summaryrefslogtreecommitdiffabout
path: root/pwmanager/libcrypt/cipher/des.c
Unidiff
Diffstat (limited to 'pwmanager/libcrypt/cipher/des.c') (more/less context) (ignore whitespace changes)
-rw-r--r--pwmanager/libcrypt/cipher/des.c1111
1 files changed, 1111 insertions, 0 deletions
diff --git a/pwmanager/libcrypt/cipher/des.c b/pwmanager/libcrypt/cipher/des.c
new file mode 100644
index 0000000..81b5337
--- a/dev/null
+++ b/pwmanager/libcrypt/cipher/des.c
@@ -0,0 +1,1111 @@
1/* des.c - DES and Triple-DES encryption/decryption Algorithm
2 * Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 *
20 * For a description of triple encryption, see:
21 * Bruce Schneier: Applied Cryptography. Second Edition.
22 * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
23 * This implementation is according to the definition of DES in FIPS
24 * PUB 46-2 from December 1993.
25 */
26
27
28/*
29 * Written by Michael Roth <mroth@nessie.de>, September 1998
30 */
31
32
33/*
34 * U S A G E
35 * ===========
36 *
37 * For DES or Triple-DES encryption/decryption you must initialize a proper
38 * encryption context with a key.
39 *
40 * A DES key is 64bit wide but only 56bits of the key are used. The remaining
41 * bits are parity bits and they will _not_ checked in this implementation, but
42 * simply ignored.
43 *
44 * For Triple-DES you could use either two 64bit keys or three 64bit keys.
45 * The parity bits will _not_ checked, too.
46 *
47 * After initializing a context with a key you could use this context to
48 * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
49 *
50 * (In the examples below the slashes at the beginning and ending of comments
51 * are omited.)
52 *
53 * DES Example
54 * -----------
55 * unsigned char key[8];
56 * unsigned char plaintext[8];
57 * unsigned char ciphertext[8];
58 * unsigned char recoverd[8];
59 * des_ctx context;
60 *
61 * * Fill 'key' and 'plaintext' with some data *
62 * ....
63 *
64 * * Set up the DES encryption context *
65 * des_setkey(context, key);
66 *
67 * * Encrypt the plaintext *
68 * des_ecb_encrypt(context, plaintext, ciphertext);
69 *
70 * * To recover the orginal plaintext from ciphertext use: *
71 * des_ecb_decrypt(context, ciphertext, recoverd);
72 *
73 *
74 * Triple-DES Example
75 * ------------------
76 * unsigned char key1[8];
77 * unsigned char key2[8];
78 * unsigned char key3[8];
79 * unsigned char plaintext[8];
80 * unsigned char ciphertext[8];
81 * unsigned char recoverd[8];
82 * tripledes_ctx context;
83 *
84 * * If you would like to use two 64bit keys, fill 'key1' and'key2'
85 * then setup the encryption context: *
86 * tripledes_set2keys(context, key1, key2);
87 *
88 * * To use three 64bit keys with Triple-DES use: *
89 * tripledes_set3keys(context, key1, key2, key3);
90 *
91 * * Encrypting plaintext with Triple-DES *
92 * tripledes_ecb_encrypt(context, plaintext, ciphertext);
93 *
94 * * Decrypting ciphertext to recover the plaintext with Triple-DES *
95 * tripledes_ecb_decrypt(context, ciphertext, recoverd);
96 *
97 *
98 * Selftest
99 * --------
100 * char *error_msg;
101 *
102 * * To perform a selftest of this DES/Triple-DES implementation use the
103 * function selftest(). It will return an error string if their are
104 * some problems with this library. *
105 *
106 * if ( (error_msg = selftest()) )
107 * {
108 * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
109 * abort();
110 * }
111 */
112
113
114#include <config.h>
115#include <stdio.h>
116 #include <string.h> /* memcpy, memcmp */
117#include "types.h" /* for byte and u32 typedefs */
118#include "g10lib.h"
119#include "cipher.h"
120
121#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
122#define working_memcmp memcmp
123#else
124/*
125 * According to the SunOS man page, memcmp returns indeterminate sign
126 * depending on whether characters are signed or not.
