * For Triple-DES you could use either two 64bit keys or three 64bit keys.
  43  * The parity bits will _not_ checked, too.
  44  *
  45  * After initializing a context with a key you could use this context to
  46  * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
  47  *
  48  * DES Example
  49  * -----------
  50  *     unsigned char key[8];
  51  *     unsigned char plaintext[8];
  52  *     unsigned char ciphertext[8];
  53  *     unsigned char recoverd[8];
  54  *     gl_des_ctx context;
  55  *
  56  *     // Fill 'key' and 'plaintext' with some data
  57  *     ....
  58  *
  59  *     // Set up the DES encryption context
  60  *     gl_des_setkey(&context, key);
  61  *
  62  *     // Encrypt the plaintext
  63  *     des_ecb_encrypt(&context, plaintext, ciphertext);
  64  *
  65  *     // To recover the original plaintext from ciphertext use:
  66  *     des_ecb_decrypt(&context, ciphertext, recoverd);
  67  *
  68  *
  69  * Triple-DES Example
  70  * ------------------
  71  *     unsigned char key1[8];
  72  *     unsigned char key2[8];
  73  *     unsigned char key3[8];
  74  *     unsigned char plaintext[8];
  75  *     unsigned char ciphertext[8];
  76  *     unsigned char recoverd[8];
  77  *     gl_3des_ctx context;
  78  *
  79  *     // If you would like to use two 64bit keys, fill 'key1' and'key2'
  80  *     // then setup the encryption context:
  81  *     gl_3des_set2keys(&context, key1, key2);
  82  *
  83  *     // To use three 64bit keys with Triple-DES use:
  84  *     gl_3des_set3keys(&context, key1, key2, key3);
  85  *
  86  *     // Encrypting plaintext with Triple-DES
  87  *     gl_3des_ecb_encrypt(&context, plaintext, ciphertext);
  88  *
  89  *     // Decrypting ciphertext to recover the plaintext with Triple-DES
  90  *     gl_3des_ecb_decrypt(&context, ciphertext, recoverd);
  91  */
  92 
  93 
  94 #include <config.h>
  95 
  96 #include "des.h"
  97 
  98 #include <stdio.h>
  99 #include <string.h>             /* memcpy, memcmp */
 100 
 101 /*
 102  * The s-box values are permuted according to the 'primitive function P'
 103  * and are rotated one bit to the left.
 104  */
 105 static const uint32_t sbox1[64] = {
 106   0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
 107   0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
 108   0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
 109   0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
 110   0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
 111   0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
 112   0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
 113   0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
 114   0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
 115   0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
 116   0x00010004, 0x00010400, 0x00000000, 0x01010004
 117 };
 118 
 119 static const uint32_t sbox2[64] = {
 120   0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
 121   0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
 122   0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
 123   0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
 124   0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
 125   0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
 126   0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
 127   0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
 128   0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
 129   0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
 130   0x80000000, 0x80100020, 0x80108020, 0x00108000
 131 };
 132 
 133 static const uint32_t sbox3[64] = {
 134   0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
 135   0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
 136   0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
 137   0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
 138   0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
 139   0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
 140   0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
 141   0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
 142   0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
 143   0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
 144   0x00020208, 0x00000008, 0x08020008, 0x00020200
 145 };
 146 
 147 static const uint32_t sbox4[64] = {
 148   0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
 149   0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
 150   0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
 151   0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
 152   0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
 153   0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
 154   0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
 155   0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
 156   0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
 157   0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
 158   0x00000080, 0x00800000, 0x00002000, 0x00802080
 159 };
 160 
 161 static const uint32_t sbox5[64] = {
 162   0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
 163   0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
 164   0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
 165   0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
 166   0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
 167   0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
 168   0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
 169   0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
 170   0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
 171   0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
 172   0x00000000, 0x40080000, 0x02080100, 0x40000100
 173 };
 174 
 175 static const uint32_t sbox6[64] = {
 176   0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
 177   0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
 178   0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
 179   0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
 180   0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
 181   0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
 182   0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
 183   0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
 184   0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
 185   0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
 186   0x20404000, 0x20000000, 0x00400010, 0x20004010
 187 };
 188 
 189 static const uint32_t sbox7[64] = {
 190   0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
 191   0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
 192   0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
 193   0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
 194   0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
 195   0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
 196   0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
 197   0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
 198   0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
 199   0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
 200   0x04000002, 0x04000800, 0x00000800, 0x00200002
 201 };
 202 
 203 static const uint32_t sbox8[64] = {
 204   0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
 205   0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
 206   0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
 207   0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
 208   0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
 209   0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
 210   0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
 211   0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
 212   0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
 213   0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
 214   0x00001040, 0x00040040, 0x10000000, 0x10041000
 215 };
 216 
 217 /*
 218  * These two tables are part of the 'permuted choice 1' function.
