source: grub-pc/trunk/fuentes/grub-core/lib/libgcrypt-grub/cipher/des.c @ 22

Last change on this file since 22 was 22, checked in by mabarracus, 4 years ago

updated version and apply net.ifnames=0 into debian/rules

File size: 32.1 KB
Line 
1/* This file was automatically imported with
2   import_gcry.py. Please don't modify it */
3#include <grub/dl.h>
4GRUB_MOD_LICENSE ("GPLv3+");
5/* des.c - DES and Triple-DES encryption/decryption Algorithm
6 * Copyright (C) 1998, 1999, 2001, 2002, 2003,
7 *               2008  Free Software Foundation, Inc.
8 *
9 * This file is part of Libgcrypt.
10 *
11 * Libgcrypt is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser general Public License as
13 * published by the Free Software Foundation; either version 2.1 of
14 * the License, or (at your option) any later version.
15 *
16 * Libgcrypt is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19 * GNU Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
24 *
25 * For a description of triple encryption, see:
26 *   Bruce Schneier: Applied Cryptography. Second Edition.
27 *   John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
28 * This implementation is according to the definition of DES in FIPS
29 * PUB 46-2 from December 1993.
30 */
31
32
33/*
34 * Written by Michael Roth <mroth@nessie.de>, September 1998
35 */
36
37
38/*
39 *  U S A G E
40 * ===========
41 *
42 * For DES or Triple-DES encryption/decryption you must initialize a proper
43 * encryption context with a key.
44 *
45 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
46 * bits are parity bits and they will _not_ checked in this implementation, but
47 * simply ignored.
48 *
49 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
50 * The parity bits will _not_ checked, too.
51 *
52 * After initializing a context with a key you could use this context to
53 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
54 *
55 * (In the examples below the slashes at the beginning and ending of comments
56 * are omited.)
57 *
58 * DES Example
59 * -----------
60 *     unsigned char key[8];
61 *     unsigned char plaintext[8];
62 *     unsigned char ciphertext[8];
63 *     unsigned char recoverd[8];
64 *     des_ctx context;
65 *
66 *     * Fill 'key' and 'plaintext' with some data *
67 *     ....
68 *
69 *     * Set up the DES encryption context *
70 *     des_setkey(context, key);
71 *
72 *     * Encrypt the plaintext *
73 *     des_ecb_encrypt(context, plaintext, ciphertext);
74 *
75 *     * To recover the orginal plaintext from ciphertext use: *
76 *     des_ecb_decrypt(context, ciphertext, recoverd);
77 *
78 *
79 * Triple-DES Example
80 * ------------------
81 *     unsigned char key1[8];
82 *     unsigned char key2[8];
83 *     unsigned char key3[8];
84 *     unsigned char plaintext[8];
85 *     unsigned char ciphertext[8];
86 *     unsigned char recoverd[8];
87 *     tripledes_ctx context;
88 *
89 *     * If you would like to use two 64bit keys, fill 'key1' and'key2'
90 *       then setup the encryption context: *
91 *     tripledes_set2keys(context, key1, key2);
92 *
93 *     * To use three 64bit keys with Triple-DES use: *
94 *     tripledes_set3keys(context, key1, key2, key3);
95 *
96 *     * Encrypting plaintext with Triple-DES *
97 *     tripledes_ecb_encrypt(context, plaintext, ciphertext);
98 *
99 *     * Decrypting ciphertext to recover the plaintext with Triple-DES *
100 *     tripledes_ecb_decrypt(context, ciphertext, recoverd);
101 *
102 *
103 * Selftest
104 * --------
105 *     char *error_msg;
106 *
107 *     * To perform a selftest of this DES/Triple-DES implementation use the
108 *       function selftest(). It will return an error string if there are
109 *       some problems with this library. *
110 *
111 *     if ( (error_msg = selftest()) )
112 *     {
113 *         fprintf(stderr, "An error in the DES/Triple-DES implementation occurred: %s\n", error_msg);
114 *         abort();
115 *     }
116 */
117
118
119#include "types.h"             /* for byte and u32 typedefs */
120#include "g10lib.h"
121#include "cipher.h"
122
123#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
124#define working_memcmp memcmp
125#else
126/*
127 * According to the SunOS man page, memcmp returns indeterminate sign
128 * depending on whether characters are signed or not.