127 */
128static int
129working_memcmp( const char *a, const char *b, size_t n )
130{
131 for( ; n; n--, a++, b++ )
132 if( *a != *b )
133 return (int)(*(byte*)a) - (int)(*(byte*)b);
134 return 0;
135}
136#endif
137
138/*
139 * Encryption/Decryption context of DES
140 */
141typedef struct _des_ctx
142 {
143 u32 encrypt_subkeys[32];
144 u32 decrypt_subkeys[32];
145 }
146des_ctx[1];
147
148/*
149 * Encryption/Decryption context of Triple-DES
150 */
151typedef struct _tripledes_ctx
152 {
153 u32 encrypt_subkeys[96];
154 u32 decrypt_subkeys[96];
155 }
156tripledes_ctx[1];
157
158static void des_key_schedule (const byte *, u32 *);
159static int des_setkey (struct _des_ctx *, const byte *);
160static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
161static int tripledes_set2keys (struct _tripledes_ctx *,
162 const byte *, const byte *);
163static int tripledes_set3keys (struct _tripledes_ctx *,
164 const byte *, const byte *, const byte *);
165static int tripledes_ecb_crypt (struct _tripledes_ctx *,
166 const byte *, byte *, int);
167static int is_weak_key ( const byte *key );
168static const char *selftest (void);
169
170static int initialized;
171
172
173
174
175/*
176 * The s-box values are permuted according to the 'primitive function P'
177 * and are rotated one bit to the left.
178 */
179static u32 sbox1[64] =
180{
181 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
182 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
183 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
184 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
185 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
186 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
187 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
188 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
189};
190
191static u32 sbox2[64] =
192{
193 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
194 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
195 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
196 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
197 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
198 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
199 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
200 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
201};
202
203static u32 sbox3[64] =
204{
205 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
206 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
207 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
208 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
209 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
210 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
211 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
212 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
213};
214
215static u32 sbox4[64] =
216{
217 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
218 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
219 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
220 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
221 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
222 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
223 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
224 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
225};
226
227static u32 sbox5[64] =
228{
229 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
230 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
231 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
232 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
233 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
234 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
235 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
236 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
237};
238
239static u32 sbox6[64] =
240{
241 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
242 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
243 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
244 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
245 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
246 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
247 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
248 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
249};
250
251static u32 sbox7[64] =
252{
253 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
254 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
255 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
256 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
257 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
258 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
259 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
260 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
261};
262
263static u32 sbox8[64] =
264{
265 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
266 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
267 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
268 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
269 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
270 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
271 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
272 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
273};
274
275
276/*
277 * These two tables are part of the 'permuted choice 1' function.
278 * In this implementation several speed improvements are done.
279 */
280static u32 leftkey_swap[16] =
281{
282 0x00000000, 0x00000001, 0x00000100, 0x00000101,
283 0x00010000, 0x00010001, 0x00010100, 0x00010101,
284 0x01000000, 0x01000001, 0x01000100, 0x01000101,
285 0x01010000, 0x01010001, 0x01010100, 0x01010101
286};
287
288static u32 rightkey_swap[16] =
289{
290 0x00000000, 0x01000000, 0x00010000, 0x01010000,
291 0x00000100, 0x01000100, 0x00010100, 0x01010100,
292 0x00000001, 0x01000001, 0x00010001, 0x01010001,
293 0x00000101, 0x01000101, 0x00010101, 0x01010101,
294};
295
296
297
298/*
299 * Numbers of left shifts per round for encryption subkeys.
300 * To calculate the decryption subkeys we just reverse the
301 * ordering of the calculated encryption subkeys. So their
302 * is no need for a decryption rotate tab.
303 */
304static byte encrypt_rotate_tab[16] =
305{
306 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
307};
308
309
310
311/*
312 * Table with weak DES keys sorted in ascending order.