 219  * In this implementation several speed improvements are done.
 220  */
 221 static const uint32_t leftkey_swap[16] = {
 222   0x00000000, 0x00000001, 0x00000100, 0x00000101,
 223   0x00010000, 0x00010001, 0x00010100, 0x00010101,
 224   0x01000000, 0x01000001, 0x01000100, 0x01000101,
 225   0x01010000, 0x01010001, 0x01010100, 0x01010101
 226 };
 227 
 228 static const uint32_t rightkey_swap[16] = {
 229   0x00000000, 0x01000000, 0x00010000, 0x01010000,
 230   0x00000100, 0x01000100, 0x00010100, 0x01010100,
 231   0x00000001, 0x01000001, 0x00010001, 0x01010001,
 232   0x00000101, 0x01000101, 0x00010101, 0x01010101,
 233 };
 234 
 235 /*
 236  * Numbers of left shifts per round for encryption subkeys.  To
 237  * calculate the decryption subkeys we just reverse the ordering of
 238  * the calculated encryption subkeys, so there is no need for a
 239  * decryption rotate tab.
 240  */
 241 static const unsigned char encrypt_rotate_tab[16] = {
 242   1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
 243 };
 244 
 245 /*
 246  * Table with weak DES keys sorted in ascending order.  In DES there
 247  * are 64 known keys which are weak. They are weak because they
 248  * produce only one, two or four different subkeys in the subkey
 249  * scheduling process.  The keys in this table have all their parity
 250  * bits cleared.
 251  */
 252 static const unsigned char weak_keys[64][8] = {
 253   {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},     /*w */
 254   {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
 255   {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
 256   {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
 257   {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e},     /*sw */
 258   {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
 259   {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
 260   {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
 261   {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0},     /*sw */
 262   {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
 263   {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
 264   {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
 265   {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe},     /*sw */
 266   {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
 267   {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
 268   {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
 269   {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
 270   {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00},     /*sw */
 271   {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
 272   {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
 273   {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
 274   {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e},     /*w */
 275   {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
 276   {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
 277   {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
 278   {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0},     /*sw */
 279   {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
 280   {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
 281   {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
 282   {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe},     /*sw */
 283   {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
 284   {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
 285   {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
 286   {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
 287   {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00},     /*sw */
 288   {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
 289   {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
 290   {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
 291   {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e},     /*sw */
 292   {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
 293   {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
 294   {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
 295   {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0},     /*w */
 296   {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
 297   {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
 298   {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
 299   {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe},     /*sw */
 300   {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
 301   {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
 302   {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
 303   {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
 304   {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00},     /*sw */
 305   {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
 306   {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
 307   {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
 308   {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e},     /*sw */
 309   {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
 310   {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
 311   {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
 312   {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0},     /*sw */
 313   {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
 314   {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
 315   {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
 316   {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe}      /*w */
 317 };
 318 
 319 bool
 320 gl_des_is_weak_key (const char * key)
     /* [previous][next][first][last][top][bottom][index][help] */
 321 {
 322   char work[8];
 323   int i, left, right, middle, cmp_result;
 324 
 325   /* clear parity bits */
 326   for (i = 0; i < 8; ++i)
 327     work[i] = ((unsigned char)key[i]) & 0xfe;
 328 
 329   /* binary search in the weak key table */
 330   left = 0;
 331   right = 63;
 332   while (left <= right)
 333     {
 334       middle = (left + right) / 2;
 335 
 336       if (!(cmp_result = memcmp (work, weak_keys[middle], 8)))
 337         return -1;
 338 
 339       if (cmp_result > 0)
 340         left = middle + 1;
 341       else
 342         right = middle - 1;
 343     }
 344 
 345   return 0;
 346 }
 347 
 348 /*
 349  * Macro to swap bits across two words.
