des_generic.c (7a996d3ab150bb0e1b71fa182f70199a703efdd1) des_generic.c (db36b906fefa5b95039bd418bc354ffc9b141020)
1/*
2 * Cryptographic API.
3 *
4 * DES & Triple DES EDE Cipher Algorithms.
5 *
6 * Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
7 *
8 * This program is free software; you can redistribute it and/or modify

--- 600 unchanged lines hidden (view full) ---

609 * or D_i in bits 7-1 (bit 0 being the least significant).
610 */
611
612#define T1(x) pt[2 * (x) + 0]
613#define T2(x) pt[2 * (x) + 1]
614#define T3(x) pt[2 * (x) + 2]
615#define T4(x) pt[2 * (x) + 3]
616
1/*
2 * Cryptographic API.
3 *
4 * DES & Triple DES EDE Cipher Algorithms.
5 *
6 * Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
7 *
8 * This program is free software; you can redistribute it and/or modify

--- 600 unchanged lines hidden (view full) ---

609 * or D_i in bits 7-1 (bit 0 being the least significant).
610 */
611
612#define T1(x) pt[2 * (x) + 0]
613#define T2(x) pt[2 * (x) + 1]
614#define T3(x) pt[2 * (x) + 2]
615#define T4(x) pt[2 * (x) + 3]
616
617#define PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
617#define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
618
619/*
620 * Encryption key expansion
621 *
622 * RFC2451: Weak key checks SHOULD be performed.
623 *
624 * FIPS 74:
625 *

--- 8 unchanged lines hidden (view full) ---

634 unsigned long a, b, c, d, w;
635 const u32 *pt = pc2;
636
637 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
638 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
639 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
640 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
641
618
619/*
620 * Encryption key expansion
621 *
622 * RFC2451: Weak key checks SHOULD be performed.
623 *
624 * FIPS 74:
625 *

--- 8 unchanged lines hidden (view full) ---

634 unsigned long a, b, c, d, w;
635 const u32 *pt = pc2;
636
637 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
638 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
639 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
640 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
641
642 pe[15 * 2 + 0] = PC2(a, b, c, d); d = rs[d];
643 pe[14 * 2 + 0] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
644 pe[13 * 2 + 0] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
645 pe[12 * 2 + 0] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
646 pe[11 * 2 + 0] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
647 pe[10 * 2 + 0] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
648 pe[ 9 * 2 + 0] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
649 pe[ 8 * 2 + 0] = PC2(d, a, b, c); c = rs[c];
650 pe[ 7 * 2 + 0] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
651 pe[ 6 * 2 + 0] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
652 pe[ 5 * 2 + 0] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
653 pe[ 4 * 2 + 0] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
654 pe[ 3 * 2 + 0] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
655 pe[ 2 * 2 + 0] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
656 pe[ 1 * 2 + 0] = PC2(c, d, a, b); b = rs[b];
657 pe[ 0 * 2 + 0] = PC2(b, c, d, a);
642 pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
643 pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
644 pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
645 pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
646 pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
647 pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
648 pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
649 pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
650 pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
651 pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
652 pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
653 pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
654 pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
655 pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
656 pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
657 pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
658
659 /* Check if first half is weak */
660 w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
661
662 /* Skip to next table set */
663 pt += 512;
664
665 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
666 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
667 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
668 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
669
670 /* Check if second half is weak */
671 w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
672
658
659 /* Check if first half is weak */
660 w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
661
662 /* Skip to next table set */
663 pt += 512;
664
665 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
666 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
667 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
668 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
669
670 /* Check if second half is weak */
671 w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
672
673 pe[15 * 2 + 1] = PC2(a, b, c, d); d = rs[d];
674 pe[14 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
675 pe[13 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
676 pe[12 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
677 pe[11 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
678 pe[10 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
679 pe[ 9 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
680 pe[ 8 * 2 + 1] = PC2(d, a, b, c); c = rs[c];
681 pe[ 7 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
682 pe[ 6 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
683 pe[ 5 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
684 pe[ 4 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
685 pe[ 3 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
686 pe[ 2 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
687 pe[ 1 * 2 + 1] = PC2(c, d, a, b); b = rs[b];
688 pe[ 0 * 2 + 1] = PC2(b, c, d, a);
673 pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
674 pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
675 pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
676 pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
677 pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
678 pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
679 pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
680 pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
681 pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
682 pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
683 pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
684 pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
685 pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
686 pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
687 pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
688 pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
689
690 /* Fixup: 2413 5768 -> 1357 2468 */
691 for (d = 0; d < 16; ++d) {
692 a = pe[2 * d];
693 b = pe[2 * d + 1];
694 c = a ^ b;
695 c &= 0xffff0000;
696 a ^= c;