313 * In DES their are 64 known keys wich are weak. They are weak
314 * because they produce only one, two or four different
315 * subkeys in the subkey scheduling process.
316 * The keys in this table have all their parity bits cleared.
317 */
318static byte weak_keys[64][8] =
319{
320 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
321 { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
322 { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
323 { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
324 { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
325 { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
326 { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
327 { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
328 { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
329 { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
330 { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
331 { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
332 { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
333 { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
334 { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
335 { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
336 { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
337 { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
338 { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
339 { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
340 { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
341 { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
342 { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
343 { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
344 { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
345 { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
346 { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
347 { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
348 { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
349 { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
350 { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
351 { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
352 { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
353 { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
354 { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
355 { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
356 { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
357 { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
358 { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
359 { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
360 { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
361 { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
362 { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
363 { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
364 { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
365 { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
366 { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
367 { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
368 { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
369 { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
370 { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
371 { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
372 { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
373 { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
374 { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
375 { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
376 { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
377 { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
378 { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
379 { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
380 { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
381 { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
382 { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
383 { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
384};
385static unsigned char weak_keys_chksum[20] = {
386 0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
387 0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
388};
389
390
391
392/*
393 * Macro to swap bits across two words.
394 */
395 #define DO_PERMUTATION(a, temp, b, offset, mask)\
396 temp = ((a>>offset) ^ b) & mask; \
397 b ^= temp; \
398 a ^= temp<<offset;
399
400
401/*
402 * This performs the 'initial permutation' of the data to be encrypted
403 * or decrypted. Additionally the resulting two words are rotated one bit
404 * to the left.
405 */
406 #define INITIAL_PERMUTATION(left, temp, right) \
407 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)\
408 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)\
409 DO_PERMUTATION(right, temp, left, 2, 0x33333333)\
410 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)\
411 right = (right << 1) | (right >> 31); \
412 temp = (left ^ right) & 0xaaaaaaaa; \
413 right ^= temp; \
414 left ^= temp; \
415 left = (left << 1) | (left >> 31);
416
417/*
418 * The 'inverse initial permutation'.
419 */
420 #define FINAL_PERMUTATION(left, temp, right) \
421 left = (left << 31) | (left >> 1); \
422 temp = (left ^ right) & 0xaaaaaaaa; \
423 left ^= temp; \
424 right ^= temp; \
425 right = (right << 31) | (right >> 1); \
426 DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)\
427 DO_PERMUTATION(right, temp, left, 2, 0x33333333)\
428 DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)\
429 DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
430
431
432/*
433 * A full DES round including 'expansion function', 'sbox substitution'
434 * and 'primitive function P' but without swapping the left and right word.
435 * Please note: The data in 'from' and 'to' is already rotated one bit to
436 * the left, done in the initial permutation.
437 */
438 #define DES_ROUND(from, to, work, subkey) \
439 work = from ^ *subkey++; \
440 to ^= sbox8[ work & 0x3f ]; \
441 to ^= sbox6[ (work>>8) & 0x3f ]; \
442 to ^= sbox4[ (work>>16) & 0x3f ]; \
443 to ^= sbox2[ (work>>24) & 0x3f ]; \
444 work = ((from << 28) | (from >> 4)) ^ *subkey++;\
445 to ^= sbox7[ work & 0x3f ]; \
446 to ^= sbox5[ (work>>8) & 0x3f ]; \
447 to ^= sbox3[ (work>>16) & 0x3f ]; \
448 to ^= sbox1[ (work>>24) & 0x3f ];
449
450/*
451 * Macros to convert 8 bytes from/to 32bit words.
452 */
453 #define READ_64BIT_DATA(data, left, right) \
454 left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
455 right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
456
457 #define WRITE_64BIT_DATA(data, left, right) \
458 data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
459 data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
460 data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
461 data[6] = (right >> 8) &0xff; data[7] = right &0xff;
462
463/*
464 * Handy macros for encryption and decryption of data
465 */
466 #define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
467 #define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
468#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
469#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
470
471
472
473
474
475
476/*
477 * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
478 * 16 encryption rounds.