 350  */
 351 #define DO_PERMUTATION(a, temp, b, offset, mask)        \
 352     temp = ((a>>offset) ^ b) & mask;                    \
 353     b ^= temp;                                          \
 354     a ^= temp<<offset;
 355 
 356 
 357 /*
 358  * This performs the 'initial permutation' of the data to be encrypted
 359  * or decrypted. Additionally the resulting two words are rotated one bit
 360  * to the left.
 361  */
 362 #define INITIAL_PERMUTATION(left, temp, right)          \
 363     DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)    \
 364     DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
 365     DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
 366     DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
 367     right =  (right << 1) | (right >> 31);              \
 368     temp  =  (left ^ right) & 0xaaaaaaaa;               \
 369     right ^= temp;                                      \
 370     left  ^= temp;                                      \
 371     left  =  (left << 1) | (left >> 31);
 372 
 373 /*
 374  * The 'inverse initial permutation'.
 375  */
 376 #define FINAL_PERMUTATION(left, temp, right)            \
 377     left  =  (left << 31) | (left >> 1);                \
 378     temp  =  (left ^ right) & 0xaaaaaaaa;               \
 379     left  ^= temp;                                      \
 380     right ^= temp;                                      \
 381     right  =  (right << 31) | (right >> 1);             \
 382     DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
 383     DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
 384     DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
 385     DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
 386 
 387 
 388 /*
 389  * A full DES round including 'expansion function', 'sbox substitution'
 390  * and 'primitive function P' but without swapping the left and right word.
 391  * Please note: The data in 'from' and 'to' is already rotated one bit to
 392  * the left, done in the initial permutation.
 393  */
 394 #define DES_ROUND(from, to, work, subkey)               \
 395     work = from ^ *subkey++;                            \
 396     to ^= sbox8[  work      & 0x3f ];                   \
 397     to ^= sbox6[ (work>>8)  & 0x3f ];                   \
 398     to ^= sbox4[ (work>>16) & 0x3f ];                   \
 399     to ^= sbox2[ (work>>24) & 0x3f ];                   \
 400     work = ((from << 28) | (from >> 4)) ^ *subkey++;    \
 401     to ^= sbox7[  work      & 0x3f ];                   \
 402     to ^= sbox5[ (work>>8)  & 0x3f ];                   \
 403     to ^= sbox3[ (work>>16) & 0x3f ];                   \
 404     to ^= sbox1[ (work>>24) & 0x3f ];
 405 
 406 /*
 407  * Macros to convert 8 bytes from/to 32bit words.
 408  */
 409 #define READ_64BIT_DATA(data, left, right)                                 \
 410     left  = ((uint32_t) data[0] << 24)                                     \
 411             | ((uint32_t) data[1] << 16)                                   \
 412             | ((uint32_t) data[2] << 8)                                    \
 413             | (uint32_t) data[3];                                          \
 414     right = ((uint32_t) data[4] << 24)                                     \
 415             | ((uint32_t) data[5] << 16)                                   \
 416             | ((uint32_t) data[6] << 8)                                    \
 417             | (uint32_t) data[7];
 418 
 419 #define WRITE_64BIT_DATA(data, left, right)                                \
 420     data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff;            \
 421     data[2] = (left >> 8) &0xff; data[3] = left &0xff;                     \
 422     data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;          \
 423     data[6] = (right >> 8) &0xff; data[7] = right &0xff;
 424 
 425 /*
 426  * des_key_schedule():    Calculate 16 subkeys pairs (even/odd) for
 427  *                        16 encryption rounds.
 428  *                        To calculate subkeys for decryption the caller
 429  *                        have to reorder the generated subkeys.
 430  *
 431  *    rawkey:       8 Bytes of key data
 432  *    subkey:       Array of at least 32 uint32_ts. Will be filled
 433  *                  with calculated subkeys.
