1
/* des.c - DES and Triple-DES encryption/decryption Algorithm
2
* Copyright (C) 1998, 1999, 2001, 2002, 2003,
3
* 2008 Free Software Foundation, Inc.
5
* This file is part of Libgcrypt.
7
* Libgcrypt is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU Lesser general Public License as
9
* published by the Free Software Foundation; either version 2.1 of
10
* the License, or (at your option) any later version.
12
* Libgcrypt is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21
* For a description of triple encryption, see:
22
* Bruce Schneier: Applied Cryptography. Second Edition.
23
* John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
24
* This implementation is according to the definition of DES in FIPS
25
* PUB 46-2 from December 1993.
30
* Written by Michael Roth <mroth@nessie.de>, September 1998
38
* For DES or Triple-DES encryption/decryption you must initialize a proper
39
* encryption context with a key.
41
* A DES key is 64bit wide but only 56bits of the key are used. The remaining
42
* bits are parity bits and they will _not_ checked in this implementation, but
45
* For Triple-DES you could use either two 64bit keys or three 64bit keys.
46
* The parity bits will _not_ checked, too.
48
* After initializing a context with a key you could use this context to
49
* encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
51
* (In the examples below the slashes at the beginning and ending of comments
56
* unsigned char key[8];
57
* unsigned char plaintext[8];
58
* unsigned char ciphertext[8];
59
* unsigned char recoverd[8];
62
* * Fill 'key' and 'plaintext' with some data *
65
* * Set up the DES encryption context *
66
* des_setkey(context, key);
68
* * Encrypt the plaintext *
69
* des_ecb_encrypt(context, plaintext, ciphertext);
71
* * To recover the orginal plaintext from ciphertext use: *
72
* des_ecb_decrypt(context, ciphertext, recoverd);
77
* unsigned char key1[8];
78
* unsigned char key2[8];
79
* unsigned char key3[8];
80
* unsigned char plaintext[8];
81
* unsigned char ciphertext[8];
82
* unsigned char recoverd[8];
83
* tripledes_ctx context;
85
* * If you would like to use two 64bit keys, fill 'key1' and'key2'
86
* then setup the encryption context: *
87
* tripledes_set2keys(context, key1, key2);
89
* * To use three 64bit keys with Triple-DES use: *
90
* tripledes_set3keys(context, key1, key2, key3);
92
* * Encrypting plaintext with Triple-DES *
93
* tripledes_ecb_encrypt(context, plaintext, ciphertext);
95
* * Decrypting ciphertext to recover the plaintext with Triple-DES *
96
* tripledes_ecb_decrypt(context, ciphertext, recoverd);
103
* * To perform a selftest of this DES/Triple-DES implementation use the
104
* function selftest(). It will return an error string if there are
105
* some problems with this library. *
107
* if ( (error_msg = selftest()) )
109
* fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
117
#include <string.h> /* memcpy, memcmp */
118
#include "types.h" /* for byte and u32 typedefs */
122
#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
123
#define working_memcmp memcmp
126
* According to the SunOS man page, memcmp returns indeterminate sign
127
* depending on whether characters are signed or not.
130
working_memcmp( const char *a, const char *b, size_t n )
132
for( ; n; n--, a++, b++ )
134
return (int)(*(byte*)a) - (int)(*(byte*)b);
140
* Encryption/Decryption context of DES
142
typedef struct _des_ctx
144
u32 encrypt_subkeys[32];
145
u32 decrypt_subkeys[32];
150
* Encryption/Decryption context of Triple-DES
152
typedef struct _tripledes_ctx
154
u32 encrypt_subkeys[96];
155
u32 decrypt_subkeys[96];
162
static void des_key_schedule (const byte *, u32 *);
163
static int des_setkey (struct _des_ctx *, const byte *);
164
static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
165
static int tripledes_set2keys (struct _tripledes_ctx *,
166
const byte *, const byte *);
167
static int tripledes_set3keys (struct _tripledes_ctx *,
168
const byte *, const byte *, const byte *);
169
static int tripledes_ecb_crypt (struct _tripledes_ctx *,
170
const byte *, byte *, int);
171
static int is_weak_key ( const byte *key );
172
static const char *selftest (void);
174
static int initialized;
180
* The s-box values are permuted according to the 'primitive function P'
181
* and are rotated one bit to the left.
