~ilya-yanok/ubuntu/precise/grub2/fix-for-948716
» Revision
1.17.14
: grub-core/lib/libgcrypt-grub/cipher/des.c
« back to all changes in this revision
Viewing changes to grub-core/lib/libgcrypt-grub/cipher/des.c
- browse files at revision 1.17.14
- compare with another revision
- download diff
- download tarball
- view history from revision 1.17.14
- Committer: Bazaar Package Importer
- Author(s): Colin Watson
- Date: 2011-01-17 13:43:06 UTC
- mto: (17.6.26 experimental)
- mto: This revision was merged to the branch mainline in revision 102.
- Revision ID: james.westby@ubuntu.com-20110117134306-fy7qewn4s3qdx2pl
Tags: upstream-1.99~rc1
ImportĀ upstreamĀ versionĀ 1.99~rc1
- files added:
- Makefile.in
- autom4te.cache
- grub-core/lib/libgcrypt-grub
- grub-core/lib/libgcrypt-grub/cipher
- files removed:
- po/LINGUAS
- files modified:
- .bzrignore
added
removed
grub-core/lib/libgcrypt-grub/cipher/des.c
1
/* This file was automatically imported with
2
import_gcry.py. Please don't modify it */
3
/* des.c - DES and Triple-DES encryption/decryption Algorithm
4
* Copyright (C) 1998, 1999, 2001, 2002, 2003,
5
* 2008 Free Software Foundation, Inc.
6
*
7
* This file is part of Libgcrypt.
8
*
9
* Libgcrypt is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU Lesser general Public License as
11
* published by the Free Software Foundation; either version 2.1 of
12
* the License, or (at your option) any later version.
13
*
14
* Libgcrypt is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU Lesser General Public License for more details.
18
*
19
* You should have received a copy of the GNU Lesser General Public
20
* License along with this program; if not, write to the Free Software
21
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
22
*
23
* For a description of triple encryption, see:
24
* Bruce Schneier: Applied Cryptography. Second Edition.
25
* John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
26
* This implementation is according to the definition of DES in FIPS
27
* PUB 46-2 from December 1993.
28
*/
29
30
31
/*
32
* Written by Michael Roth <mroth@nessie.de>, September 1998
33
*/
34
35
36
/*
37
* U S A G E
38
* ===========
39
*
40
* For DES or Triple-DES encryption/decryption you must initialize a proper
41
* encryption context with a key.
42
*
43
* A DES key is 64bit wide but only 56bits of the key are used. The remaining
44
* bits are parity bits and they will _not_ checked in this implementation, but
45
* simply ignored.
46
*
47
* For Triple-DES you could use either two 64bit keys or three 64bit keys.
48
* The parity bits will _not_ checked, too.
49
*
50
* After initializing a context with a key you could use this context to
51
* encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
52
*
53
* (In the examples below the slashes at the beginning and ending of comments
54
* are omited.)
55
*
56
* DES Example
57
* -----------
58
* unsigned char key[8];
59
* unsigned char plaintext[8];
60
* unsigned char ciphertext[8];
61
* unsigned char recoverd[8];
62
* des_ctx context;
63
*
64
* * Fill 'key' and 'plaintext' with some data *
65
* ....
66
*
67
* * Set up the DES encryption context *
68
* des_setkey(context, key);
69
*
70
* * Encrypt the plaintext *
71
* des_ecb_encrypt(context, plaintext, ciphertext);
72
*
73
* * To recover the orginal plaintext from ciphertext use: *
74
* des_ecb_decrypt(context, ciphertext, recoverd);
75
*
76
*
77
* Triple-DES Example
78
* ------------------
79
* unsigned char key1[8];
80
* unsigned char key2[8];
81
* unsigned char key3[8];
82
* unsigned char plaintext[8];
83
* unsigned char ciphertext[8];
84
* unsigned char recoverd[8];
85
* tripledes_ctx context;
86
*
87
* * If you would like to use two 64bit keys, fill 'key1' and'key2'
88
* then setup the encryption context: *
89
* tripledes_set2keys(context, key1, key2);
90
*
91
* * To use three 64bit keys with Triple-DES use: *
92
* tripledes_set3keys(context, key1, key2, key3);
93
*
94
* * Encrypting plaintext with Triple-DES *
95
* tripledes_ecb_encrypt(context, plaintext, ciphertext);
96
*
97
* * Decrypting ciphertext to recover the plaintext with Triple-DES *
98
* tripledes_ecb_decrypt(context, ciphertext, recoverd);
99
*
100
*
101
* Selftest
102
* --------
103
* char *error_msg;
104
*
105
* * To perform a selftest of this DES/Triple-DES implementation use the
106
* function selftest(). It will return an error string if there are
107
* some problems with this library. *
108
*
109
* if ( (error_msg = selftest()) )
110
* {
111
* fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
112
* abort();
113
* }
114
*/
115
116
117
#include "types.h" /* for byte and u32 typedefs */
118
#include "g10lib.h"
119
#include "cipher.h"
120
121
#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
122
#define working_memcmp memcmp
123
#else
124
/*
125
* According to the SunOS man page, memcmp returns indeterminate sign
126
* depending on whether characters are signed or not.
