Line data Source code
1 : /* des.c - DES and Triple-DES encryption/decryption Algorithm
2 : * Copyright (C) 1998, 1999, 2001, 2002, 2003,
3 : * 2008 Free Software Foundation, Inc.
4 : *
5 : * This file is part of Libgcrypt.
6 : *
7 : * Libgcrypt is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU Lesser general Public License as
9 : * published by the Free Software Foundation; either version 2.1 of
10 : * the License, or (at your option) any later version.
11 : *
12 : * Libgcrypt is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU Lesser General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU Lesser General Public
18 : * License along with this program; if not, write to the Free Software
19 : * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 : *
21 : * For a description of triple encryption, see:
22 : * Bruce Schneier: Applied Cryptography. Second Edition.
23 : * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
24 : * This implementation is according to the definition of DES in FIPS
25 : * PUB 46-2 from December 1993.
26 : */
27 :
28 :
29 : /*
30 : * Written by Michael Roth <mroth@nessie.de>, September 1998
31 : */
32 :
33 :
34 : /*
35 : * U S A G E
36 : * ===========
37 : *
38 : * For DES or Triple-DES encryption/decryption you must initialize a proper
39 : * encryption context with a key.
40 : *
41 : * A DES key is 64bit wide but only 56bits of the key are used. The remaining
42 : * bits are parity bits and they will _not_ checked in this implementation, but
43 : * simply ignored.
44 : *
45 : * For Triple-DES you could use either two 64bit keys or three 64bit keys.
46 : * The parity bits will _not_ checked, too.
47 : *
48 : * After initializing a context with a key you could use this context to
49 : * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
50 : *
51 : * (In the examples below the slashes at the beginning and ending of comments
52 : * are omitted.)
53 : *
54 : * DES Example
55 : * -----------
56 : * unsigned char key[8];
57 : * unsigned char plaintext[8];
58 : * unsigned char ciphertext[8];
59 : * unsigned char recoverd[8];
60 : * des_ctx context;
61 : *
62 : * * Fill 'key' and 'plaintext' with some data *
63 : * ....
64 : *
65 : * * Set up the DES encryption context *
66 : * des_setkey(context, key);
67 : *
68 : * * Encrypt the plaintext *
69 : * des_ecb_encrypt(context, plaintext, ciphertext);
70 : *
71 : * * To recover the original plaintext from ciphertext use: *
72 : * des_ecb_decrypt(context, ciphertext, recoverd);
73 : *
74 : *
75 : * Triple-DES Example
76 : * ------------------
77 : * unsigned char key1[8];
78 : * unsigned char key2[8];
79 : * unsigned char key3[8];
80 : * unsigned char plaintext[8];
81 : * unsigned char ciphertext[8];
82 : * unsigned char recoverd[8];
83 : * tripledes_ctx context;
84 : *
85 : * * If you would like to use two 64bit keys, fill 'key1' and'key2'
86 : * then setup the encryption context: *
87 : * tripledes_set2keys(context, key1, key2);
88 : *
89 : * * To use three 64bit keys with Triple-DES use: *
90 : * tripledes_set3keys(context, key1, key2, key3);
91 : *
92 : * * Encrypting plaintext with Triple-DES *
93 : * tripledes_ecb_encrypt(context, plaintext, ciphertext);
94 : *
95 : * * Decrypting ciphertext to recover the plaintext with Triple-DES *
96 : * tripledes_ecb_decrypt(context, ciphertext, recoverd);
97 : *
98 : *
99 : * Selftest
100 : * --------
101 : * char *error_msg;
102 : *
103 : * * To perform a selftest of this DES/Triple-DES implementation use the
104 : * function selftest(). It will return an error string if there are
105 : * some problems with this library. *
106 : *
107 : * if ( (error_msg = selftest()) )
108 : * {
109 : * fprintf(stderr, "An error in the DES/Triple-DES implementation occurred: %s\n", error_msg);
110 : * abort();
111 : * }
112 : */
113 :
114 :
115 : #include <config.h>
116 : #include <stdio.h>
117 : #include <string.h> /* memcpy, memcmp */
118 : #include "types.h" /* for byte and u32 typedefs */
119 : #include "g10lib.h"
120 : #include "cipher.h"
121 : #include "bufhelp.h"
122 : #include "cipher-selftest.h"
123 :
124 :
125 : #define DES_BLOCKSIZE 8
126 :
127 :
128 : /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */
129 : #undef USE_AMD64_ASM
130 : #if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
131 : defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
132 : # define USE_AMD64_ASM 1
133 : #endif
134 :
135 : /* Helper macro to force alignment to 16 bytes. */
136 : #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
137 : # define ATTR_ALIGNED_16 __attribute__ ((aligned (16)))
138 : #else
139 : # define ATTR_ALIGNED_16
140 : #endif
141 :
142 : #if defined(__GNUC__) && defined(__GNU_LIBRARY__)
143 : # define working_memcmp memcmp
144 : #else
145 : /*
146 : * According to the SunOS man page, memcmp returns indeterminate sign
147 : * depending on whether characters are signed or not.
148 : */
149 : static int
150 : working_memcmp( const void *_a, const void *_b, size_t n )
151 : {
152 : const char *a = _a;
153 : const char *b = _b;
154 : for( ; n; n--, a++, b++ )
155 : if( *a != *b )
156 : return (int)(*(byte*)a) - (int)(*(byte*)b);
157 : return 0;
158 : }
159 : #endif
160 :
161 : /*
162 : * Encryption/Decryption context of DES
163 : */
164 : typedef struct _des_ctx
165 : {
166 : u32 encrypt_subkeys[32];
167 : u32 decrypt_subkeys[32];
168 : }
169 : des_ctx[1];
170 :
171 : /*
172 : * Encryption/Decryption context of Triple-DES
173 : */
174 : typedef struct _tripledes_ctx
175 : {
176 : u32 encrypt_subkeys[96];
177 : u32 decrypt_subkeys[96];
178 : struct {
179 : int no_weak_key;
180 : } flags;
181 : }
182 : tripledes_ctx[1];
183 :
184 : static void des_key_schedule (const byte *, u32 *);
185 : static int des_setkey (struct _des_ctx *, const byte *);
186 : static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
187 : static int tripledes_set2keys (struct _tripledes_ctx *,
188 : const byte *, const byte *);
189 : static int tripledes_set3keys (struct _tripledes_ctx *,
190 : const byte *, const byte *, const byte *);
191 : static int tripledes_ecb_crypt (struct _tripledes_ctx *,
192 : const byte *, byte *, int);
193 : static int is_weak_key ( const byte *key );
194 : static const char *selftest (void);
195 : static unsigned int do_tripledes_encrypt(void *context, byte *outbuf,
196 : const byte *inbuf );
197 : static unsigned int do_tripledes_decrypt(void *context, byte *outbuf,
198 : const byte *inbuf );
199 : static gcry_err_code_t do_tripledes_setkey(void *context, const byte *key,
200 : unsigned keylen);
201 :
202 : static int initialized;
203 :
204 :
205 :
206 :
207 : /*
208 : * The s-box values are permuted according to the 'primitive function P'
209 : * and are rotated one bit to the left.