479 * To calculate subkeys for decryption the caller
480 * have to reorder the generated subkeys.
481 *
482 * rawkey: 8 Bytes of key data
483 * subkey: Array of at least 32 u32s. Will be filled
484 * with calculated subkeys.
485 *
486 */
487static void
488des_key_schedule (const byte * rawkey, u32 * subkey)
489{
490 u32 left, right, work;
491 int round;
492
493 READ_64BIT_DATA (rawkey, left, right)
494
495 DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
496 DO_PERMUTATION (right, work, left, 0, 0x10101010)
497
498 left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
499 | (leftkey_swap[(left >> 8) & 0xf] << 2)
500 | (leftkey_swap[(left >> 16) & 0xf] << 1)
501 | (leftkey_swap[(left >> 24) & 0xf])
502 | (leftkey_swap[(left >> 5) & 0xf] << 7)
503 | (leftkey_swap[(left >> 13) & 0xf] << 6)
504 | (leftkey_swap[(left >> 21) & 0xf] << 5)
505 | (leftkey_swap[(left >> 29) & 0xf] << 4));
506
507 left &= 0x0fffffff;
508
509 right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
510 | (rightkey_swap[(right >> 9) & 0xf] << 2)
511 | (rightkey_swap[(right >> 17) & 0xf] << 1)
512 | (rightkey_swap[(right >> 25) & 0xf])
513 | (rightkey_swap[(right >> 4) & 0xf] << 7)
514 | (rightkey_swap[(right >> 12) & 0xf] << 6)
515 | (rightkey_swap[(right >> 20) & 0xf] << 5)
516 | (rightkey_swap[(right >> 28) & 0xf] << 4));
517
518 right &= 0x0fffffff;
519
520 for (round = 0; round < 16; ++round)
521 {
522 left = ((left << encrypt_rotate_tab[round])
523 | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
524 right = ((right << encrypt_rotate_tab[round])
525 | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
526
527 *subkey++ = (((left << 4) & 0x24000000)
528 | ((left << 28) & 0x10000000)
529 | ((left << 14) & 0x08000000)
530 | ((left << 18) & 0x02080000)
531 | ((left << 6) & 0x01000000)
532 | ((left << 9) & 0x00200000)
533 | ((left >> 1) & 0x00100000)
534 | ((left << 10) & 0x00040000)
535 | ((left << 2) & 0x00020000)
536 | ((left >> 10) & 0x00010000)
537 | ((right >> 13) & 0x00002000)
538 | ((right >> 4) & 0x00001000)
539 | ((right << 6) & 0x00000800)
540 | ((right >> 1) & 0x00000400)
541 | ((right >> 14) & 0x00000200)
542 | (right & 0x00000100)
543 | ((right >> 5) & 0x00000020)
544 | ((right >> 10) & 0x00000010)
545 | ((right >> 3) & 0x00000008)
546 | ((right >> 18) & 0x00000004)
547 | ((right >> 26) & 0x00000002)
548 | ((right >> 24) & 0x00000001));
549
550 *subkey++ = (((left << 15) & 0x20000000)
551 | ((left << 17) & 0x10000000)
552 | ((left << 10) & 0x08000000)
553 | ((left << 22) & 0x04000000)
554 | ((left >> 2) & 0x02000000)
555 | ((left << 1) & 0x01000000)
556 | ((left << 16) & 0x00200000)
557 | ((left << 11) & 0x00100000)
558 | ((left << 3) & 0x00080000)
559 | ((left >> 6) & 0x00040000)
560 | ((left << 15) & 0x00020000)
561 | ((left >> 4) & 0x00010000)
562 | ((right >> 2) & 0x00002000)
563 | ((right << 8) & 0x00001000)
564 | ((right >> 14) & 0x00000808)
565 | ((right >> 9) & 0x00000400)
566 | ((right) & 0x00000200)
567 | ((right << 7) & 0x00000100)
568 | ((right >> 7) & 0x00000020)
569 | ((right >> 3) & 0x00000011)
570 | ((right << 2) & 0x00000004)
571 | ((right >> 21) & 0x00000002));
572 }
573}
574
575
576/*
577 * Fill a DES context with subkeys calculated from a 64bit key.