127
*/
128
static int
129
working_memcmp( const char *a, const char *b, size_t n )
130
{
131
for( ; n; n--, a++, b++ )
132
if( *a != *b )
133
return (int)(*(byte*)a) - (int)(*(byte*)b);
134
return 0;
135
}
136
#endif
137
138
/*
139
* Encryption/Decryption context of DES
140
*/
141
typedef struct _des_ctx
142
{
143
u32 encrypt_subkeys[32];
144
u32 decrypt_subkeys[32];
145
}
146
des_ctx[1];
147
148
/*
149
* Encryption/Decryption context of Triple-DES
150
*/
151
typedef struct _tripledes_ctx
152
{
153
u32 encrypt_subkeys[96];
154
u32 decrypt_subkeys[96];
155
struct {
156
int no_weak_key;
157
} flags;
158
}
159
tripledes_ctx[1];
160
161
static void des_key_schedule (const byte *, u32 *);
162
static int des_setkey (struct _des_ctx *, const byte *);
163
static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
164
static int tripledes_set3keys (struct _tripledes_ctx *,
165
const byte *, const byte *, const byte *);
166
static int tripledes_ecb_crypt (struct _tripledes_ctx *,
167
const byte *, byte *, int);
168
static int is_weak_key ( const byte *key );
169
170
static int initialized;
171
172
173
174
175
/*
176
* The s-box values are permuted according to the 'primitive function P'
177
* and are rotated one bit to the left.
178
*/
179
static u32 sbox1[64] =
180
{
181
0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
182
0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
183
0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
184
0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
185
0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
186
0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
187
0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
188
0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
189
};
190
191
static u32 sbox2[64] =
192
{
193
0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
194
0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
195
0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
196
0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
197
0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
198
0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
199
0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
200
0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
201
};
202
203
static u32 sbox3[64] =
204
{
205
0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
206
0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
207
0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
208
0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
209
0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
210
0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
211
0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
212
0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
213
};
214
215
static u32 sbox4[64] =
216
{
217
0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
218
0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
219
0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
220
0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
221
0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
222
0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
223
0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
224
0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
225
};
226
227
static u32 sbox5[64] =
228
{
229
0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
230
0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
231
0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
232
0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
233
0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
234
0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
235
0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
236
0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
237
};
238
239
static u32 sbox6[64] =
240
{
241
0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
242
0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
243
0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
244
0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
245
0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
246
0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
247
0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
248
0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
249
};
250
251
static u32 sbox7[64] =
252
{
253
0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
254
0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
255
0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
256
0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
257
0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
258
0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
259
0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
260
0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
261
};
262
263
static u32 sbox8[64] =
264
{
265
0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
266
0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
267
0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
268
0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
269
0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
270
0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
271
0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
272
0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
273
};
274
275
276
/*
277
* These two tables are part of the 'permuted choice 1' function.
278
* In this implementation several speed improvements are done.