210 : */
211 : static u32 sbox1[64] =
212 : {
213 : 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
214 : 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
215 : 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
216 : 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
217 : 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
218 : 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
219 : 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
220 : 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
221 : };
222 :
223 : static u32 sbox2[64] =
224 : {
225 : 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
226 : 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
227 : 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
228 : 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
229 : 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
230 : 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
231 : 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
232 : 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
233 : };
234 :
235 : static u32 sbox3[64] =
236 : {
237 : 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
238 : 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
239 : 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
240 : 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
241 : 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
242 : 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
243 : 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
244 : 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
245 : };
246 :
247 : static u32 sbox4[64] =
248 : {
249 : 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
250 : 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
251 : 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
252 : 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
253 : 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
254 : 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
255 : 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
256 : 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
257 : };
258 :
259 : static u32 sbox5[64] =
260 : {
261 : 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
262 : 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
263 : 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
264 : 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
265 : 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
266 : 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
267 : 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
268 : 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
269 : };
270 :
271 : static u32 sbox6[64] =
272 : {
273 : 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
274 : 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
275 : 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
276 : 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
277 : 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
278 : 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
279 : 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
280 : 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
281 : };
282 :
283 : static u32 sbox7[64] =
284 : {
285 : 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
286 : 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
287 : 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
288 : 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
289 : 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
290 : 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
291 : 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
292 : 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
293 : };
294 :
295 : static u32 sbox8[64] =
296 : {
297 : 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
298 : 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
299 : 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
300 : 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
301 : 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
302 : 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
303 : 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
304 : 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
305 : };
306 :
307 :
308 : /*
309 : * These two tables are part of the 'permuted choice 1' function.
310 : * In this implementation several speed improvements are done.
311 : */
312 : static u32 leftkey_swap[16] =
313 : {
314 : 0x00000000, 0x00000001, 0x00000100, 0x00000101,
315 : 0x00010000, 0x00010001, 0x00010100, 0x00010101,
316 : 0x01000000, 0x01000001, 0x01000100, 0x01000101,
317 : 0x01010000, 0x01010001, 0x01010100, 0x01010101
318 : };
319 :
320 : static u32 rightkey_swap[16] =
321 : {
322 : 0x00000000, 0x01000000, 0x00010000, 0x01010000,
323 : 0x00000100, 0x01000100, 0x00010100, 0x01010100,
324 : 0x00000001, 0x01000001, 0x00010001, 0x01010001,
325 : 0x00000101, 0x01000101, 0x00010101, 0x01010101,
326 : };
327 :
328 :
329 :
330 : /*
331 : * Numbers of left shifts per round for encryption subkeys.
332 : * To calculate the decryption subkeys we just reverse the
333 : * ordering of the calculated encryption subkeys. So their
334 : * is no need for a decryption rotate tab.
335 : */
336 : static byte encrypt_rotate_tab[16] =
337 : {
338 : 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
339 : };
340 :
341 :
342 :
343 : /*
344 : * Table with weak DES keys sorted in ascending order.
345 : * In DES their are 64 known keys which are weak. They are weak
346 : * because they produce only one, two or four different
347 : * subkeys in the subkey scheduling process.
348 : * The keys in this table have all their parity bits cleared.
349 : */
350 : static byte weak_keys[64][8] =
351 : {
352 : { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
353 : { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
354 : { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
355 : { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
356 : { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
357 : { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
358 : { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
359 : { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
360 : { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
361 : { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
362 : { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
363 : { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
364 : { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
365 : { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
366 : { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
367 : { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
368 : { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
369 : { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
370 : { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
371 : { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
372 : { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
373 : { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
374 : { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
375 : { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
376 : { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
377 : { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
378 : { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
379 : { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
380 : { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
381 : { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
382 : { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
383 : { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
384 : { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
385 : { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
386 : { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
387 : { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
388 : { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
389 : { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
390 : { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
391 : { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
392 : { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
393 : { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
394 : { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
395 : { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
396 : { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
397 : { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
398 : { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
399 : { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
400 : { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
401 : { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
402 : { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
403 : { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
404 : { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
405 : { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
406 : { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
407 : { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
408 : { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
409 : { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
410 : { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
411 : { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
412 : { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
413 : { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
414 : { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
415 : { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
416 : };
417 : static unsigned char weak_keys_chksum[20] = {
418 : 0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
419 : 0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
420 : };
421 :
422 :
423 :
424 : /*
425 : * Macro to swap bits across two words.
426 : */
427 : #define DO_PERMUTATION(a, temp, b, offset, mask) \
428 : temp = ((a>>offset) ^ b) & mask; \
429 : b ^= temp; \
430 : a ^= temp<<offset;
431 :
432 :
433 : /*
434 : * This performs the 'initial permutation' of the data to be encrypted
435 : * or decrypted. Additionally the resulting two words are rotated one bit
436 : * to the left.
437 : */
438 : #define INITIAL_PERMUTATION(left, temp, right) \
439 : DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
440 : DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
441 : DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
442 : DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
443 : right = (right << 1) | (right >> 31); \
444 : temp = (left ^ right) & 0xaaaaaaaa; \
445 : right ^= temp; \
446 : left ^= temp; \
447 : left = (left << 1) | (left >> 31);
448 :
449 : /*
450 : * The 'inverse initial permutation'.