129 */
130static int
131working_memcmp( const char *a, const char *b, size_t n )
132{
133    for( ; n; n--, a++, b++ )
134        if( *a != *b )
135            return (int)(*(byte*)a) - (int)(*(byte*)b);
136    return 0;
137}
138#endif
139
140/*
141 * Encryption/Decryption context of DES
142 */
143typedef struct _des_ctx
144  {
145    u32 encrypt_subkeys[32];
146    u32 decrypt_subkeys[32];
147  }
148des_ctx[1];
149
150/*
151 * Encryption/Decryption context of Triple-DES
152 */
153typedef struct _tripledes_ctx
154  {
155    u32 encrypt_subkeys[96];
156    u32 decrypt_subkeys[96];
157    struct {
158      int no_weak_key;
159    } flags;
160  }
161tripledes_ctx[1];
162
163static void des_key_schedule (const byte *, u32 *);
164static int des_setkey (struct _des_ctx *, const byte *);
165static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
166static int tripledes_ecb_crypt (struct _tripledes_ctx *,
167                                const byte *, byte *, int);
168static int is_weak_key ( const byte *key );
169
170static int initialized;
171
172
173
174
175/*
176 * The s-box values are permuted according to the 'primitive function P'
177 * and are rotated one bit to the left.
178 */
179static u32 sbox1[64] =
180{
181  0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
182  0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
183  0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
184  0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
185  0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
186  0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
187  0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
188  0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
189};
190
191static u32 sbox2[64] =
192{
193  0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
194  0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
195  0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
196  0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
197  0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
198  0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
199  0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
200  0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
201};
202
203static u32 sbox3[64] =
204{
205  0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
206  0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
207  0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
208  0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
209  0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
210  0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
211  0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
212  0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
213};
214
215static u32 sbox4[64] =
216{
217  0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
218  0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
219  0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
220  0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
221  0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
222  0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
223  0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
224  0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
225};
226
227static u32 sbox5[64] =
228{
229  0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
230  0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
231  0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
232  0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
233  0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
234  0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
235  0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
236  0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
237};
238
239static u32 sbox6[64] =
240{
241  0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
242  0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
243  0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
244  0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
245  0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
246  0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
247  0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
248  0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
249};
250
251static u32 sbox7[64] =
252{
253  0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
254  0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
255  0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
256  0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
257  0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
258  0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
259  0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
260  0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
261};
262
263static u32 sbox8[64] =
264{
265  0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
266  0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
267  0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
268  0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
269  0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
270  0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
271  0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
272  0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
273};
274
275
276/*
277 * These two tables are part of the 'permuted choice 1' function.
278 * In this implementation several speed improvements are done.
279 */
280static u32 leftkey_swap[16] =
281{
282  0x00000000, 0x00000001, 0x00000100, 0x00000101,
283  0x00010000, 0x00010001, 0x00010100, 0x00010101,
284  0x01000000, 0x01000001, 0x01000100, 0x01000101,
285  0x01010000, 0x01010001, 0x01010100, 0x01010101
286};
287
288static u32 rightkey_swap[16] =
289{
290  0x00000000, 0x01000000, 0x00010000, 0x01010000,
291  0x00000100, 0x01000100, 0x00010100, 0x01010100,
292  0x00000001, 0x01000001, 0x00010001, 0x01010001,
293  0x00000101, 0x01000101, 0x00010101, 0x01010101,
294};
295
296
297
298/*
299 * Numbers of left shifts per round for encryption subkeys.
300 * To calculate the decryption subkeys we just reverse the
301 * ordering of the calculated encryption subkeys. So their
302 * is no need for a decryption rotate tab.
303 */
304static byte encrypt_rotate_tab[16] =
305{
306  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
307};
308
309
310
311/*
312 * Table with weak DES keys sorted in ascending order.
