des_generic.c 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008
  1. /*
  2. * Cryptographic API.
  3. *
  4. * DES & Triple DES EDE Cipher Algorithms.
  5. *
  6. * Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
  7. *
  8. * This program is free software; you can redistribute it and/or modify
  9. * it under the terms of the GNU General Public License as published by
  10. * the Free Software Foundation; either version 2 of the License, or
  11. * (at your option) any later version.
  12. *
  13. */
  14. #include <asm/byteorder.h>
  15. #include <linux/bitops.h>
  16. #include <linux/init.h>
  17. #include <linux/module.h>
  18. #include <linux/errno.h>
  19. #include <linux/crypto.h>
  20. #include <linux/types.h>
  21. #include <crypto/des.h>
  22. #define ROL(x, r) ((x) = rol32((x), (r)))
  23. #define ROR(x, r) ((x) = ror32((x), (r)))
  24. struct des_ctx {
  25. u32 expkey[DES_EXPKEY_WORDS];
  26. };
  27. struct des3_ede_ctx {
  28. u32 expkey[DES3_EDE_EXPKEY_WORDS];
  29. };
  30. /* Lookup tables for key expansion */
  31. static const u8 pc1[256] = {
  32. 0x00, 0x00, 0x40, 0x04, 0x10, 0x10, 0x50, 0x14,
  33. 0x04, 0x40, 0x44, 0x44, 0x14, 0x50, 0x54, 0x54,
  34. 0x02, 0x02, 0x42, 0x06, 0x12, 0x12, 0x52, 0x16,
  35. 0x06, 0x42, 0x46, 0x46, 0x16, 0x52, 0x56, 0x56,
  36. 0x80, 0x08, 0xc0, 0x0c, 0x90, 0x18, 0xd0, 0x1c,
  37. 0x84, 0x48, 0xc4, 0x4c, 0x94, 0x58, 0xd4, 0x5c,
  38. 0x82, 0x0a, 0xc2, 0x0e, 0x92, 0x1a, 0xd2, 0x1e,
  39. 0x86, 0x4a, 0xc6, 0x4e, 0x96, 0x5a, 0xd6, 0x5e,
  40. 0x20, 0x20, 0x60, 0x24, 0x30, 0x30, 0x70, 0x34,
  41. 0x24, 0x60, 0x64, 0x64, 0x34, 0x70, 0x74, 0x74,
  42. 0x22, 0x22, 0x62, 0x26, 0x32, 0x32, 0x72, 0x36,
  43. 0x26, 0x62, 0x66, 0x66, 0x36, 0x72, 0x76, 0x76,
  44. 0xa0, 0x28, 0xe0, 0x2c, 0xb0, 0x38, 0xf0, 0x3c,
  45. 0xa4, 0x68, 0xe4, 0x6c, 0xb4, 0x78, 0xf4, 0x7c,
  46. 0xa2, 0x2a, 0xe2, 0x2e, 0xb2, 0x3a, 0xf2, 0x3e,
  47. 0xa6, 0x6a, 0xe6, 0x6e, 0xb6, 0x7a, 0xf6, 0x7e,
  48. 0x08, 0x80, 0x48, 0x84, 0x18, 0x90, 0x58, 0x94,
  49. 0x0c, 0xc0, 0x4c, 0xc4, 0x1c, 0xd0, 0x5c, 0xd4,
  50. 0x0a, 0x82, 0x4a, 0x86, 0x1a, 0x92, 0x5a, 0x96,
  51. 0x0e, 0xc2, 0x4e, 0xc6, 0x1e, 0xd2, 0x5e, 0xd6,
  52. 0x88, 0x88, 0xc8, 0x8c, 0x98, 0x98, 0xd8, 0x9c,
  53. 0x8c, 0xc8, 0xcc, 0xcc, 0x9c, 0xd8, 0xdc, 0xdc,
  54. 0x8a, 0x8a, 0xca, 0x8e, 0x9a, 0x9a, 0xda, 0x9e,
  55. 0x8e, 0xca, 0xce, 0xce, 0x9e, 0xda, 0xde, 0xde,
  56. 0x28, 0xa0, 0x68, 0xa4, 0x38, 0xb0, 0x78, 0xb4,
  57. 0x2c, 0xe0, 0x6c, 0xe4, 0x3c, 0xf0, 0x7c, 0xf4,
  58. 0x2a, 0xa2, 0x6a, 0xa6, 0x3a, 0xb2, 0x7a, 0xb6,
  59. 0x2e, 0xe2, 0x6e, 0xe6, 0x3e, 0xf2, 0x7e, 0xf6,
  60. 0xa8, 0xa8, 0xe8, 0xac, 0xb8, 0xb8, 0xf8, 0xbc,
  61. 0xac, 0xe8, 0xec, 0xec, 0xbc, 0xf8, 0xfc, 0xfc,
  62. 0xaa, 0xaa, 0xea, 0xae, 0xba, 0xba, 0xfa, 0xbe,
  63. 0xae, 0xea, 0xee, 0xee, 0xbe, 0xfa, 0xfe, 0xfe
  64. };
  65. static const u8 rs[256] = {
  66. 0x00, 0x00, 0x80, 0x80, 0x02, 0x02, 0x82, 0x82,