--- 20 unchanged lines hidden (view full) ---

717 unsigned long a, b, c, d;
718 const u32 *pt = pc2;
719
720 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
721 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
722 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
723 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
724
689
690 /* Fixup: 2413 5768 -> 1357 2468 */
691 for (d = 0; d < 16; ++d) {
692 a = pe[2 * d];
693 b = pe[2 * d + 1];
694 c = a ^ b;
695 c &= 0xffff0000;
696 a ^= c;

--- 20 unchanged lines hidden (view full) ---

717 unsigned long a, b, c, d;
718 const u32 *pt = pc2;
719
720 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
721 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
722 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
723 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
724
725 pe[ 0 * 2] = PC2(a, b, c, d); d = rs[d];
726 pe[ 1 * 2] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
727 pe[ 2 * 2] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
728 pe[ 3 * 2] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
729 pe[ 4 * 2] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
730 pe[ 5 * 2] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
731 pe[ 6 * 2] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
732 pe[ 7 * 2] = PC2(d, a, b, c); c = rs[c];
733 pe[ 8 * 2] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
734 pe[ 9 * 2] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
735 pe[10 * 2] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
736 pe[11 * 2] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
737 pe[12 * 2] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
738 pe[13 * 2] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
739 pe[14 * 2] = PC2(c, d, a, b); b = rs[b];
740 pe[15 * 2] = PC2(b, c, d, a);
725 pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
726 pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
727 pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
728 pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
729 pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
730 pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
731 pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
732 pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
733 pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
734 pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
735 pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
736 pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
737 pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
738 pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
739 pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
740 pe[15 * 2] = DES_PC2(b, c, d, a);
741
742 /* Skip to next table set */
743 pt += 512;
744
745 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
746 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
747 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
748 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
749
741
742 /* Skip to next table set */
743 pt += 512;
744
745 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
746 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
747 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
748 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
749
750 pe[ 0 * 2 + 1] = PC2(a, b, c, d); d = rs[d];
751 pe[ 1 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
752 pe[ 2 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
753 pe[ 3 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
754 pe[ 4 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
755 pe[ 5 * 2 + 1] = PC2(d, a, b, c); c = rs[c]; b = rs[b];
756 pe[ 6 * 2 + 1] = PC2(b, c, d, a); a = rs[a]; d = rs[d];
757 pe[ 7 * 2 + 1] = PC2(d, a, b, c); c = rs[c];
758 pe[ 8 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
759 pe[ 9 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
760 pe[10 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
761 pe[11 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
762 pe[12 * 2 + 1] = PC2(c, d, a, b); b = rs[b]; a = rs[a];
763 pe[13 * 2 + 1] = PC2(a, b, c, d); d = rs[d]; c = rs[c];
764 pe[14 * 2 + 1] = PC2(c, d, a, b); b = rs[b];
765 pe[15 * 2 + 1] = PC2(b, c, d, a);
750 pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
751 pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
752 pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
753 pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
754 pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
755 pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
756 pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
757 pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
758 pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
759 pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
760 pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
761 pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
762 pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
763 pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
764 pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
765 pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
766
767 /* Fixup: 2413 5768 -> 1357 2468 */
768 for (d = 0; d < 16; ++d) {
769 a = pe[2 * d];
770 b = pe[2 * d + 1];
771 c = a ^ b;
772 c &= 0xffff0000;
773 a ^= c;

--- 234 unchanged lines hidden ---
766
767 /* Fixup: 2413 5768 -> 1357 2468 */
768 for (d = 0; d < 16; ++d) {
769 a = pe[2 * d];
770 b = pe[2 * d + 1];
771 c = a ^ b;
772 c &= 0xffff0000;
773 a ^= c;

--- 234 unchanged lines hidden ---