451 : */
452 : #define FINAL_PERMUTATION(left, temp, right) \
453 : left = (left << 31) | (left >> 1); \
454 : temp = (left ^ right) & 0xaaaaaaaa; \
455 : left ^= temp; \
456 : right ^= temp; \
457 : right = (right << 31) | (right >> 1); \
458 : DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
459 : DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
460 : DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
461 : DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
462 :
463 :
464 : /*
465 : * A full DES round including 'expansion function', 'sbox substitution'
466 : * and 'primitive function P' but without swapping the left and right word.
467 : * Please note: The data in 'from' and 'to' is already rotated one bit to
468 : * the left, done in the initial permutation.
469 : */
470 : #define DES_ROUND(from, to, work, subkey) \
471 : work = from ^ *subkey++; \
472 : to ^= sbox8[ work & 0x3f ]; \
473 : to ^= sbox6[ (work>>8) & 0x3f ]; \
474 : to ^= sbox4[ (work>>16) & 0x3f ]; \
475 : to ^= sbox2[ (work>>24) & 0x3f ]; \
476 : work = ((from << 28) | (from >> 4)) ^ *subkey++; \
477 : to ^= sbox7[ work & 0x3f ]; \
478 : to ^= sbox5[ (work>>8) & 0x3f ]; \
479 : to ^= sbox3[ (work>>16) & 0x3f ]; \
480 : to ^= sbox1[ (work>>24) & 0x3f ];
481 :
482 : /*
483 : * Macros to convert 8 bytes from/to 32bit words.
484 : */
485 : #define READ_64BIT_DATA(data, left, right) \
486 : left = buf_get_be32(data + 0); \
487 : right = buf_get_be32(data + 4);
488 :
489 : #define WRITE_64BIT_DATA(data, left, right) \
490 : buf_put_be32(data + 0, left); \
491 : buf_put_be32(data + 4, right);
492 :
493 : /*
494 : * Handy macros for encryption and decryption of data
495 : */
496 : #define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
497 : #define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
498 : #define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
499 : #define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
500 :
501 :
502 :
503 :
504 :
505 :
506 : /*
507 : * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
508 : * 16 encryption rounds.
509 : * To calculate subkeys for decryption the caller
510 : * have to reorder the generated subkeys.
511 : *
512 : * rawkey: 8 Bytes of key data
513 : * subkey: Array of at least 32 u32s. Will be filled
514 : * with calculated subkeys.
515 : *
516 : */
517 : static void
518 2598 : des_key_schedule (const byte * rawkey, u32 * subkey)
519 : {
520 : u32 left, right, work;
521 : int round;
522 :
523 2598 : READ_64BIT_DATA (rawkey, left, right)
524 :
525 2598 : DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
526 2598 : DO_PERMUTATION (right, work, left, 0, 0x10101010)
527 :
528 5196 : left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
529 2598 : | (leftkey_swap[(left >> 8) & 0xf] << 2)
530 2598 : | (leftkey_swap[(left >> 16) & 0xf] << 1)
531 2598 : | (leftkey_swap[(left >> 24) & 0xf])
532 2598 : | (leftkey_swap[(left >> 5) & 0xf] << 7)
533 2598 : | (leftkey_swap[(left >> 13) & 0xf] << 6)
534 2598 : | (leftkey_swap[(left >> 21) & 0xf] << 5)
535 2598 : | (leftkey_swap[(left >> 29) & 0xf] << 4));
536 :
537 2598 : left &= 0x0fffffff;
538 :
539 5196 : right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
540 2598 : | (rightkey_swap[(right >> 9) & 0xf] << 2)
541 2598 : | (rightkey_swap[(right >> 17) & 0xf] << 1)
542 2598 : | (rightkey_swap[(right >> 25) & 0xf])
543 2598 : | (rightkey_swap[(right >> 4) & 0xf] << 7)
544 2598 : | (rightkey_swap[(right >> 12) & 0xf] << 6)
545 2598 : | (rightkey_swap[(right >> 20) & 0xf] << 5)
546 2598 : | (rightkey_swap[(right >> 28) & 0xf] << 4));
547 :
548 2598 : right &= 0x0fffffff;
549 :
550 44166 : for (round = 0; round < 16; ++round)
551 : {
552 83136 : left = ((left << encrypt_rotate_tab[round])
553 41568 : | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
554 83136 : right = ((right << encrypt_rotate_tab[round])
555 41568 : | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
556 :
557 83136 : *subkey++ = (((left << 4) & 0x24000000)
558 41568 : | ((left << 28) & 0x10000000)
559 41568 : | ((left << 14) & 0x08000000)
560 41568 : | ((left << 18) & 0x02080000)
561 41568 : | ((left << 6) & 0x01000000)
562 41568 : | ((left << 9) & 0x00200000)
563 41568 : | ((left >> 1) & 0x00100000)
564 41568 : | ((left << 10) & 0x00040000)
565 41568 : | ((left << 2) & 0x00020000)
566 41568 : | ((left >> 10) & 0x00010000)
567 41568 : | ((right >> 13) & 0x00002000)
568 41568 : | ((right >> 4) & 0x00001000)
569 41568 : | ((right << 6) & 0x00000800)
570 41568 : | ((right >> 1) & 0x00000400)
571 41568 : | ((right >> 14) & 0x00000200)
572 41568 : | (right & 0x00000100)
573 41568 : | ((right >> 5) & 0x00000020)
574 41568 : | ((right >> 10) & 0x00000010)
575 41568 : | ((right >> 3) & 0x00000008)
576 41568 : | ((right >> 18) & 0x00000004)
577 41568 : | ((right >> 26) & 0x00000002)
578 41568 : | ((right >> 24) & 0x00000001));
579 :
580 83136 : *subkey++ = (((left << 15) & 0x20000000)
581 41568 : | ((left << 17) & 0x10000000)
582 41568 : | ((left << 10) & 0x08000000)
583 41568 : | ((left << 22) & 0x04000000)
584 41568 : | ((left >> 2) & 0x02000000)
585 41568 : | ((left << 1) & 0x01000000)
586 41568 : | ((left << 16) & 0x00200000)
587 41568 : | ((left << 11) & 0x00100000)
588 41568 : | ((left << 3) & 0x00080000)
589 41568 : | ((left >> 6) & 0x00040000)
590 41568 : | ((left << 15) & 0x00020000)
591 41568 : | ((left >> 4) & 0x00010000)
592 41568 : | ((right >> 2) & 0x00002000)
593 41568 : | ((right << 8) & 0x00001000)
594 41568 : | ((right >> 14) & 0x00000808)
595 41568 : | ((right >> 9) & 0x00000400)
596 41568 : | ((right) & 0x00000200)
597 41568 : | ((right << 7) & 0x00000100)
598 41568 : | ((right >> 7) & 0x00000020)
599 41568 : | ((right >> 3) & 0x00000011)
600 41568 : | ((right << 2) & 0x00000004)
601 41568 : | ((right >> 21) & 0x00000002));
602 : }
603 2598 : }
604 :
605 :
606 : /*
607 : * Fill a DES context with subkeys calculated from a 64bit key.