183
static u32 sbox1[64] =
185
0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
186
0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
187
0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
188
0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
189
0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
190
0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
191
0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
192
0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
195
static u32 sbox2[64] =
197
0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
198
0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
199
0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
200
0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
201
0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
202
0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
203
0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
204
0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
207
static u32 sbox3[64] =
209
0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
210
0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
211
0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
212
0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
213
0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
214
0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
215
0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
216
0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
219
static u32 sbox4[64] =
221
0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
222
0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
223
0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
224
0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
225
0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
226
0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
227
0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
228
0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
231
static u32 sbox5[64] =
233
0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
234
0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
235
0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
236
0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
237
0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
238
0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
239
0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
240
0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
243
static u32 sbox6[64] =
245
0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
246
0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
247
0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
248
0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
249
0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
250
0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
251
0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
252
0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
255
static u32 sbox7[64] =
257
0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
258
0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
259
0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
260
0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
261
0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
262
0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
263
0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
264
0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
267
static u32 sbox8[64] =
269
0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
270
0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
271
0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
272
0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
273
0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
274
0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
275
0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
276
0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
281
* These two tables are part of the 'permuted choice 1' function.
282
* In this implementation several speed improvements are done.
284
static u32 leftkey_swap[16] =
286
0x00000000, 0x00000001, 0x00000100, 0x00000101,
287
0x00010000, 0x00010001, 0x00010100, 0x00010101,
288
0x01000000, 0x01000001, 0x01000100, 0x01000101,
289
0x01010000, 0x01010001, 0x01010100, 0x01010101
292
static u32 rightkey_swap[16] =
294
0x00000000, 0x01000000, 0x00010000, 0x01010000,
295
0x00000100, 0x01000100, 0x00010100, 0x01010100,
296
0x00000001, 0x01000001, 0x00010001, 0x01010001,
297
0x00000101, 0x01000101, 0x00010101, 0x01010101,
303
* Numbers of left shifts per round for encryption subkeys.
304
* To calculate the decryption subkeys we just reverse the
305
* ordering of the calculated encryption subkeys. So their
306
* is no need for a decryption rotate tab.
308
static byte encrypt_rotate_tab[16] =
310
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
316
* Table with weak DES keys sorted in ascending order.
317
* In DES their are 64 known keys which are weak. They are weak
318
* because they produce only one, two or four different
319
* subkeys in the subkey scheduling process.
320
* The keys in this table have all their parity bits cleared.
322
static byte weak_keys[64][8] =
324
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
325
{ 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
326
{ 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
327
{ 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
328
{ 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
329
{ 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
330
{ 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
331
{ 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
332
{ 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
333
{ 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
334
{ 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
335
{ 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
336
{ 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
337
{ 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
338
{ 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
339
{ 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
340
{ 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
341
{ 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
342
{ 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
343
{ 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
344
{ 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
345
{ 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
346
{ 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
347
{ 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
348
{ 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
349
{ 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
350
{ 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
351
{ 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
352
{ 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
353
{ 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
354
{ 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
355
{ 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
356
{ 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
357
{ 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
358
{ 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
359
{ 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
360
{ 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
361
{ 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
362
{ 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
363
{ 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
364
{ 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
365
{ 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
366
{ 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
367
{ 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
368
{ 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
369
{ 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
370
{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
371
{ 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
372
{ 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
373
{ 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
374
{ 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
375
{ 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
376
{ 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
377
{ 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
378
{ 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
379
{ 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
380
{ 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
381
{ 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
382
{ 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
383
{ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
384
{ 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
385
{ 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
386
{ 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
387
{ 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
389
static unsigned char weak_keys_chksum[20] = {
390
0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
391
0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
397
* Macro to swap bits across two words.