279
*/
280
static u32 leftkey_swap[16] =
281
{
282
0x00000000, 0x00000001, 0x00000100, 0x00000101,
283
0x00010000, 0x00010001, 0x00010100, 0x00010101,
284
0x01000000, 0x01000001, 0x01000100, 0x01000101,
285
0x01010000, 0x01010001, 0x01010100, 0x01010101
286
};
287
288
static u32 rightkey_swap[16] =
289
{
290
0x00000000, 0x01000000, 0x00010000, 0x01010000,
291
0x00000100, 0x01000100, 0x00010100, 0x01010100,
292
0x00000001, 0x01000001, 0x00010001, 0x01010001,
293
0x00000101, 0x01000101, 0x00010101, 0x01010101,
294
};
295
296
297
298
/*
299
* Numbers of left shifts per round for encryption subkeys.
300
* To calculate the decryption subkeys we just reverse the
301
* ordering of the calculated encryption subkeys. So their
302
* is no need for a decryption rotate tab.
303
*/
304
static byte encrypt_rotate_tab[16] =
305
{
306
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
307
};
308
309
310
311
/*
312
* Table with weak DES keys sorted in ascending order.
313
* In DES their are 64 known keys which are weak. They are weak
314
* because they produce only one, two or four different
315
* subkeys in the subkey scheduling process.
316
* The keys in this table have all their parity bits cleared.
317
*/
318
static byte weak_keys[64][8] =
319
{
320
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
321
{ 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
322
{ 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
323
{ 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
324
{ 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
325
{ 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
326
{ 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
327
{ 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
328
{ 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
329
{ 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
330
{ 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
331
{ 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
332
{ 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
333
{ 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
334
{ 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
335
{ 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
336
{ 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
337
{ 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
338
{ 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
339
{ 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
340
{ 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
341
{ 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
342
{ 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
343
{ 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
344
{ 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
345
{ 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
346
{ 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
347
{ 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
348
{ 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
349
{ 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
350
{ 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
351
{ 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
352
{ 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
353
{ 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
354
{ 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
355
{ 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
356
{ 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
357
{ 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
358
{ 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
359
{ 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
360
{ 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
361
{ 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
362
{ 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
363
{ 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
364
{ 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
365
{ 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
366
{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
367
{ 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
368
{ 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
369
{ 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
370
{ 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
371
{ 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
372
{ 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
373
{ 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
374
{ 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
375
{ 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
376
{ 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
377
{ 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
378
{ 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
379
{ 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
380
{ 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
381
{ 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
382
{ 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
383
{ 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
384
};
385
386
387
388
/*
389
* Macro to swap bits across two words.
390
*/
391
#define DO_PERMUTATION(a, temp, b, offset, mask) \
392
temp = ((a>>offset) ^ b) & mask; \
393
b ^= temp; \
394
a ^= temp<<offset;
395
396
397
/*
398
* This performs the 'initial permutation' of the data to be encrypted
399
* or decrypted. Additionally the resulting two words are rotated one bit
400
* to the left.
401
*/
402
#define INITIAL_PERMUTATION(left, temp, right) \
403
DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
404
DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
405
DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
406
DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
407
right = (right << 1) | (right >> 31); \
408
temp = (left ^ right) & 0xaaaaaaaa; \
409
right ^= temp; \
410
left ^= temp; \
411
left = (left << 1) | (left >> 31);
412
413
/*
414
* The 'inverse initial permutation'.
415
*/
416
#define FINAL_PERMUTATION(left, temp, right) \
417
left = (left << 31) | (left >> 1); \
418
temp = (left ^ right) & 0xaaaaaaaa; \
419
left ^= temp; \
420
right ^= temp; \
421
right = (right << 31) | (right >> 1); \
422
DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
423
DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
424
DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
425
DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
426
427
428
/*
429
* A full DES round including 'expansion function', 'sbox substitution'
430
* and 'primitive function P' but without swapping the left and right word.
431
* Please note: The data in 'from' and 'to' is already rotated one bit to
432
* the left, done in the initial permutation.
433
*/
434
#define DES_ROUND(from, to, work, subkey) \
435
work = from ^ *subkey++; \
436
to ^= sbox8[ work & 0x3f ]; \
437
to ^= sbox6[ (work>>8) & 0x3f ]; \
438
to ^= sbox4[ (work>>16) & 0x3f ]; \
439
to ^= sbox2[ (work>>24) & 0x3f ]; \
440
work = ((from << 28) | (from >> 4)) ^ *subkey++; \
441
to ^= sbox7[ work & 0x3f ]; \
442
to ^= sbox5[ (work>>8) & 0x3f ]; \
443
to ^= sbox3[ (work>>16) & 0x3f ]; \
444
to ^= sbox1[ (work>>24) & 0x3f ];
445
446
/*
447
* Macros to convert 8 bytes from/to 32bit words.