578 * Does not check parity bits, but simply ignore them.
579 * Does not check for weak keys.
580 */
581static int
582des_setkey (struct _des_ctx *ctx, const byte * key)
583{
584 static const char *selftest_failed;
585 int i;
586
587 if (! initialized)
588 {
589 initialized = 1;
590 selftest_failed = selftest ();
591
592 if (selftest_failed)
593 log_error ("%s\n", selftest_failed);
594 }
595 if (selftest_failed)
596 return GPG_ERR_SELFTEST_FAILED;
597
598 des_key_schedule (key, ctx->encrypt_subkeys);
599 _gcry_burn_stack (32);
600
601 for(i=0; i<32; i+=2)
602 {
603 ctx->decrypt_subkeys[i]= ctx->encrypt_subkeys[30-i];
604 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
605 }
606
607 return 0;
608}
609
610
611
612/*
613 * Electronic Codebook Mode DES encryption/decryption of data according
614 * to 'mode'.
615 */
616static int
617des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
618{
619 u32 left, right, work;
620 u32 *keys;
621
622 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
623
624 READ_64BIT_DATA (from, left, right)
625 INITIAL_PERMUTATION (left, work, right)
626
627 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
628 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
629 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
630 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
631 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
632 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
633 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
634 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
635
636 FINAL_PERMUTATION (right, work, left)
637 WRITE_64BIT_DATA (to, right, left)
638
639 return 0;
640}
641
642
643
644/*
645 * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
646 * Does not check the parity bits of the keys, but simply ignore them.
647 * Does not check for weak keys.
648 */
649static int
650tripledes_set2keys (struct _tripledes_ctx *ctx,
651 const byte * key1,
652 const byte * key2)
653{
654 int i;
655
656 des_key_schedule (key1, ctx->encrypt_subkeys);
657 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
658 _gcry_burn_stack (32);
659
660 for(i=0; i<32; i+=2)
661 {
662 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
663 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
664
665 ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
666 ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
667
668 ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
669 ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
670
671 ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
672 ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
673 }
674
675 return 0;
676}
677
678
679
680/*
681 * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
682 * Does not check the parity bits of the keys, but simply ignore them.
683 * Does not check for weak keys.
684 */
685static int
686tripledes_set3keys (struct _tripledes_ctx *ctx,
687 const byte * key1,
688 const byte * key2,
689 const byte * key3)
690{
691 static const char *selftest_failed;
692 int i;
693
694 if (! initialized)
695 {
696 initialized = 1;
697 selftest_failed = selftest ();
698
699 if (selftest_failed)
700 log_error ("%s\n", selftest_failed);
701 }
702 if (selftest_failed)
703 return GPG_ERR_SELFTEST_FAILED;
704
705 des_key_schedule (key1, ctx->encrypt_subkeys);
706 des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
707 des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
708 _gcry_burn_stack (32);
709
710 for(i=0; i<32; i+=2)
711 {
712 ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
713 ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
714
715 ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
716 ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
717
718 ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
719 ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
720 }
721
722 return 0;
723}
724
725
726
727/*
728 * Electronic Codebook Mode Triple-DES encryption/decryption of data
729 * according to 'mode'. Sometimes this mode is named 'EDE' mode
730 * (Encryption-Decryption-Encryption).
731 */
732static int
733tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
734 byte * to, int mode)
735{
736 u32 left, right, work;
737 u32 *keys;
738
739 keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
740
741 READ_64BIT_DATA (from, left, right)
742 INITIAL_PERMUTATION (left, work, right)
743
744 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
745 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
746 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
747 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
748 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
749 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
750 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
751 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
752
753 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
754 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
755 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
756 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
757 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
758 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
759 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
760 DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
761
762 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
763 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
764 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
765 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
766 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
767 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
768 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
769 DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
770
771 FINAL_PERMUTATION (right, work, left)
772 WRITE_64BIT_DATA (to, right, left)
773
774 return 0;
775}
776
777
778
779
780
781/*
782 * Check whether the 8 byte key is weak.