399
#define DO_PERMUTATION(a, temp, b, offset, mask) \
400
temp = ((a>>offset) ^ b) & mask; \
406
* This performs the 'initial permutation' of the data to be encrypted
407
* or decrypted. Additionally the resulting two words are rotated one bit
410
#define INITIAL_PERMUTATION(left, temp, right) \
411
DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
412
DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
413
DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
414
DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
415
right = (right << 1) | (right >> 31); \
416
temp = (left ^ right) & 0xaaaaaaaa; \
419
left = (left << 1) | (left >> 31);
422
* The 'inverse initial permutation'.
424
#define FINAL_PERMUTATION(left, temp, right) \
425
left = (left << 31) | (left >> 1); \
426
temp = (left ^ right) & 0xaaaaaaaa; \
429
right = (right << 31) | (right >> 1); \
430
DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
431
DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
432
DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
433
DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
437
* A full DES round including 'expansion function', 'sbox substitution'
438
* and 'primitive function P' but without swapping the left and right word.
439
* Please note: The data in 'from' and 'to' is already rotated one bit to
440
* the left, done in the initial permutation.
442
#define DES_ROUND(from, to, work, subkey) \
443
work = from ^ *subkey++; \
444
to ^= sbox8[ work & 0x3f ]; \
445
to ^= sbox6[ (work>>8) & 0x3f ]; \
446
to ^= sbox4[ (work>>16) & 0x3f ]; \
447
to ^= sbox2[ (work>>24) & 0x3f ]; \
448
work = ((from << 28) | (from >> 4)) ^ *subkey++; \
449
to ^= sbox7[ work & 0x3f ]; \
450
to ^= sbox5[ (work>>8) & 0x3f ]; \
451
to ^= sbox3[ (work>>16) & 0x3f ]; \
452
to ^= sbox1[ (work>>24) & 0x3f ];
455
* Macros to convert 8 bytes from/to 32bit words.
457
#define READ_64BIT_DATA(data, left, right) \
458
left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
459
right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
461
#define WRITE_64BIT_DATA(data, left, right) \
462
data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
463
data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
464
data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
465
data[6] = (right >> 8) &0xff; data[7] = right &0xff;
468
* Handy macros for encryption and decryption of data
470
#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
471
#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
472
#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
473
#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
481
* des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
482
* 16 encryption rounds.
483
* To calculate subkeys for decryption the caller
484
* have to reorder the generated subkeys.
486
* rawkey: 8 Bytes of key data
487
* subkey: Array of at least 32 u32s. Will be filled
488
* with calculated subkeys.
492
des_key_schedule (const byte * rawkey, u32 * subkey)
494
u32 left, right, work;
497
READ_64BIT_DATA (rawkey, left, right)
499
DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
500
DO_PERMUTATION (right, work, left, 0, 0x10101010)
502
left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
503
| (leftkey_swap[(left >> 8) & 0xf] << 2)
504
| (leftkey_swap[(left >> 16) & 0xf] << 1)
505
| (leftkey_swap[(left >> 24) & 0xf])
506
| (leftkey_swap[(left >> 5) & 0xf] << 7)
507
| (leftkey_swap[(left >> 13) & 0xf] << 6)
508
| (leftkey_swap[(left >> 21) & 0xf] << 5)
509
| (leftkey_swap[(left >> 29) & 0xf] << 4));
513
right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
514
| (rightkey_swap[(right >> 9) & 0xf] << 2)
515
| (rightkey_swap[(right >> 17) & 0xf] << 1)
516
| (rightkey_swap[(right >> 25) & 0xf])
517
| (rightkey_swap[(right >> 4) & 0xf] << 7)
518
| (rightkey_swap[(right >> 12) & 0xf] << 6)
519
| (rightkey_swap[(right >> 20) & 0xf] << 5)
520
| (rightkey_swap[(right >> 28) & 0xf] << 4));
524
for (round = 0; round < 16; ++round)
526
left = ((left << encrypt_rotate_tab[round])
527
| (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
528
right = ((right << encrypt_rotate_tab[round])
529
| (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
531
*subkey++ = (((left << 4) & 0x24000000)
532
| ((left << 28) & 0x10000000)
533
| ((left << 14) & 0x08000000)
534
| ((left << 18) & 0x02080000)
535
| ((left << 6) & 0x01000000)
536
| ((left << 9) & 0x00200000)
537
| ((left >> 1) & 0x00100000)
538