313 * In DES their are 64 known keys which are weak. They are weak
314 * because they produce only one, two or four different
315 * subkeys in the subkey scheduling process.
316 * The keys in this table have all their parity bits cleared.
317 */
318static byte weak_keys[64][8] =
319{
320  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
321  { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
322  { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
323  { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
324  { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
325  { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
326  { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
327  { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
328  { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
329  { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
330  { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
331  { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
332  { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
333  { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
334  { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
335  { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
336  { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
337  { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
338  { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
339  { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
340  { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
341  { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
342  { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
343  { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
344  { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
345  { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
346  { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
347  { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
348  { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
349  { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
350  { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
351  { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
352  { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
353  { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
354  { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
355  { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
356  { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
357  { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
358  { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
359  { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
360  { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
361  { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
362  { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
363  { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
364  { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
365  { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
366  { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
367  { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
368  { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
369  { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
370  { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
371  { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
372  { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
373  { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
374  { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
375  { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
376  { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
377  { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
378  { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
379  { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
380  { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
381  { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
382  { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
383  { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }  /*w*/
384};
385
386
387
388/*
389 * Macro to swap bits across two words.
390 */
391#define DO_PERMUTATION(a, temp, b, offset, mask)        \
392    temp = ((a>>offset) ^ b) & mask;                    \
393    b ^= temp;                                          \
394    a ^= temp<<offset;
395
396
397/*
398 * This performs the 'initial permutation' of the data to be encrypted
399 * or decrypted. Additionally the resulting two words are rotated one bit
400 * to the left.
401 */
402#define INITIAL_PERMUTATION(left, temp, right)          \
403    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)    \
404    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
405    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
406    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
407    right =  (right << 1) | (right >> 31);              \
408    temp  =  (left ^ right) & 0xaaaaaaaa;               \
409    right ^= temp;                                      \
410    left  ^= temp;                                      \
411    left  =  (left << 1) | (left >> 31);
412
413/*
414 * The 'inverse initial permutation'.
415 */
416#define FINAL_PERMUTATION(left, temp, right)            \
417    left  =  (left << 31) | (left >> 1);                \
418    temp  =  (left ^ right) & 0xaaaaaaaa;               \
419    left  ^= temp;                                      \
420    right ^= temp;                                      \
421    right  =  (right << 31) | (right >> 1);             \
422    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
423    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
424    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
425    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
426
427
428/*
429 * A full DES round including 'expansion function', 'sbox substitution'
430 * and 'primitive function P' but without swapping the left and right word.
431 * Please note: The data in 'from' and 'to' is already rotated one bit to
432 * the left, done in the initial permutation.
433 */
434#define DES_ROUND(from, to, work, subkey)               \
435    work = from ^ *subkey++;                            \
436    to ^= sbox8[  work      & 0x3f ];                   \
437    to ^= sbox6[ (work>>8)  & 0x3f ];                   \
438    to ^= sbox4[ (work>>16) & 0x3f ];                   \
439    to ^= sbox2[ (work>>24) & 0x3f ];                   \
440    work = ((from << 28) | (from >> 4)) ^ *subkey++;    \
441    to ^= sbox7[  work      & 0x3f ];                   \
442    to ^= sbox5[ (work>>8)  & 0x3f ];                   \
443    to ^= sbox3[ (work>>16) & 0x3f ];                   \
444    to ^= sbox1[ (work>>24) & 0x3f ];
445
446/*
447 * Macros to convert 8 bytes from/to 32bit words.
448 */
449#define READ_64BIT_DATA(data, left, right)                                 \
450    left  = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];  \
451    right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
452
453#define WRITE_64BIT_DATA(data, left, right)                                \
454    data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff;            \
455    data[2] = (left >> 8) &0xff; data[3] = left &0xff;                     \
456    data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;          \
457    data[6] = (right >> 8) &0xff; data[7] = right &0xff;
458
459/*
460 * Handy macros for encryption and decryption of data
461 */
462#define des_ecb_encrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 0)
463#define des_ecb_decrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 1)
464#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
465#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
466
467
468
469
470
471
472/*
473 * des_key_schedule():    Calculate 16 subkeys pairs (even/odd) for
474 *                        16 encryption rounds.