783 * Does not check the parity bits of the key but simple ignore them.
784 */
785static int
786is_weak_key ( const byte *key )
787{
788 byte work[8];
789 int i, left, right, middle, cmp_result;
790
791 /* clear parity bits */
792 for(i=0; i<8; ++i)
793 work[i] = key[i] & 0xfe;
794
795 /* binary search in the weak key table */
796 left = 0;
797 right = 63;
798 while(left <= right)
799 {
800 middle = (left + right) / 2;
801
802 if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
803 return -1;
804
805 if ( cmp_result > 0 )
806 left = middle + 1;
807 else
808 right = middle - 1;
809 }
810
811 return 0;
812}
813
814
815
816/*
817 * Performs a selftest of this DES/Triple-DES implementation.
818 * Returns an string with the error text on failure.
819 * Returns NULL if all is ok.
820 */
821static const char *
822selftest (void)
823{
824 /*
825 * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
826 * need this.
827 */
828 if (sizeof (u32) != 4)
829 return "Wrong word size for DES configured.";
830
831 /*
832 * DES Maintenance Test
833 */
834 {
835 int i;
836 byte key[8] =
837 {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
838 byte input[8] =
839 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
840 byte result[8] =
841 {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
842 byte temp1[8], temp2[8], temp3[8];
843 des_ctx des;
844
845 for (i = 0; i < 64; ++i)
846 {
847 des_setkey (des, key);
848 des_ecb_encrypt (des, input, temp1);
849 des_ecb_encrypt (des, temp1, temp2);
850 des_setkey (des, temp2);
851 des_ecb_decrypt (des, temp1, temp3);
852 memcpy (key, temp3, 8);
853 memcpy (input, temp1, 8);
854 }
855 if (memcmp (temp3, result, 8))
856 return "DES maintenance test failed.";
857 }
858
859
860 /*
861 * Self made Triple-DES test(Does somebody know an official test?)
862 */
863 {
864 int i;
865 byte input[8] =
866 {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
867 byte key1[8] =
868 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
869 byte key2[8] =
870 {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
871 byte result[8] =
872 {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
873
874 tripledes_ctx des3;
875
876 for (i = 0; i < 16; ++i)
877 {
878 tripledes_set2keys (des3, key1, key2);
879 tripledes_ecb_encrypt (des3, input, key1);
880 tripledes_ecb_decrypt (des3, input, key2);
881 tripledes_set3keys (des3, key1, input, key2);
882 tripledes_ecb_encrypt (des3, input, input);
883 }
884 if (memcmp (input, result, 8))
885 return "Triple-DES test failed.";
886 }
887
888 /*
889 * More Triple-DES test. These are testvectors as used by SSLeay,
890 * thanks to Jeroen C. van Gelderen.
891 */
892 {
893 struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
894 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
895 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
896 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
897 { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
898 { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
899 },
900
901 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
902 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
903 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
904 { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
905 { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00 }
906 },
907 { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
908 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
909 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E },
910 { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A },
911 { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A }
912 },
913 { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
914 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
915 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6 },
916 { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2 },
917 { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95 }
918 },
919 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
920 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
921 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
922 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
923 { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18 }
924 },
925 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
926 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
927 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
928 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
929 { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1 }
930 },
931 { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
932 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
933 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
934 { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
935 { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72 }
936 },
937 { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
938 0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
939 0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57 },
940 { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65 },
941 { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30 }
942 },
943 { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
944 0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
945 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02 },
946 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
947 { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74 }
948 },
949 { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
950 0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
951 0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01 },
952 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
953 { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b }
954 }
955 };
956
957 byte result[8];
958 int i;
959 static charerror[80];
960 tripledes_ctxdes3;
961
962 for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
963 {
964 tripledes_set3keys (des3, testdata[i].key,
965 testdata[i].key + 8, testdata[i].key + 16);
966
967 tripledes_ecb_encrypt (des3, testdata[i].plain, result);
968 if (memcmp (testdata[i].cipher, result, 8))
969 {
970 sprintf (error, "Triple-DES SSLeay test pattern no. %d "
971 "failed on encryption.", i+1);
972 return error;
973 }
974
975 tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
976 if (memcmp (testdata[i].plain, result, 8))
977 {
978 sprintf (error, "Triple-DES SSLeay test pattern no. %d "
979 "failed on decryption.", i+1);
980 return error;
981 }
982 }
983 }
984
985 /*
986 * Check the weak key detection. We simply assume that the table
987 * with weak keys is ok and check every key in the table if it is
988 * detected... (This test is a little bit stupid).