 434  *
 435  */
 436 static void
 437 des_key_schedule (const char * _rawkey, uint32_t * subkey)
     /* [previous][next][first][last][top][bottom][index][help] */
 438 {
 439   const unsigned char *rawkey = (const unsigned char *) _rawkey;
 440   uint32_t left, right, work;
 441   int round;
 442 
 443   READ_64BIT_DATA (rawkey, left, right)
 444     DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
 445     DO_PERMUTATION (right, work, left, 0, 0x10101010)
 446     left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
 447             | (leftkey_swap[(left >> 8) & 0xf] << 2)
 448             | (leftkey_swap[(left >> 16) & 0xf] << 1)
 449             | (leftkey_swap[(left >> 24) & 0xf])
 450             | (leftkey_swap[(left >> 5) & 0xf] << 7)
 451             | (leftkey_swap[(left >> 13) & 0xf] << 6)
 452             | (leftkey_swap[(left >> 21) & 0xf] << 5)
 453             | (leftkey_swap[(left >> 29) & 0xf] << 4));
 454 
 455   left &= 0x0fffffff;
 456 
 457   right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
 458            | (rightkey_swap[(right >> 9) & 0xf] << 2)
 459            | (rightkey_swap[(right >> 17) & 0xf] << 1)
 460            | (rightkey_swap[(right >> 25) & 0xf])
 461            | (rightkey_swap[(right >> 4) & 0xf] << 7)
 462            | (rightkey_swap[(right >> 12) & 0xf] << 6)
 463            | (rightkey_swap[(right >> 20) & 0xf] << 5)
 464            | (rightkey_swap[(right >> 28) & 0xf] << 4));
 465 
 466   right &= 0x0fffffff;
 467 
 468   for (round = 0; round < 16; ++round)
 469     {
 470       left = ((left << encrypt_rotate_tab[round])
 471               | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
 472       right = ((right << encrypt_rotate_tab[round])
 473                | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
 474 
 475       *subkey++ = (((left << 4) & 0x24000000)
 476                    | ((left << 28) & 0x10000000)
 477                    | ((left << 14) & 0x08000000)
 478                    | ((left << 18) & 0x02080000)
 479                    | ((left << 6) & 0x01000000)
 480                    | ((left << 9) & 0x00200000)
 481                    | ((left >> 1) & 0x00100000)
 482                    | ((left << 10) & 0x00040000)
 483                    | ((left << 2) & 0x00020000)
 484                    | ((left >> 10) & 0x00010000)
 485                    | ((right >> 13) & 0x00002000)
 486                    | ((right >> 4) & 0x00001000)
 487                    | ((right << 6) & 0x00000800)
 488                    | ((right >> 1) & 0x00000400)
 489                    | ((right >> 14) & 0x00000200)
 490                    | (right & 0x00000100)
 491                    | ((right >> 5) & 0x00000020)
 492                    | ((right >> 10) & 0x00000010)
 493                    | ((right >> 3) & 0x00000008)
 494                    | ((right >> 18) & 0x00000004)
 495                    | ((right >> 26) & 0x00000002)
 496                    | ((right >> 24) & 0x00000001));
 497 
 498       *subkey++ = (((left << 15) & 0x20000000)
 499                    | ((left << 17) & 0x10000000)
 500                    | ((left << 10) & 0x08000000)
 501                    | ((left << 22) & 0x04000000)
 502                    | ((left >> 2) & 0x02000000)
 503                    | ((left << 1) & 0x01000000)
 504                    | ((left << 16) & 0x00200000)
 505                    | ((left << 11) & 0x00100000)
 506                    | ((left << 3) & 0x00080000)
 507                    | ((left >> 6) & 0x00040000)
 508                    | ((left << 15) & 0x00020000)
 509                    | ((left >> 4) & 0x00010000)
 510                    | ((right >> 2) & 0x00002000)
 511                    | ((right << 8) & 0x00001000)
 512                    | ((right >> 14) & 0x00000808)
 513                    | ((right >> 9) & 0x00000400)
 514                    | ((right) & 0x00000200)
 515                    | ((right << 7) & 0x00000100)
 516                    | ((right >> 7) & 0x00000020)
 517                    | ((right >> 3) & 0x00000011)
 518                    | ((right << 2) & 0x00000004)
 519                    | ((right >> 21) & 0x00000002));
 520     }
 521 }
 522 
 523 void
 524 gl_des_setkey (gl_des_ctx *ctx, const char * key)
     /* [previous][next][first][last][top][bottom][index][help] */
 525 {
 526   int i;
 527 
 528   des_key_schedule (key, ctx->encrypt_subkeys);
 529 
 530   for (i = 0; i < 32; i += 2)
 531     {
 532       ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
 533       ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
 534     }
 535 }
 536 
 537 bool
 538 gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen)
     /* [previous][next][first][last][top][bottom][index][help] */
 539 {
 540   if (keylen != 8)
 541     return false;
 542 
 543   gl_des_setkey (ctx, key);
 544 
 545   return !gl_des_is_weak_key (key);
 546 }
 547 
 548 void
 549 gl_des_ecb_crypt (gl_des_ctx *ctx, const char * _from, char * _to, int mode)
     /* [previous][next][first][last][top][bottom][index][help] */
 550 {
 551   const unsigned char *from = (const unsigned char *) _from;
 552   unsigned char *to = (unsigned char *) _to;
 553   uint32_t left, right, work;
 554   uint32_t *keys;