475 *                        To calculate subkeys for decryption the caller
476 *                        have to reorder the generated subkeys.
477 *
478 *    rawkey:       8 Bytes of key data
479 *    subkey:       Array of at least 32 u32s. Will be filled
480 *                  with calculated subkeys.
481 *
482 */
483static void
484des_key_schedule (const byte * rawkey, u32 * subkey)
485{
486  u32 left, right, work;
487  int round;
488
489  READ_64BIT_DATA (rawkey, left, right)
490
491  DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
492  DO_PERMUTATION (right, work, left, 0, 0x10101010)
493
494  left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
495          | (leftkey_swap[(left >> 8) & 0xf] << 2)
496          | (leftkey_swap[(left >> 16) & 0xf] << 1)
497          | (leftkey_swap[(left >> 24) & 0xf])
498          | (leftkey_swap[(left >> 5) & 0xf] << 7)
499          | (leftkey_swap[(left >> 13) & 0xf] << 6)
500          | (leftkey_swap[(left >> 21) & 0xf] << 5)
501          | (leftkey_swap[(left >> 29) & 0xf] << 4));
502
503  left &= 0x0fffffff;
504
505  right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
506           | (rightkey_swap[(right >> 9) & 0xf] << 2)
507           | (rightkey_swap[(right >> 17) & 0xf] << 1)
508           | (rightkey_swap[(right >> 25) & 0xf])
509           | (rightkey_swap[(right >> 4) & 0xf] << 7)
510           | (rightkey_swap[(right >> 12) & 0xf] << 6)
511           | (rightkey_swap[(right >> 20) & 0xf] << 5)
512           | (rightkey_swap[(right >> 28) & 0xf] << 4));
513
514  right &= 0x0fffffff;
515
516  for (round = 0; round < 16; ++round)
517    {
518      left = ((left << encrypt_rotate_tab[round])
519              | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
520      right = ((right << encrypt_rotate_tab[round])
521               | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
522
523      *subkey++ = (((left << 4) & 0x24000000)
524                   | ((left << 28) & 0x10000000)
525                   | ((left << 14) & 0x08000000)
526                   | ((left << 18) & 0x02080000)
527                   | ((left << 6) & 0x01000000)
528                   | ((left << 9) & 0x00200000)
529                   | ((left >> 1) & 0x00100000)
530                   | ((left << 10) & 0x00040000)
531                   | ((left << 2) & 0x00020000)
532                   | ((left >> 10) & 0x00010000)
533                   | ((right >> 13) & 0x00002000)
534                   | ((right >> 4) & 0x00001000)
535                   | ((right << 6) & 0x00000800)
536                   | ((right >> 1) & 0x00000400)
537                   | ((right >> 14) & 0x00000200)
538                   | (right & 0x00000100)
539                   | ((right >> 5) & 0x00000020)
540                   | ((right >> 10) & 0x00000010)
541                   | ((right >> 3) & 0x00000008)
542                   | ((right >> 18) & 0x00000004)
543                   | ((right >> 26) & 0x00000002)
544                   | ((right >> 24) & 0x00000001));
545
546      *subkey++ = (((left << 15) & 0x20000000)
547                   | ((left << 17) & 0x10000000)
548                   | ((left << 10) & 0x08000000)
549                   | ((left << 22) & 0x04000000)
550                   | ((left >> 2) & 0x02000000)
551                   | ((left << 1) & 0x01000000)
552                   | ((left << 16) & 0x00200000)
553                   | ((left << 11) & 0x00100000)
554                   | ((left << 3) & 0x00080000)
555                   | ((left >> 6) & 0x00040000)
556                   | ((left << 15) & 0x00020000)
557                   | ((left >> 4) & 0x00010000)
558                   | ((right >> 2) & 0x00002000)
559                   | ((right << 8) & 0x00001000)
560                   | ((right >> 14) & 0x00000808)
561                   | ((right >> 9) & 0x00000400)
562                   | ((right) & 0x00000200)
563                   | ((right << 7) & 0x00000100)
564                   | ((right >> 7) & 0x00000020)
565                   | ((right >> 3) & 0x00000011)
566                   | ((right << 2) & 0x00000004)
567                   | ((right >> 21) & 0x00000002));
568    }
569}
570
571
572/*
573 * Fill a DES context with subkeys calculated from a 64bit key.