| ((left << 10) & 0x00040000)
539
| ((left << 2) & 0x00020000)
540
| ((left >> 10) & 0x00010000)
541
| ((right >> 13) & 0x00002000)
542
| ((right >> 4) & 0x00001000)
543
| ((right << 6) & 0x00000800)
544
| ((right >> 1) & 0x00000400)
545
| ((right >> 14) & 0x00000200)
546
| (right & 0x00000100)
547
| ((right >> 5) & 0x00000020)
548
| ((right >> 10) & 0x00000010)
549
| ((right >> 3) & 0x00000008)
550
| ((right >> 18) & 0x00000004)
551
| ((right >> 26) & 0x00000002)
552
| ((right >> 24) & 0x00000001));
554
*subkey++ = (((left << 15) & 0x20000000)
555
| ((left << 17) & 0x10000000)
556
| ((left << 10) & 0x08000000)
557
| ((left << 22) & 0x04000000)
558
| ((left >> 2) & 0x02000000)
559
| ((left << 1) & 0x01000000)
560
| ((left << 16) & 0x00200000)
561
| ((left << 11) & 0x00100000)
562
| ((left << 3) & 0x00080000)
563
| ((left >> 6) & 0x00040000)
564
| ((left << 15) & 0x00020000)
565
| ((left >> 4) & 0x00010000)
566
| ((right >> 2) & 0x00002000)
567
| ((right << 8) & 0x00001000)
568
| ((right >> 14) & 0x00000808)
569
| ((right >> 9) & 0x00000400)
570
| ((right) & 0x00000200)
571
| ((right << 7) & 0x00000100)
572
| ((right >> 7) & 0x00000020)
573
| ((right >> 3) & 0x00000011)
574
| ((right << 2) & 0x00000004)
575
| ((right >> 21) & 0x00000002));
581
* Fill a DES context with subkeys calculated from a 64bit key.
582
* Does not check parity bits, but simply ignore them.
583
* Does not check for weak keys.
586
des_setkey (struct _des_ctx *ctx, const byte * key)
588
static const char *selftest_failed;
591
if (!fips_mode () && !initialized)
594
selftest_failed = selftest ();
597
log_error ("%s\n", selftest_failed);
600
return GPG_ERR_SELFTEST_FAILED;
602
des_key_schedule (key, ctx->encrypt_subkeys);
603
_gcry_burn_stack (32);
607
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
608
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
617
* Electronic Codebook Mode DES encryption/decryption of data according
621
des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
623
u32 left, right, work;
626
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
628
READ_64BIT_DATA (from, left, right)
629
INITIAL_PERMUTATION (left, work, right)
631
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
636
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
637
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
638
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
640
FINAL_PERMUTATION (right, work, left)
641
WRITE_64BIT_DATA (to, right, left)
649
* Fill a Triple-DES context with subkeys calculated from two 64bit keys.
650
* Does not check the parity bits of the keys, but simply ignore them.
651
* Does not check for weak keys.
654
tripledes_set2keys (struct _tripledes_ctx *ctx,
660
des_key_schedule (key1, ctx->encrypt_subkeys);
661
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
662
_gcry_burn_stack (32);
666
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
667
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
669
ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
670
ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
672
ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
673
ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
675
ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
676
ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
685
* Fill a Triple-DES context with subkeys calculated from three 64bit keys.
686
* Does not check the parity bits of the keys, but simply ignore them.
687
* Does not check for weak keys.
690
tripledes_set3keys (struct _tripledes_ctx *ctx,
695
static const char *selftest_failed;
698
if (!fips_mode () && !initialized)
701
selftest_failed = selftest ();
704
log_error ("%s\n", selftest_failed);
707
return GPG_ERR_SELFTEST_FAILED;
709
des_key_schedule (key1, ctx->encrypt_subkeys);
710
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
711
des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
712
_gcry_burn_stack (32);
716
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
717
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
719
ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
720
ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
722
ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
723
ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
732
* Electronic Codebook Mode Triple-DES encryption/decryption of data
733
* according to 'mode'. Sometimes this mode is named 'EDE' mode
734
* (Encryption-Decryption-Encryption).