989 */
990 {
991 int i;
992 unsigned char *p;
993 gcry_md_hd_t h;
994
995 if (gcry_md_open (&h, GCRY_MD_SHA1, 0))
996 return "SHA1 not available";
997
998 for (i = 0; i < 64; ++i)
999 gcry_md_write (h, weak_keys[i], 8);
1000 p = gcry_md_read (h, GCRY_MD_SHA1);
1001 i = memcmp (p, weak_keys_chksum, 20);
1002 gcry_md_close (h);
1003 if (i)
1004 return "weak key table defect";
1005
1006 for (i = 0; i < 64; ++i)
1007 if (!is_weak_key(weak_keys[i]))
1008 return "DES weak key detection failed";
1009 }
1010
1011 return 0;
1012}
1013
1014
1015static gcry_err_code_t
1016do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
1017{
1018 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1019
1020 if( keylen != 24 )
1021 return GPG_ERR_INV_KEYLEN;
1022
1023 tripledes_set3keys ( ctx, key, key+8, key+16);
1024
1025 if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
1026 {
1027 _gcry_burn_stack (64);
1028 return GPG_ERR_WEAK_KEY;
1029 }
1030 _gcry_burn_stack (64);
1031
1032 return GPG_ERR_NO_ERROR;
1033}
1034
1035
1036static void
1037do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
1038{
1039 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1040
1041 tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
1042 _gcry_burn_stack (32);
1043}
1044
1045static void
1046do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
1047{
1048 struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1049 tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
1050 _gcry_burn_stack (32);
1051}
1052
1053static gcry_err_code_t
1054do_des_setkey (void *context, const byte *key, unsigned keylen)
1055{
1056 struct _des_ctx *ctx = (struct _des_ctx *) context;
1057
1058 if (keylen != 8)
1059 return GPG_ERR_INV_KEYLEN;
1060
1061 des_setkey (ctx, key);
1062
1063 if (is_weak_key (key)) {
1064 _gcry_burn_stack (64);
1065 return GPG_ERR_WEAK_KEY;
1066 }
1067 _gcry_burn_stack (64);
1068
1069 return GPG_ERR_NO_ERROR;
1070}
1071
1072
1073static void
1074do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
1075{
1076 struct _des_ctx *ctx = (struct _des_ctx *) context;
1077
1078 des_ecb_encrypt ( ctx, inbuf, outbuf );
1079 _gcry_burn_stack (32);
1080}
1081
1082static void
1083do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
1084{
1085 struct _des_ctx *ctx = (struct _des_ctx *) context;
1086
1087 des_ecb_decrypt ( ctx, inbuf, outbuf );
1088 _gcry_burn_stack (32);
1089}
1090
1091gcry_cipher_spec_t _gcry_cipher_spec_des =
1092 {
1093 "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
1094 do_des_setkey, do_des_encrypt, do_des_decrypt
1095 };
1096
1097static gcry_cipher_oid_spec_t oids_tripledes[] =
1098 {
1099 { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
1100 /* Teletrust specific OID for 3DES. */
1101 { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
1102 /* pbeWithSHAAnd3_KeyTripleDES_CBC */
1103 { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
1104 { NULL }
1105 };
1106
1107gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
1108 {
1109 "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
1110 do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
1111 };