574 * Does not check parity bits, but simply ignore them.
575 * Does not check for weak keys.
576 */
577static int
578des_setkey (struct _des_ctx *ctx, const byte * key)
579{
580  static const char *selftest_failed;
581  int i;
582
583  if (!fips_mode () && !initialized)
584    {
585      initialized = 1;
586      selftest_failed = selftest ();
587
588      if (selftest_failed)
589        log_error ("%s\n", selftest_failed);
590    }
591  if (selftest_failed)
592    return GPG_ERR_SELFTEST_FAILED;
593
594  des_key_schedule (key, ctx->encrypt_subkeys);
595  _gcry_burn_stack (32);
596
597  for(i=0; i<32; i+=2)
598    {
599      ctx->decrypt_subkeys[i]   = ctx->encrypt_subkeys[30-i];
600      ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
601    }
602
603  return 0;
604}
605
606
607
608/*
609 * Electronic Codebook Mode DES encryption/decryption of data according
610 * to 'mode'.
611 */
612static int
613des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
614{
615  u32 left, right, work;
616  u32 *keys;
617
618  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
619
620  READ_64BIT_DATA (from, left, right)
621  INITIAL_PERMUTATION (left, work, right)
622
623  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
624  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
625  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
626  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
627  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631
632  FINAL_PERMUTATION (right, work, left)
633  WRITE_64BIT_DATA (to, right, left)
634
635  return 0;
636}
637
638
639
640/*
641 * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
642 * Does not check the parity bits of the keys, but simply ignore them.
643 * Does not check for weak keys.
644 */
645
646
647
648/*
649 * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
650 * Does not check the parity bits of the keys, but simply ignore them.
651 * Does not check for weak keys.
652 */
653static int
654tripledes_set3keys (struct _tripledes_ctx *ctx,
655                    const byte * key1,
656                    const byte * key2,
657                    const byte * key3)
658{
659  static const char *selftest_failed;
660  int i;
661
662  if (!fips_mode () && !initialized)
663    {
664      initialized = 1;
665      selftest_failed = selftest ();
666
667      if (selftest_failed)
668        log_error ("%s\n", selftest_failed);
669    }
670  if (selftest_failed)
671    return GPG_ERR_SELFTEST_FAILED;
672
673  des_key_schedule (key1, ctx->encrypt_subkeys);
674  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
675  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
676  _gcry_burn_stack (32);
677
678  for(i=0; i<32; i+=2)
679    {
680      ctx->decrypt_subkeys[i]    = ctx->encrypt_subkeys[94-i];
681      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[95-i];
682
683      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
684      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
685
686      ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
687      ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
688     }
689
690  return 0;
691}
692
693
694
695/*
696 * Electronic Codebook Mode Triple-DES encryption/decryption of data
697 * according to 'mode'.  Sometimes this mode is named 'EDE' mode
698 * (Encryption-Decryption-Encryption).
699 */
700static int
701tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
702                     byte * to, int mode)
703{
704  u32 left, right, work;
705  u32 *keys;
706
707  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
708
709  READ_64BIT_DATA (from, left, right)
710  INITIAL_PERMUTATION (left, work, right)
711
712  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
713  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
714  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
715  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
716  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
717  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
718  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
719  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
720
721  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
722  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
723  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
724  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
725  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
726  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
727  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
728  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
729
730  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
731  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
732  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
733  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
734  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
735  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
736  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
737  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
738
739  FINAL_PERMUTATION (right, work, left)
740  WRITE_64BIT_DATA (to, right, left)
741
742  return 0;
743}
744
745
746
747
748
749/*
750 * Check whether the 8 byte key is weak.
751 * Does not check the parity bits of the key but simple ignore them.