608 : * Does not check parity bits, but simply ignore them.
609 : * Does not check for weak keys.
610 : */
611 : static int
612 1014 : des_setkey (struct _des_ctx *ctx, const byte * key)
613 : {
614 : static const char *selftest_failed;
615 : int i;
616 :
617 1014 : if (!fips_mode () && !initialized)
618 : {
619 2 : initialized = 1;
620 2 : selftest_failed = selftest ();
621 :
622 2 : if (selftest_failed)
623 0 : log_error ("%s\n", selftest_failed);
624 : }
625 1014 : if (selftest_failed)
626 0 : return GPG_ERR_SELFTEST_FAILED;
627 :
628 1014 : des_key_schedule (key, ctx->encrypt_subkeys);
629 1014 : _gcry_burn_stack (32);
630 :
631 17238 : for(i=0; i<32; i+=2)
632 : {
633 16224 : ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
634 16224 : ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
635 : }
636 :
637 1014 : return 0;
638 : }
639 :
640 :
641 :
642 : /*
643 : * Electronic Codebook Mode DES encryption/decryption of data according
644 : * to 'mode'.
645 : */
646 : static int
647 3592508 : des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
648 : {
649 : u32 left, right, work;
650 : u32 *keys;
651 :
652 3592508 : keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
653 :
654 3592508 : READ_64BIT_DATA (from, left, right)
655 3592508 : INITIAL_PERMUTATION (left, work, right)
656 :
657 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
658 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
659 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
660 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
661 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
662 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
663 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
664 3592508 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
665 :
666 3592508 : FINAL_PERMUTATION (right, work, left)
667 3592508 : WRITE_64BIT_DATA (to, right, left)
668 :
669 3592508 : return 0;
670 : }
671 :
672 :
673 :
674 : /*
675 : * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
676 : * Does not check the parity bits of the keys, but simply ignore them.
677 : * Does not check for weak keys.
678 : */
679 : static int
680 96 : tripledes_set2keys (struct _tripledes_ctx *ctx,
681 : const byte * key1,
682 : const byte * key2)
683 : {
684 : int i;
685 :
686 96 : des_key_schedule (key1, ctx->encrypt_subkeys);
687 96 : des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
688 96 : _gcry_burn_stack (32);
689 :
690 1632 : for(i=0; i<32; i+=2)
691 : {
692 1536 : ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
693 1536 : ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
694 :
695 1536 : ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
696 1536 : ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
697 :
698 1536 : ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
699 1536 : ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
700 :
701 1536 : ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
702 1536 : ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
703 : }
704 :
705 96 : return 0;
706 : }
707 :
708 :
709 :
710 : /*
711 : * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
712 : * Does not check the parity bits of the keys, but simply ignore them.
713 : * Does not check for weak keys.
714 : */
715 : static int
716 464 : tripledes_set3keys (struct _tripledes_ctx *ctx,
717 : const byte * key1,
718 : const byte * key2,
719 : const byte * key3)
720 : {
721 : static const char *selftest_failed;
722 : int i;
723 :
724 464 : if (!fips_mode () && !initialized)
725 : {
726 2 : initialized = 1;
727 2 : selftest_failed = selftest ();
728 :
729 2 : if (selftest_failed)
730 0 : log_error ("%s\n", selftest_failed);
731 : }
732 464 : if (selftest_failed)
733 0 : return GPG_ERR_SELFTEST_FAILED;
734 :
735 464 : des_key_schedule (key1, ctx->encrypt_subkeys);
736 464 : des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
737 464 : des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
738 464 : _gcry_burn_stack (32);
739 :
740 7888 : for(i=0; i<32; i+=2)
741 : {
742 7424 : ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
743 7424 : ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
744 :
745 7424 : ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
746 7424 : ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
747 :
748 7424 : ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
749 7424 : ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
750 : }
751 :
752 464 : return 0;
753 : }
754 :
755 :
756 :
757 : #ifdef USE_AMD64_ASM
758 :
759 : /* Assembly implementation of triple-DES. */
760 : extern void _gcry_3des_amd64_crypt_block(const void *keys, byte *out,
761 : const byte *in);
762 :
763 : /* These assembly implementations process three blocks in parallel. */
764 : extern void _gcry_3des_amd64_ctr_enc(const void *keys, byte *out,
765 : const byte *in, byte *ctr);
766 :
767 : extern void _gcry_3des_amd64_cbc_dec(const void *keys, byte *out,
768 : const byte *in, byte *iv);
769 :
770 : extern void _gcry_3des_amd64_cfb_dec(const void *keys, byte *out,
771 : const byte *in, byte *iv);
772 :
773 : #define TRIPLEDES_ECB_BURN_STACK (8 * sizeof(void *))
774 :
775 : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
776 : static inline void
777 : call_sysv_fn (const void *fn, const void *arg1, const void *arg2,
778 : const void *arg3, const void *arg4)
779 : {
780 : /* Call SystemV ABI function without storing non-volatile XMM registers,
781 : * as target function does not use vector instruction sets. */
782 : asm volatile ("callq *%0\n\t"
783 : : "+a" (fn),
784 : "+D" (arg1),
785 : "+S" (arg2),
786 : "+d" (arg3),
787 : "+c" (arg4)
788 : :
789 : : "cc", "memory", "r8", "r9", "r10", "r11");
790 : }
791 : #endif
792 :
793 : /*
794 : * Electronic Codebook Mode Triple-DES encryption/decryption of data
795 : * according to 'mode'. Sometimes this mode is named 'EDE' mode
796 : * (Encryption-Decryption-Encryption).