 555 
 556   keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
 557 
 558   READ_64BIT_DATA (from, left, right)
 559     INITIAL_PERMUTATION (left, work, right)
 560     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 561     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 562     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 563     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 564     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 565     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 566     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 567     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 568     FINAL_PERMUTATION (right, work, left)
 569     WRITE_64BIT_DATA (to, right, left)
 570 }
 571 
 572 void
 573 gl_3des_set2keys (gl_3des_ctx *ctx, const char * key1, const char * key2)
     /* [previous][next][first][last][top][bottom][index][help] */
 574 {
 575   int i;
 576 
 577   des_key_schedule (key1, ctx->encrypt_subkeys);
 578   des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
 579 
 580   for (i = 0; i < 32; i += 2)
 581     {
 582       ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
 583       ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
 584 
 585       ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
 586       ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
 587 
 588       ctx->encrypt_subkeys[i + 64] = ctx->encrypt_subkeys[i];
 589       ctx->encrypt_subkeys[i + 65] = ctx->encrypt_subkeys[i + 1];
 590 
 591       ctx->decrypt_subkeys[i + 64] = ctx->decrypt_subkeys[i];
 592       ctx->decrypt_subkeys[i + 65] = ctx->decrypt_subkeys[i + 1];
 593     }
 594 }
 595 
 596 void
 597 gl_3des_set3keys (gl_3des_ctx *ctx, const char * key1,
     /* [previous][next][first][last][top][bottom][index][help] */
 598                     const char * key2, const char * key3)
 599 {
 600   int i;
 601 
 602   des_key_schedule (key1, ctx->encrypt_subkeys);
 603   des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
 604   des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
 605 
 606   for (i = 0; i < 32; i += 2)
 607     {
 608       ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94 - i];
 609       ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[95 - i];
 610 
 611       ctx->encrypt_subkeys[i + 32] = ctx->decrypt_subkeys[62 - i];
 612       ctx->encrypt_subkeys[i + 33] = ctx->decrypt_subkeys[63 - i];
 613 
 614       ctx->decrypt_subkeys[i + 64] = ctx->encrypt_subkeys[30 - i];
 615       ctx->decrypt_subkeys[i + 65] = ctx->encrypt_subkeys[31 - i];
 616     }
 617 }
 618 
 619 void
 620 gl_3des_ecb_crypt (gl_3des_ctx *ctx,
     /* [previous][next][first][last][top][bottom][index][help] */
 621                    const char * _from,
 622                    char * _to, int mode)
 623 {
 624   const unsigned char *from = (const unsigned char *) _from;
 625   unsigned char *to = (unsigned char *) _to;
 626   uint32_t left, right, work;
 627   uint32_t *keys;
 628 
 629   keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
 630 
 631   READ_64BIT_DATA (from, left, right)
 632     INITIAL_PERMUTATION (left, work, right)
 633     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 634     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 635     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 636     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 637     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 638     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 639     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 640     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 641     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 642     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 643     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 644     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 645     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 646     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 647     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 648     DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
 649     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 650     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 651     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 652     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 653     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 654     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 655     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 656     DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
 657     FINAL_PERMUTATION (right, work, left)
 658     WRITE_64BIT_DATA (to, right, left)
 659 }
 660 
 661 bool
 662 gl_3des_makekey (gl_3des_ctx *ctx, const char * key, size_t keylen)
     /* [previous][next][first][last][top][bottom][index][help] */
 663 {
 664   if (keylen != 24)
 665     return false;
 666 
 667   gl_3des_set3keys (ctx, key, key + 8, key + 16);
 668 
 669   return !(gl_des_is_weak_key (key)
 670            || gl_des_is_weak_key (key + 8)
 671            || gl_des_is_weak_key (key + 16));
 672 }

/* [previous][next][first][last][top][bottom][index][help] */