448
*/
449
#define READ_64BIT_DATA(data, left, right) \
450
left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
451
right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
452
453
#define WRITE_64BIT_DATA(data, left, right) \
454
data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
455
data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
456
data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
457
data[6] = (right >> 8) &0xff; data[7] = right &0xff;
458
459
/*
460
* Handy macros for encryption and decryption of data
461
*/
462
#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
463
#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
464
#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
465
#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
466
467
468
469
470
471
472
/*
473
* des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
474
* 16 encryption rounds.
475
* To calculate subkeys for decryption the caller
476
* have to reorder the generated subkeys.
477
*
478
* rawkey: 8 Bytes of key data
479
* subkey: Array of at least 32 u32s. Will be filled
480
* with calculated subkeys.
481
*
482
*/
483
static void
484
des_key_schedule (const byte * rawkey, u32 * subkey)
485
{
486
u32 left, right, work;
487
int round;
488
489
READ_64BIT_DATA (rawkey, left, right)
490
491
DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
492
DO_PERMUTATION (right, work, left, 0, 0x10101010)
493
494
left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
495
| (leftkey_swap[(left >> 8) & 0xf] << 2)
496
| (leftkey_swap[(left >> 16) & 0xf] << 1)
497
| (leftkey_swap[(left >> 24) & 0xf])
498
| (leftkey_swap[(left >> 5) & 0xf] << 7)
499
| (leftkey_swap[(left >> 13) & 0xf] << 6)
500
| (leftkey_swap[(left >> 21) & 0xf] << 5)
501
| (leftkey_swap[(left >> 29) & 0xf] << 4));
502
503
left &= 0x0fffffff;
504
505
right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
506
| (rightkey_swap[(right >> 9) & 0xf] << 2)
507
| (rightkey_swap[(right >> 17) & 0xf] << 1)
508
| (rightkey_swap[(right >> 25) & 0xf])
509
| (rightkey_swap[(right >> 4) & 0xf] << 7)
510
| (rightkey_swap[(right >> 12) & 0xf] << 6)
511
| (rightkey_swap[(right >> 20) & 0xf] << 5)
512
| (rightkey_swap[(right >> 28) & 0xf] << 4));
513
514
right &= 0x0fffffff;
515
516
for (round = 0; round < 16; ++round)
517
{
518
left = ((left << encrypt_rotate_tab[round])
519
| (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
520
right = ((right << encrypt_rotate_tab[round])
521
| (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
522
523
*subkey++ = (((left << 4) & 0x24000000)
524
| ((left << 28) & 0x10000000)
525
| ((left << 14) & 0x08000000)
526
| ((left << 18) & 0x02080000)
527
| ((left << 6) & 0x01000000)
528
| ((left << 9) & 0x00200000)
529
| ((left >> 1) & 0x00100000)
530
| ((left << 10) & 0x00040000)
531
| ((left << 2) & 0x00020000)
532
| ((left >> 10) & 0x00010000)
533
| ((right >> 13) & 0x00002000)
534
| ((right >> 4) & 0x00001000)
535
| ((right << 6) & 0x00000800)
536
| ((right >> 1) & 0x00000400)
537
| ((right >> 14) & 0x00000200)
538
| (right & 0x00000100)
539
| ((right >> 5) & 0x00000020)
540
| ((right >> 10) & 0x00000010)
541
| ((right >> 3) & 0x00000008)
542
| ((right >> 18) & 0x00000004)
543
| ((right >> 26) & 0x00000002)
544
| ((right >> 24) & 0x00000001));
545
546
*subkey++ = (((left << 15) & 0x20000000)
547
| ((left << 17) & 0x10000000)
548
| ((left << 10) & 0x08000000)
549
| ((left << 22) & 0x04000000)
550
| ((left >> 2) & 0x02000000)
551
| ((left << 1) & 0x01000000)
552
| ((left << 16) & 0x00200000)
553
| ((left << 11) & 0x00100000)
554
| ((left << 3) & 0x00080000)
555
| ((left >> 6) & 0x00040000)
556
| ((left << 15) & 0x00020000)
557
| ((left >> 4) & 0x00010000)
558
| ((right >> 2) & 0x00002000)
559
| ((right << 8) & 0x00001000)
560
| ((right >> 14) & 0x00000808)
561
| ((right >> 9) & 0x00000400)
562
| ((right) & 0x00000200)
563
| ((right << 7) & 0x00000100)
564
| ((right >> 7) & 0x00000020)
565
| ((right >> 3) & 0x00000011)
566
| ((right << 2) & 0x00000004)
567
| ((right >> 21) & 0x00000002));
568
}
569
}
570
571
572
/*
573
* Fill a DES context with subkeys calculated from a 64bit key.