752 */
753static int
754is_weak_key ( const byte *key )
755{
756  byte work[8];
757  int i, left, right, middle, cmp_result;
758
759  /* clear parity bits */
760  for(i=0; i<8; ++i)
761     work[i] = key[i] & 0xfe;
762
763  /* binary search in the weak key table */
764  left = 0;
765  right = 63;
766  while(left <= right)
767    {
768      middle = (left + right) / 2;
769
770      if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
771          return -1;
772
773      if ( cmp_result > 0 )
774          left = middle + 1;
775      else
776          right = middle - 1;
777    }
778
779  return 0;
780}
781
782
783
784/*
785 * Performs a selftest of this DES/Triple-DES implementation.
786 * Returns an string with the error text on failure.
787 * Returns NULL if all is ok.
788 */
789
790
791static gcry_err_code_t
792do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
793{
794  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
795
796  if( keylen != 24 )
797    return GPG_ERR_INV_KEYLEN;
798
799  tripledes_set3keys ( ctx, key, key+8, key+16);
800
801  if (ctx->flags.no_weak_key)
802    ; /* Detection has been disabled.  */
803  else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
804    {
805      _gcry_burn_stack (64);
806      return GPG_ERR_WEAK_KEY;
807    }
808  _gcry_burn_stack (64);
809
810  return GPG_ERR_NO_ERROR;
811}
812
813
814
815
816static void
817do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
818{
819  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
820
821  tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
822  _gcry_burn_stack (32);
823}
824
825static void
826do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
827{
828  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
829  tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
830  _gcry_burn_stack (32);
831}
832
833static gcry_err_code_t
834do_des_setkey (void *context, const byte *key, unsigned keylen)
835{
836  struct _des_ctx *ctx = (struct _des_ctx *) context;
837
838  if (keylen != 8)
839    return GPG_ERR_INV_KEYLEN;
840
841  des_setkey (ctx, key);
842
843  if (is_weak_key (key)) {
844    _gcry_burn_stack (64);
845    return GPG_ERR_WEAK_KEY;
846  }
847  _gcry_burn_stack (64);
848
849  return GPG_ERR_NO_ERROR;
850}
851
852
853static void
854do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
855{
856  struct _des_ctx *ctx = (struct _des_ctx *) context;
857
858  des_ecb_encrypt ( ctx, inbuf, outbuf );
859  _gcry_burn_stack (32);
860}
861
862static void
863do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
864{
865  struct _des_ctx *ctx = (struct _des_ctx *) context;
866
867  des_ecb_decrypt ( ctx, inbuf, outbuf );
868  _gcry_burn_stack (32);
869}
870
871
872
873
874/*
875     Self-test section.
876 */
877
878
879/* Selftest for TripleDES.  */
880
881
882
883/* Run a full self-test for ALGO and return 0 on success.  */
884
885
886
887gcry_cipher_spec_t _gcry_cipher_spec_des =
888  {
889    "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
890    do_des_setkey, do_des_encrypt, do_des_decrypt
891    ,
892#ifdef GRUB_UTIL
893    .modname = "gcry_des",
894#endif
895  };
896
897static gcry_cipher_oid_spec_t oids_tripledes[] =
898  {
899    { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
900    /* Teletrust specific OID for 3DES. */
901    { "1.3.36.3.1.3.2.1",   GCRY_CIPHER_MODE_CBC },
902    /* pbeWithSHAAnd3_KeyTripleDES_CBC */
903    { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
904    { NULL }
905  };
906
907gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
908  {
909    "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
910    do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
911    ,
912#ifdef GRUB_UTIL
913    .modname = "gcry_des",
914#endif
915  };
916
917
918
919GRUB_MOD_INIT(gcry_des)
920{
921  grub_cipher_register (&_gcry_cipher_spec_des);
922  grub_cipher_register (&_gcry_cipher_spec_tripledes);
923}
924
925GRUB_MOD_FINI(gcry_des)
926{
927  grub_cipher_unregister (&_gcry_cipher_spec_des);
928  grub_cipher_unregister (&_gcry_cipher_spec_tripledes);
929}
Note: See TracBrowser for help on using the repository browser.