797 : */
798 : static inline int
799 3402646 : tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
800 : byte * to, int mode)
801 : {
802 : u32 *keys;
803 :
804 3402646 : keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
805 :
806 : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
807 : call_sysv_fn (_gcry_3des_amd64_crypt_block, keys, to, from, NULL);
808 : #else
809 3402646 : _gcry_3des_amd64_crypt_block(keys, to, from);
810 : #endif
811 :
812 3402646 : return 0;
813 : }
814 :
815 : static inline void
816 228158 : tripledes_amd64_ctr_enc(const void *keys, byte *out, const byte *in, byte *ctr)
817 : {
818 : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
819 : call_sysv_fn (_gcry_3des_amd64_ctr_enc, keys, out, in, ctr);
820 : #else
821 228158 : _gcry_3des_amd64_ctr_enc(keys, out, in, ctr);
822 : #endif
823 228158 : }
824 :
825 : static inline void
826 141846 : tripledes_amd64_cbc_dec(const void *keys, byte *out, const byte *in, byte *iv)
827 : {
828 : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
829 : call_sysv_fn (_gcry_3des_amd64_cbc_dec, keys, out, in, iv);
830 : #else
831 141846 : _gcry_3des_amd64_cbc_dec(keys, out, in, iv);
832 : #endif
833 141846 : }
834 :
835 : static inline void
836 125334 : tripledes_amd64_cfb_dec(const void *keys, byte *out, const byte *in, byte *iv)
837 : {
838 : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
839 : call_sysv_fn (_gcry_3des_amd64_cfb_dec, keys, out, in, iv);
840 : #else
841 125334 : _gcry_3des_amd64_cfb_dec(keys, out, in, iv);
842 : #endif
843 125334 : }
844 :
845 : #else /*USE_AMD64_ASM*/
846 :
847 : #define TRIPLEDES_ECB_BURN_STACK 32
848 :
849 : /*
850 : * Electronic Codebook Mode Triple-DES encryption/decryption of data
851 : * according to 'mode'. Sometimes this mode is named 'EDE' mode
852 : * (Encryption-Decryption-Encryption).
853 : */
854 : static int
855 : tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
856 : byte * to, int mode)
857 : {
858 : u32 left, right, work;
859 : u32 *keys;
860 :
861 : keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
862 :
863 : READ_64BIT_DATA (from, left, right)
864 : INITIAL_PERMUTATION (left, work, right)
865 :
866 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
867 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
868 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
869 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
870 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
871 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
872 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
873 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
874 :
875 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
876 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
877 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
878 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
879 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
880 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
881 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
882 : DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
883 :
884 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
885 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
886 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
887 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
888 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
889 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
890 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
891 : DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
892 :
893 : FINAL_PERMUTATION (right, work, left)
894 : WRITE_64BIT_DATA (to, right, left)
895 :
896 : return 0;
897 : }
898 :
899 : #endif /*!USE_AMD64_ASM*/
900 :
901 :
902 :
903 : /* Bulk encryption of complete blocks in CTR mode. This function is only
904 : intended for the bulk encryption feature of cipher.c. CTR is expected to be
905 : of size DES_BLOCKSIZE. */
906 : void
907 4578 : _gcry_3des_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg,
908 : const void *inbuf_arg, size_t nblocks)
909 : {
910 4578 : struct _tripledes_ctx *ctx = context;
911 4578 : unsigned char *outbuf = outbuf_arg;
912 4578 : const unsigned char *inbuf = inbuf_arg;
913 : unsigned char tmpbuf[DES_BLOCKSIZE];
914 4578 : int burn_stack_depth = TRIPLEDES_ECB_BURN_STACK;
915 : int i;
916 :
917 : #ifdef USE_AMD64_ASM
918 : {
919 4578 : int asm_burn_depth = 9 * sizeof(void *);
920 :
921 4578 : if (nblocks >= 3 && burn_stack_depth < asm_burn_depth)
922 4334 : burn_stack_depth = asm_burn_depth;
923 :
924 : /* Process data in 3 block chunks. */
925 237314 : while (nblocks >= 3)
926 : {
927 228158 : tripledes_amd64_ctr_enc(ctx->encrypt_subkeys, outbuf, inbuf, ctr);
928 :
929 228158 : nblocks -= 3;
930 228158 : outbuf += 3 * DES_BLOCKSIZE;
931 228158 : inbuf += 3 * DES_BLOCKSIZE;
932 : }
933 :
934 : /* Use generic code to handle smaller chunks... */
935 : }
936 : #endif
937 :
938 11138 : for ( ;nblocks; nblocks-- )
939 : {
940 : /* Encrypt the counter. */
941 6560 : tripledes_ecb_encrypt (ctx, ctr, tmpbuf);
942 : /* XOR the input with the encrypted counter and store in output. */
943 6560 : buf_xor(outbuf, tmpbuf, inbuf, DES_BLOCKSIZE);
944 6560 : outbuf += DES_BLOCKSIZE;
945 6560 : inbuf += DES_BLOCKSIZE;
946 : /* Increment the counter. */
947 7646 : for (i = DES_BLOCKSIZE; i > 0; i--)
948 : {
949 7640 : ctr[i-1]++;
950 7640 : if (ctr[i-1])
951 6554 : break;
952 : }
953 : }
954 :
955 4578 : wipememory(tmpbuf, sizeof(tmpbuf));
956 4578 : _gcry_burn_stack(burn_stack_depth);
957 4578 : }
958 :
959 :