574
* Does not check parity bits, but simply ignore them.
575
* Does not check for weak keys.
576
*/
577
static int
578
des_setkey (struct _des_ctx *ctx, const byte * key)
579
{
580
static const char *selftest_failed;
581
int i;
582
583
if (!fips_mode () && !initialized)
584
{
585
initialized = 1;
586
selftest_failed = selftest ();
587
588
if (selftest_failed)
589
log_error ("%s\n", selftest_failed);
590
}
591
if (selftest_failed)
592
return GPG_ERR_SELFTEST_FAILED;
593
594
des_key_schedule (key, ctx->encrypt_subkeys);
595
_gcry_burn_stack (32);
596
597
for(i=0; i<32; i+=2)
598
{
599
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
600
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
601
}
602
603
return 0;
604
}
605
606
607
608
/*
609
* Electronic Codebook Mode DES encryption/decryption of data according
610
* to 'mode'.
611
*/
612
static int
613
des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
614
{
615
u32 left, right, work;
616
u32 *keys;
617
618
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
619
620
READ_64BIT_DATA (from, left, right)
621
INITIAL_PERMUTATION (left, work, right)
622
623
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
624
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
625
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
626
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
627
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631
632
FINAL_PERMUTATION (right, work, left)
633
WRITE_64BIT_DATA (to, right, left)
634
635
return 0;
636
}
637
638
639
640
/*
641
* Fill a Triple-DES context with subkeys calculated from two 64bit keys.
642
* Does not check the parity bits of the keys, but simply ignore them.
643
* Does not check for weak keys.
644
*/
645
646
647
648
/*
649
* Fill a Triple-DES context with subkeys calculated from three 64bit keys.
650
* Does not check the parity bits of the keys, but simply ignore them.
651
* Does not check for weak keys.
652
*/
653
static int
654
tripledes_set3keys (struct _tripledes_ctx *ctx,
655
const byte * key1,
656
const byte * key2,
657
const byte * key3)
658
{
659
static const char *selftest_failed;
660
int i;
661
662
if (!fips_mode () && !initialized)
663
{
664
initialized = 1;
665
selftest_failed = selftest ();
666
667
if (selftest_failed)
668
log_error ("%s\n", selftest_failed);
669
}
670
if (selftest_failed)
671
return GPG_ERR_SELFTEST_FAILED;
672
673
des_key_schedule (key1, ctx->encrypt_subkeys);
674
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
675
des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
676
_gcry_burn_stack (32);
677
678
for(i=0; i<32; i+=2)
679
{
680
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
681
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
682
683
ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
684
ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
685
686
ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
687
ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
688
}
689
690
return 0;
691
}
692
693
694
695
/*
696
* Electronic Codebook Mode Triple-DES encryption/decryption of data
697
* according to 'mode'. Sometimes this mode is named 'EDE' mode
698
* (Encryption-Decryption-Encryption).
699
*/
700
static int
701
tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
702
byte * to, int mode)
703
{
704
u32 left, right, work;
705
u32 *keys;
706
707
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
708
709
READ_64BIT_DATA (from, left, right)
710
INITIAL_PERMUTATION (left, work, right)
711
712
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
713
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
714
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
715
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
716
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
717
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
718
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
719
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
720
721
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
722
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
723
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
724
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
725
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
726
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
727
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
728
DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
729
730
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
731
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
732
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
733
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
734
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
735
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
736
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
737
DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
738
739
FINAL_PERMUTATION (right, work, left)
740
WRITE_64BIT_DATA (to, right, left)
741
742
return 0;
743
}
744
745
746
747
748
749
/*
750
* Check whether the 8 byte key is weak.