737
tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
740
u32 left, right, work;
743
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
745
READ_64BIT_DATA (from, left, right)
746
INITIAL_PERMUTATION (left, work, right)
748
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
749
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
750
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
751
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
752
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
753
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
754
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
755
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
757
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
758
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
759
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
760
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
761
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
762
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
763
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
764
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
766
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
767
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
768
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
769
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
770
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
771
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
772
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
773
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
775
FINAL_PERMUTATION (right, work, left)
776
WRITE_64BIT_DATA (to, right, left)
786
* Check whether the 8 byte key is weak.
787
* Does not check the parity bits of the key but simple ignore them.
790
is_weak_key ( const byte *key )
793
int i, left, right, middle, cmp_result;
795
/* clear parity bits */
797
work[i] = key[i] & 0xfe;
799
/* binary search in the weak key table */
804
middle = (left + right) / 2;
806
if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
809
if ( cmp_result > 0 )
821
* Performs a selftest of this DES/Triple-DES implementation.
822
* Returns an string with the error text on failure.
823
* Returns NULL if all is ok.
829
* Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
832
if (sizeof (u32) != 4)
833
return "Wrong word size for DES configured.";
836
* DES Maintenance Test
841
{0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
843
{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
845
{0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
846
byte temp1[8], temp2[8], temp3[8];
849
for (i = 0; i < 64; ++i)
851
des_setkey (des, key);
852
des_ecb_encrypt (des, input, temp1);
853
des_ecb_encrypt (des, temp1, temp2);
854
des_setkey (des, temp2);
855
des_ecb_decrypt (des, temp1, temp3);
856
memcpy (key, temp3, 8);
857
memcpy (input, temp1, 8);
859
if (memcmp (temp3, result, 8))
860
return "DES maintenance test failed.";
865
* Self made Triple-DES test (Does somebody know an official test?)
870
{0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
872
{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
874
{0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
876
{0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
880
for (i = 0; i < 16; ++i)
882
tripledes_set2keys (des3, key1, key2);
883
tripledes_ecb_encrypt (des3, input, key1);
884
tripledes_ecb_decrypt (des3, input, key2);
885
tripledes_set3keys (des3, key1, input, key2);
886
tripledes_ecb_encrypt (des3, input, input);
888
if (memcmp (input, result, 8))
889
return "Triple-DES test failed.";
893
* More Triple-DES test. These are testvectors as used by SSLeay,
894
* thanks to Jeroen C. van Gelderen.
897
struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
898
{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
899
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
900
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
901
{ 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
902
{ 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
905
{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
906
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
907
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
908
{ 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
909
{ 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00 }
911
{ { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
912
0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
913
0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E },
914
{ 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A },
915
{ 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A }
917
{ { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
918
0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
919
0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6 },
920
{ 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2 },
921
{ 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95 }
923
{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
924
0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
925
0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
926
{ 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
927
{ 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18 }
929
{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
930
0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
931
0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
932
{ 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
933
{ 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1 }
935
{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
936
0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
937
0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
938
{ 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
939
{ 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72 }
941
{ { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
942
0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
943
0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57 },
944
{ 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65 },
945
{ 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30 }
947
{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
948
0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
949
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02 },
950
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
951
{ 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74 }
953
{ { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
954
0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
955
0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01 },
956
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
957
{ 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b }
965
for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
967
tripledes_set3keys (des3, testdata[i].key,
968
testdata[i].key + 8, testdata[i].key + 16);
970
tripledes_ecb_encrypt (des3, testdata[i].plain, result);
971
if (memcmp (testdata[i].cipher, result, 8))
972
return "Triple-DES SSLeay test failed on encryption.";
974
tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
975
if (memcmp (testdata[i].plain, result, 8))
976
return "Triple-DES SSLeay test failed on decryption.";;
981
* Check the weak key detection. We simply assume that the table
982
* with weak keys is ok and check every key in the table if it is
983
* detected... (This test is a little bit stupid).