960 : /* Bulk decryption of complete blocks in CBC mode. This function is only
961 : intended for the bulk encryption feature of cipher.c. */
962 : void
963 2828 : _gcry_3des_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg,
964 : const void *inbuf_arg, size_t nblocks)
965 : {
966 2828 : struct _tripledes_ctx *ctx = context;
967 2828 : unsigned char *outbuf = outbuf_arg;
968 2828 : const unsigned char *inbuf = inbuf_arg;
969 : unsigned char savebuf[DES_BLOCKSIZE];
970 2828 : int burn_stack_depth = TRIPLEDES_ECB_BURN_STACK;
971 :
972 : #ifdef USE_AMD64_ASM
973 : {
974 2828 : int asm_burn_depth = 10 * sizeof(void *);
975 :
976 2828 : if (nblocks >= 3 && burn_stack_depth < asm_burn_depth)
977 2606 : burn_stack_depth = asm_burn_depth;
978 :
979 : /* Process data in 3 block chunks. */
980 147502 : while (nblocks >= 3)
981 : {
982 141846 : tripledes_amd64_cbc_dec(ctx->decrypt_subkeys, outbuf, inbuf, iv);
983 :
984 141846 : nblocks -= 3;
985 141846 : outbuf += 3 * DES_BLOCKSIZE;
986 141846 : inbuf += 3 * DES_BLOCKSIZE;
987 : }
988 :
989 : /* Use generic code to handle smaller chunks... */
990 : }
991 : #endif
992 :
993 6814 : for ( ;nblocks; nblocks-- )
994 : {
995 : /* INBUF is needed later and it may be identical to OUTBUF, so store
996 : the intermediate result to SAVEBUF. */
997 3986 : tripledes_ecb_decrypt (ctx, inbuf, savebuf);
998 :
999 3986 : buf_xor_n_copy_2(outbuf, savebuf, iv, inbuf, DES_BLOCKSIZE);
1000 3986 : inbuf += DES_BLOCKSIZE;
1001 3986 : outbuf += DES_BLOCKSIZE;
1002 : }
1003 :
1004 2828 : wipememory(savebuf, sizeof(savebuf));
1005 2828 : _gcry_burn_stack(burn_stack_depth);
1006 2828 : }
1007 :
1008 :
1009 : /* Bulk decryption of complete blocks in CFB mode. This function is only
1010 : intended for the bulk encryption feature of cipher.c. */
1011 : void
1012 2490 : _gcry_3des_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg,
1013 : const void *inbuf_arg, size_t nblocks)
1014 : {
1015 2490 : struct _tripledes_ctx *ctx = context;
1016 2490 : unsigned char *outbuf = outbuf_arg;
1017 2490 : const unsigned char *inbuf = inbuf_arg;
1018 2490 : int burn_stack_depth = TRIPLEDES_ECB_BURN_STACK;
1019 :
1020 : #ifdef USE_AMD64_ASM
1021 : {
1022 2490 : int asm_burn_depth = 9 * sizeof(void *);
1023 :
1024 2490 : if (nblocks >= 3 && burn_stack_depth < asm_burn_depth)
1025 2350 : burn_stack_depth = asm_burn_depth;
1026 :
1027 : /* Process data in 3 block chunks. */
1028 130314 : while (nblocks >= 3)
1029 : {
1030 125334 : tripledes_amd64_cfb_dec(ctx->encrypt_subkeys, outbuf, inbuf, iv);
1031 :
1032 125334 : nblocks -= 3;
1033 125334 : outbuf += 3 * DES_BLOCKSIZE;
1034 125334 : inbuf += 3 * DES_BLOCKSIZE;
1035 : }
1036 :
1037 : /* Use generic code to handle smaller chunks... */
1038 : }
1039 : #endif
1040 :
1041 5992 : for ( ;nblocks; nblocks-- )
1042 : {
1043 3502 : tripledes_ecb_encrypt (ctx, iv, iv);
1044 3502 : buf_xor_n_copy(outbuf, iv, inbuf, DES_BLOCKSIZE);
1045 3502 : outbuf += DES_BLOCKSIZE;
1046 3502 : inbuf += DES_BLOCKSIZE;
1047 : }
1048 :
1049 2490 : _gcry_burn_stack(burn_stack_depth);
1050 2490 : }
1051 :
1052 :
1053 : /*
1054 : * Check whether the 8 byte key is weak.
1055 : * Does not check the parity bits of the key but simple ignore them.
1056 : */
1057 : static int
1058 1554 : is_weak_key ( const byte *key )
1059 : {
1060 : byte work[8];
1061 : int i, left, right, middle, cmp_result;
1062 :
1063 : /* clear parity bits */
1064 13986 : for(i=0; i<8; ++i)
1065 12432 : work[i] = key[i] & 0xfe;
1066 :
1067 : /* binary search in the weak key table */
1068 1554 : left = 0;
1069 1554 : right = 63;
1070 11712 : while(left <= right)
1071 : {
1072 8988 : middle = (left + right) / 2;
1073 :
1074 8988 : if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
1075 384 : return -1;
1076 :
1077 8604 : if ( cmp_result > 0 )
1078 1996 : left = middle + 1;
1079 : else
1080 6608 : right = middle - 1;
1081 : }
1082 :
1083 1170 : return 0;
1084 : }
1085 :
1086 :
1087 : /* Alternative setkey for selftests; need larger key than default. */
1088 : static gcry_err_code_t
1089 18 : bulk_selftest_setkey (void *context, const byte *__key, unsigned __keylen)
1090 : {
1091 : static const unsigned char key[24] ATTR_ALIGNED_16 = {
1092 : 0x66,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
1093 : 0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x22,
1094 : 0x18,0x2A,0x39,0x47,0x5E,0x6F,0x75,0x82
1095 : };
1096 :
1097 : (void)__key;
1098 : (void)__keylen;
1099 :
1100 18 : return do_tripledes_setkey(context, key, sizeof(key));
1101 : }
1102 :
1103 :
1104 : /* Run the self-tests for DES-CTR, tests IV increment of bulk CTR
1105 : encryption. Returns NULL on success. */
1106 : static const char *
1107 6 : selftest_ctr (void)
1108 : {
1109 6 : const int nblocks = 3+1;
1110 6 : const int blocksize = DES_BLOCKSIZE;
1111 6 : const int context_size = sizeof(struct _tripledes_ctx);
1112 :
1113 6 : return _gcry_selftest_helper_ctr("3DES", &bulk_selftest_setkey,
1114 : &do_tripledes_encrypt, &_gcry_3des_ctr_enc, nblocks, blocksize,
1115 : context_size);
1116 : }
1117 :
1118 :
1119 : /* Run the self-tests for DES-CBC, tests bulk CBC decryption.
1120 : Returns NULL on success. */
1121 : static const char *
1122 6 : selftest_cbc (void)
1123 : {
1124 6 : const int nblocks = 3+2;
1125 6 : const int blocksize = DES_BLOCKSIZE;
1126 6 : const int context_size = sizeof(struct _tripledes_ctx);
1127 :
1128 6 : return _gcry_selftest_helper_cbc("3DES", &bulk_selftest_setkey,
1129 : &do_tripledes_encrypt, &_gcry_3des_cbc_dec, nblocks, blocksize,
1130 : context_size);
1131 : }
1132 :
1133 :
1134 : /* Run the self-tests for DES-CFB, tests bulk CBC decryption.