751
* Does not check the parity bits of the key but simple ignore them.
752
*/
753
static int
754
is_weak_key ( const byte *key )
755
{
756
byte work[8];
757
int i, left, right, middle, cmp_result;
758
759
/* clear parity bits */
760
for(i=0; i<8; ++i)
761
work[i] = key[i] & 0xfe;
762
763
/* binary search in the weak key table */
764
left = 0;
765
right = 63;
766
while(left <= right)
767
{
768
middle = (left + right) / 2;
769
770
if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
771
return -1;
772
773
if ( cmp_result > 0 )
774
left = middle + 1;
775
else
776
right = middle - 1;
777
}
778
779
return 0;
780
}
781
782
783
784
/*
785
* Performs a selftest of this DES/Triple-DES implementation.
786
* Returns an string with the error text on failure.
787
* Returns NULL if all is ok.
788
*/
789
790
791
static gcry_err_code_t
792
do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
793
{
794
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
795
796
if( keylen != 24 )
797
return GPG_ERR_INV_KEYLEN;
798
799
tripledes_set3keys ( ctx, key, key+8, key+16);
800
801
if (ctx->flags.no_weak_key)
802
; /* Detection has been disabled. */
803
else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
804
{
805
_gcry_burn_stack (64);
806
return GPG_ERR_WEAK_KEY;
807
}
808
_gcry_burn_stack (64);
809
810
return GPG_ERR_NO_ERROR;
811
}
812
813
814
815
816
static void
817
do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
818
{
819
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
820
821
tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
822
_gcry_burn_stack (32);
823
}
824
825
static void
826
do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
827
{
828
struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
829
tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
830
_gcry_burn_stack (32);
831
}
832
833
static gcry_err_code_t
834
do_des_setkey (void *context, const byte *key, unsigned keylen)
835
{
836
struct _des_ctx *ctx = (struct _des_ctx *) context;
837
838
if (keylen != 8)
839
return GPG_ERR_INV_KEYLEN;
840
841
des_setkey (ctx, key);
842
843
if (is_weak_key (key)) {
844
_gcry_burn_stack (64);
845
return GPG_ERR_WEAK_KEY;
846
}
847
_gcry_burn_stack (64);
848
849
return GPG_ERR_NO_ERROR;
850
}
851
852
853
static void
854
do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
855
{
856
struct _des_ctx *ctx = (struct _des_ctx *) context;
857
858
des_ecb_encrypt ( ctx, inbuf, outbuf );
859
_gcry_burn_stack (32);
860
}
861
862
static void
863
do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
864
{
865
struct _des_ctx *ctx = (struct _des_ctx *) context;
866
867
des_ecb_decrypt ( ctx, inbuf, outbuf );
868
_gcry_burn_stack (32);
869
}
870
871
872
873
874
/*
875
Self-test section.
876
*/
877
878
879
/* Selftest for TripleDES. */
880
881
882
883
/* Run a full self-test for ALGO and return 0 on success. */
884
885
886
887
gcry_cipher_spec_t _gcry_cipher_spec_des =
888
{
889
"DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
890
do_des_setkey, do_des_encrypt, do_des_decrypt
891
};
892
893
static gcry_cipher_oid_spec_t oids_tripledes[] =
894
{
895
{ "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
896
/* Teletrust specific OID for 3DES. */
897
{ "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
898
/* pbeWithSHAAnd3_KeyTripleDES_CBC */
899
{ "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
900
{ NULL }
901
};
902
903
gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
904
{
905
"3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
906
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
907
};
908
909
910
911
GRUB_MOD_INIT(gcry_des)
912
{
913
grub_cipher_register (&_gcry_cipher_spec_des);
914
grub_cipher_register (&_gcry_cipher_spec_tripledes);
915
}
916
917
GRUB_MOD_FINI(gcry_des)
918
{
919
grub_cipher_unregister (&_gcry_cipher_spec_des);
920
grub_cipher_unregister (&_gcry_cipher_spec_tripledes);
921
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1