990
if (_gcry_md_open (&h, GCRY_MD_SHA1, 0))
991
return "SHA1 not available";
993
for (i = 0; i < 64; ++i)
994
_gcry_md_write (h, weak_keys[i], 8);
995
p = _gcry_md_read (h, GCRY_MD_SHA1);
996
i = memcmp (p, weak_keys_chksum, 20);
999
return "weak key table defect";
1001
for (i = 0; i < 64; ++i)
1002
if (!is_weak_key(weak_keys[i]))
1003
return "DES weak key detection failed";
1010
static gcry_err_code_t
1011
do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
1013
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1016
return GPG_ERR_INV_KEYLEN;
1018
tripledes_set3keys ( ctx, key, key+8, key+16);
1020
if (ctx->flags.no_weak_key)
1021
; /* Detection has been disabled. */
1022
else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
1024
_gcry_burn_stack (64);
1025
return GPG_ERR_WEAK_KEY;
1027
_gcry_burn_stack (64);
1029
return GPG_ERR_NO_ERROR;
1033
static gcry_err_code_t
1034
do_tripledes_set_extra_info (void *context, int what,
1035
const void *buffer, size_t buflen)
1037
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *)context;
1038
gpg_err_code_t ec = 0;
1045
case CIPHER_INFO_NO_WEAK_KEY:
1046
ctx->flags.no_weak_key = 1;
1050
ec = GPG_ERR_INV_OP;
1058
do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
1060
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1062
tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
1063
_gcry_burn_stack (32);
1067
do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
1069
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1070
tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
1071
_gcry_burn_stack (32);
1074
static gcry_err_code_t
1075
do_des_setkey (void *context, const byte *key, unsigned keylen)
1077
struct _des_ctx *ctx = (struct _des_ctx *) context;
1080
return GPG_ERR_INV_KEYLEN;
1082
des_setkey (ctx, key);
1084
if (is_weak_key (key)) {
1085
_gcry_burn_stack (64);
1086
return GPG_ERR_WEAK_KEY;
1088
_gcry_burn_stack (64);
1090
return GPG_ERR_NO_ERROR;
1095
do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
1097
struct _des_ctx *ctx = (struct _des_ctx *) context;
1099
des_ecb_encrypt ( ctx, inbuf, outbuf );
1100
_gcry_burn_stack (32);
1104
do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
1106
struct _des_ctx *ctx = (struct _des_ctx *) context;
1108
des_ecb_decrypt ( ctx, inbuf, outbuf );
1109
_gcry_burn_stack (32);
1120
/* Selftest for TripleDES. */
1121
static gpg_err_code_t
1122
selftest_fips (int extended, selftest_report_func_t report)
1127
(void)extended; /* No extended tests available. */
1130
errtxt = selftest ();
1134
/* The low-level self-tests are quite extensive and thus we can do
1135
without high level tests. This is also justified because we have
1136
no custom block code implementation for 3des but always use the
1137
standard high level block code. */
1139
return 0; /* Succeeded. */
1143
report ("cipher", GCRY_CIPHER_3DES, what, errtxt);
1144
return GPG_ERR_SELFTEST_FAILED;
1149
/* Run a full self-test for ALGO and return 0 on success. */
1150
static gpg_err_code_t
1151
run_selftests (int algo, int extended, selftest_report_func_t report)
1157
case GCRY_CIPHER_3DES:
1158
ec = selftest_fips (extended, report);
1161
ec = GPG_ERR_CIPHER_ALGO;
1170
gcry_cipher_spec_t _gcry_cipher_spec_des =
1172
"DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
1173
do_des_setkey, do_des_encrypt, do_des_decrypt
1176
static gcry_cipher_oid_spec_t oids_tripledes[] =
1178
{ "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
1179
/* Teletrust specific OID for 3DES. */
1180
{ "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
1181
/* pbeWithSHAAnd3_KeyTripleDES_CBC */
1182
{ "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
1186
gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
1188
"3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
1189
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
1192
cipher_extra_spec_t _gcry_cipher_extraspec_tripledes =
1195
do_tripledes_set_extra_info