1135 : Returns NULL on success. */
1136 : static const char *
1137 6 : selftest_cfb (void)
1138 : {
1139 6 : const int nblocks = 3+2;
1140 6 : const int blocksize = DES_BLOCKSIZE;
1141 6 : const int context_size = sizeof(struct _tripledes_ctx);
1142 :
1143 6 : return _gcry_selftest_helper_cfb("3DES", &bulk_selftest_setkey,
1144 : &do_tripledes_encrypt, &_gcry_3des_cfb_dec, nblocks, blocksize,
1145 : context_size);
1146 : }
1147 :
1148 :
1149 : /*
1150 : * Performs a selftest of this DES/Triple-DES implementation.
1151 : * Returns an string with the error text on failure.
1152 : * Returns NULL if all is ok.
1153 : */
1154 : static const char *
1155 6 : selftest (void)
1156 : {
1157 : const char *r;
1158 :
1159 : /*
1160 : * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
1161 : * need this.
1162 : */
1163 : if (sizeof (u32) != 4)
1164 : return "Wrong word size for DES configured.";
1165 :
1166 : /*
1167 : * DES Maintenance Test
1168 : */
1169 : {
1170 : int i;
1171 6 : byte key[8] =
1172 : {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
1173 6 : byte input[8] =
1174 : {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1175 6 : byte result[8] =
1176 : {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
1177 : byte temp1[8], temp2[8], temp3[8];
1178 : des_ctx des;
1179 :
1180 390 : for (i = 0; i < 64; ++i)
1181 : {
1182 384 : des_setkey (des, key);
1183 384 : des_ecb_encrypt (des, input, temp1);
1184 384 : des_ecb_encrypt (des, temp1, temp2);
1185 384 : des_setkey (des, temp2);
1186 384 : des_ecb_decrypt (des, temp1, temp3);
1187 384 : memcpy (key, temp3, 8);
1188 384 : memcpy (input, temp1, 8);
1189 : }
1190 6 : if (memcmp (temp3, result, 8))
1191 0 : return "DES maintenance test failed.";
1192 : }
1193 :
1194 :
1195 : /*
1196 : * Self made Triple-DES test (Does somebody know an official test?)
1197 : */
1198 : {
1199 : int i;
1200 6 : byte input[8] =
1201 : {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
1202 6 : byte key1[8] =
1203 : {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
1204 6 : byte key2[8] =
1205 : {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
1206 6 : byte result[8] =
1207 : {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
1208 :
1209 : tripledes_ctx des3;
1210 :
1211 102 : for (i = 0; i < 16; ++i)
1212 : {
1213 96 : tripledes_set2keys (des3, key1, key2);
1214 96 : tripledes_ecb_encrypt (des3, input, key1);
1215 96 : tripledes_ecb_decrypt (des3, input, key2);
1216 96 : tripledes_set3keys (des3, key1, input, key2);
1217 96 : tripledes_ecb_encrypt (des3, input, input);
1218 : }
1219 6 : if (memcmp (input, result, 8))
1220 0 : return "Triple-DES test failed.";
1221 : }
1222 :
1223 : /*
1224 : * More Triple-DES test. These are testvectors as used by SSLeay,
1225 : * thanks to Jeroen C. van Gelderen.
1226 : */
1227 : {
1228 : static const struct { byte key[24]; byte plain[8]; byte cipher[8]; }
1229 : testdata[] = {
1230 : { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1231 : 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1232 : 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
1233 : { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
1234 : { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
1235 : },
1236 :
1237 : { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1238 : 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1239 : 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
1240 : { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
1241 : { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00 }
1242 : },
1243 : { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
1244 : 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
1245 : 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E },
1246 : { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A },
1247 : { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A }
1248 : },
1249 : { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
1250 : 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
1251 : 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6 },
1252 : { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2 },
1253 : { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95 }
1254 : },
1255 : { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
1256 : 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
1257 : 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
1258 : { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
1259 : { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18 }
1260 : },
1261 : { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
1262 : 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
1263 : 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
1264 : { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
1265 : { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1 }
1266 : },
1267 : { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
1268 : 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
1269 : 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
1270 : { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
1271 : { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72 }
1272 : },
1273 : { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
1274 : 0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
1275 : 0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57 },
1276 : { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65 },
1277 : { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30 }
1278 : },
1279 : { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1280 : 0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1281 : 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02 },
1282 : { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
1283 : { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74 }
1284 : },
1285 : { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
1286 : 0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
1287 : 0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01 },
1288 : { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
1289 : { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b }
1290 : }
1291 : };
1292 :
1293 : byte result[8];
1294 : int i;
1295 : tripledes_ctx des3;
1296 :
1297 66 : for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
1298 : {
1299 120 : tripledes_set3keys (des3, testdata[i].key,
1300 120 : testdata[i].key + 8, testdata[i].key + 16);
1301 :
1302 60 : tripledes_ecb_encrypt (des3, testdata[i].plain, result);
1303 60 : if (memcmp (testdata[i].cipher, result, 8))
1304 0 : return "Triple-DES SSLeay test failed on encryption.";
1305 :
1306 60 : tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
1307 60 : if (memcmp (testdata[i].plain, result, 8))
1308 0 : return "Triple-DES SSLeay test failed on decryption.";;
1309 : }
1310 : }
1311 :
1312 : /*
1313 : * Check the weak key detection. We simply assume that the table
1314 : * with weak keys is ok and check every key in the table if it is
1315 : * detected... (This test is a little bit stupid).
1316 : */
1317 : {
1318 : int i;
1319 : unsigned char *p;
1320 : gcry_md_hd_t h;
1321 :
1322 6 : if (_gcry_md_open (&h, GCRY_MD_SHA1, 0))
1323 0 : return "SHA1 not available";
1324 :
1325 390 : for (i = 0; i < 64; ++i)
1326 384 : _gcry_md_write (h, weak_keys[i], 8);
1327 6 : p = _gcry_md_read (h, GCRY_MD_SHA1);
1328 6 : i = memcmp (p, weak_keys_chksum, 20);
1329 6 : _gcry_md_close (h);
1330 6 : if (i)
1331 0 : return "weak key table defect";
1332 :
1333 390 : for (i = 0; i < 64; ++i)
1334 384 : if (!is_weak_key(weak_keys[i]))
1335 0 : return "DES weak key detection failed";
1336 : }
1337 :
1338 6 : if ( (r = selftest_cbc ()) )
1339 0 : return r;
1340 :
1341 6 : if ( (r = selftest_cfb ()) )
1342 0 : return r;
1343 :
1344 6 : if ( (r = selftest_ctr ()) )
1345 0 : return r;
1346 :
1347 6 : return 0;
1348 : }
1349 :
1350 :
1351 : static gcry_err_code_t
1352 308 : do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
1353 : {
1354 308 : struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1355 :
1356 308 : if( keylen != 24 )
1357 0 : return GPG_ERR_INV_KEYLEN;
1358 :
1359 308 : tripledes_set3keys ( ctx, key, key+8, key+16);
1360 :
1361 308 : if (ctx->flags.no_weak_key)
1362 : ; /* Detection has been disabled. */
1363 308 : else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
1364 : {
1365 0 : _gcry_burn_stack (64);
1366 0 : return GPG_ERR_WEAK_KEY;
1367 : }
1368 308 : _gcry_burn_stack (64);
1369 :
1370 308 : return GPG_ERR_NO_ERROR;
1371 : }
1372 :
1373 :
1374 : static gcry_err_code_t
1375 0 : do_tripledes_set_extra_info (void *context, int what,
1376 : const void *buffer, size_t buflen)
1377 : {
1378 0 : struct _tripledes_ctx *ctx = (struct _tripledes_ctx *)context;
1379 0 : gpg_err_code_t ec = 0;
1380 :
1381 : (void)buffer;
1382 : (void)buflen;
1383 :
1384 0 : switch (what)
1385 : {
1386 : case CIPHER_INFO_NO_WEAK_KEY:
1387 0 : ctx->flags.no_weak_key = 1;
1388 0 : break;
1389 :
1390 : default:
1391 0 : ec = GPG_ERR_INV_OP;
1392 0 : break;
1393 : }
1394 0 : return ec;
1395 : }
1396 :
1397 :
1398 : static unsigned int
1399 3041970 : do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
1400 : {
1401 3041970 : struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1402 :
1403 3041970 : tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
1404 3041970 : return /*burn_stack*/ TRIPLEDES_ECB_BURN_STACK;
1405 : }
1406 :
1407 : static unsigned int
1408 346220 : do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
1409 : {
1410 346220 : struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
1411 346220 : tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
1412 346220 : return /*burn_stack*/ TRIPLEDES_ECB_BURN_STACK;
1413 : }
1414 :
1415 : static gcry_err_code_t
1416 246 : do_des_setkey (void *context, const byte *key, unsigned keylen)
1417 : {
1418 246 : struct _des_ctx *ctx = (struct _des_ctx *) context;
1419 :
1420 246 : if (keylen != 8)
1421 0 : return GPG_ERR_INV_KEYLEN;
1422 :
1423 246 : des_setkey (ctx, key);
1424 :
1425 246 : if (is_weak_key (key)) {
1426 0 : _gcry_burn_stack (64);
1427 0 : return GPG_ERR_WEAK_KEY;
1428 : }
1429 246 : _gcry_burn_stack (64);
1430 :
1431 246 : return GPG_ERR_NO_ERROR;
1432 : }
1433 :
1434 :
1435 : static unsigned int
1436 2949916 : do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
1437 : {
1438 2949916 : struct _des_ctx *ctx = (struct _des_ctx *) context;
1439 :
1440 2949916 : des_ecb_encrypt ( ctx, inbuf, outbuf );
1441 2949916 : return /*burn_stack*/ (32);
1442 : }
1443 :
1444 : static unsigned int
1445 641440 : do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
1446 : {
1447 641440 : struct _des_ctx *ctx = (struct _des_ctx *) context;
1448 :
1449 641440 : des_ecb_decrypt ( ctx, inbuf, outbuf );
1450 641440 : return /*burn_stack*/ (32);
1451 : }
1452 :
1453 :
1454 :
1455 : �
1456 : /*
1457 : Self-test section.
1458 : */
1459 :
1460 :
1461 : /* Selftest for TripleDES. */
1462 : static gpg_err_code_t
1463 2 : selftest_fips (int extended, selftest_report_func_t report)
1464 : {
1465 : const char *what;
1466 : const char *errtxt;
1467 :
1468 : (void)extended; /* No extended tests available. */
1469 :
1470 2 : what = "low-level";
1471 2 : errtxt = selftest ();
1472 2 : if (errtxt)
1473 0 : goto failed;
1474 :
1475 : /* The low-level self-tests are quite extensive and thus we can do
1476 : without high level tests. This is also justified because we have
1477 : no custom block code implementation for 3des but always use the
1478 : standard high level block code. */
1479 :
1480 2 : return 0; /* Succeeded. */
1481 :
1482 : failed:
1483 0 : if (report)
1484 0 : report ("cipher", GCRY_CIPHER_3DES, what, errtxt);
1485 0 : return GPG_ERR_SELFTEST_FAILED;
1486 : }
1487 :
1488 :
1489 :
1490 : /* Run a full self-test for ALGO and return 0 on success. */
1491 : static gpg_err_code_t
1492 2 : run_selftests (int algo, int extended, selftest_report_func_t report)
1493 : {
1494 : gpg_err_code_t ec;
1495 :
1496 2 : switch (algo)
1497 : {
1498 : case GCRY_CIPHER_3DES:
1499 2 : ec = selftest_fips (extended, report);
1500 2 : break;
1501 : default:
1502 0 : ec = GPG_ERR_CIPHER_ALGO;
1503 0 : break;
1504 :
1505 : }
1506 2 : return ec;
1507 : }
1508 :
1509 :
1510 : �
1511 : gcry_cipher_spec_t _gcry_cipher_spec_des =
1512 : {
1513 : GCRY_CIPHER_DES, {0, 0},
1514 : "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
1515 : do_des_setkey, do_des_encrypt, do_des_decrypt
1516 : };
1517 :
1518 : static gcry_cipher_oid_spec_t oids_tripledes[] =
1519 : {
1520 : { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
1521 : /* Teletrust specific OID for 3DES. */
1522 : { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
1523 : /* pbeWithSHAAnd3_KeyTripleDES_CBC */
1524 : { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
1525 : { NULL }
1526 : };
1527 :
1528 : gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
1529 : {
1530 : GCRY_CIPHER_3DES, {0, 1},
1531 : "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
1532 : do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt,
1533 : NULL, NULL,
1534 : run_selftests,
1535 : do_tripledes_set_extra_info
1536 : };
|