  67. 0x04, 0x04, 0x84, 0x84, 0x06, 0x06, 0x86, 0x86,
  68. 0x08, 0x08, 0x88, 0x88, 0x0a, 0x0a, 0x8a, 0x8a,
  69. 0x0c, 0x0c, 0x8c, 0x8c, 0x0e, 0x0e, 0x8e, 0x8e,
  70. 0x10, 0x10, 0x90, 0x90, 0x12, 0x12, 0x92, 0x92,
  71. 0x14, 0x14, 0x94, 0x94, 0x16, 0x16, 0x96, 0x96,
  72. 0x18, 0x18, 0x98, 0x98, 0x1a, 0x1a, 0x9a, 0x9a,
  73. 0x1c, 0x1c, 0x9c, 0x9c, 0x1e, 0x1e, 0x9e, 0x9e,
  74. 0x20, 0x20, 0xa0, 0xa0, 0x22, 0x22, 0xa2, 0xa2,
  75. 0x24, 0x24, 0xa4, 0xa4, 0x26, 0x26, 0xa6, 0xa6,
  76. 0x28, 0x28, 0xa8, 0xa8, 0x2a, 0x2a, 0xaa, 0xaa,
  77. 0x2c, 0x2c, 0xac, 0xac, 0x2e, 0x2e, 0xae, 0xae,
  78. 0x30, 0x30, 0xb0, 0xb0, 0x32, 0x32, 0xb2, 0xb2,
  79. 0x34, 0x34, 0xb4, 0xb4, 0x36, 0x36, 0xb6, 0xb6,
  80. 0x38, 0x38, 0xb8, 0xb8, 0x3a, 0x3a, 0xba, 0xba,
  81. 0x3c, 0x3c, 0xbc, 0xbc, 0x3e, 0x3e, 0xbe, 0xbe,
  82. 0x40, 0x40, 0xc0, 0xc0, 0x42, 0x42, 0xc2, 0xc2,
  83. 0x44, 0x44, 0xc4, 0xc4, 0x46, 0x46, 0xc6, 0xc6,
  84. 0x48, 0x48, 0xc8, 0xc8, 0x4a, 0x4a, 0xca, 0xca,
  85. 0x4c, 0x4c, 0xcc, 0xcc, 0x4e, 0x4e, 0xce, 0xce,
  86. 0x50, 0x50, 0xd0, 0xd0, 0x52, 0x52, 0xd2, 0xd2,
  87. 0x54, 0x54, 0xd4, 0xd4, 0x56, 0x56, 0xd6, 0xd6,
  88. 0x58, 0x58, 0xd8, 0xd8, 0x5a, 0x5a, 0xda, 0xda,
  89. 0x5c, 0x5c, 0xdc, 0xdc, 0x5e, 0x5e, 0xde, 0xde,
  90. 0x60, 0x60, 0xe0, 0xe0, 0x62, 0x62, 0xe2, 0xe2,
  91. 0x64, 0x64, 0xe4, 0xe4, 0x66, 0x66, 0xe6, 0xe6,
  92. 0x68, 0x68, 0xe8, 0xe8, 0x6a, 0x6a, 0xea, 0xea,
  93. 0x6c, 0x6c, 0xec, 0xec, 0x6e, 0x6e, 0xee, 0xee,
  94. 0x70, 0x70, 0xf0, 0xf0, 0x72, 0x72, 0xf2, 0xf2,
  95. 0x74, 0x74, 0xf4, 0xf4, 0x76, 0x76, 0xf6, 0xf6,
  96. 0x78, 0x78, 0xf8, 0xf8, 0x7a, 0x7a, 0xfa, 0xfa,
  97. 0x7c, 0x7c, 0xfc, 0xfc, 0x7e, 0x7e, 0xfe, 0xfe
  98. };
  99. static const u32 pc2[1024] = {
  100. 0x00000000, 0x00000000, 0x00000000, 0x00000000,
  101. 0x00040000, 0x00000000, 0x04000000, 0x00100000,
  102. 0x00400000, 0x00000008, 0x00000800, 0x40000000,
  103. 0x00440000, 0x00000008, 0x04000800, 0x40100000,
  104. 0x00000400, 0x00000020, 0x08000000, 0x00000100,
  105. 0x00040400, 0x00000020, 0x0c000000, 0x00100100,
  106. 0x00400400, 0x00000028, 0x08000800, 0x40000100,
  107. 0x00440400, 0x00000028, 0x0c000800, 0x40100100,
  108. 0x80000000, 0x00000010, 0x00000000, 0x00800000,
  109. 0x80040000, 0x00000010, 0x04000000, 0x00900000,
  110. 0x80400000, 0x00000018, 0x00000800, 0x40800000,
  111. 0x80440000, 0x00000018, 0x04000800, 0x40900000,
  112. 0x80000400, 0x00000030, 0x08000000, 0x00800100,
  113. 0x80040400, 0x00000030, 0x0c000000, 0x00900100,
  114. 0x80400400, 0x00000038, 0x08000800, 0x40800100,
  115. 0x80440400, 0x00000038, 0x0c000800, 0x40900100,
  116. 0x10000000, 0x00000000, 0x00200000, 0x00001000,
  117. 0x10040000, 0x00000000, 0x04200000, 0x00101000,
  118. 0x10400000, 0x00000008, 0x00200800, 0x40001000,
  119. 0x10440000, 0x00000008, 0x04200800, 0x40101000,
  120. 0x10000400, 0x00000020, 0x08200000, 0x00001100,
  121. 0x10040400, 0x00000020, 0x0c200000, 0x00101100,
  122. 0x10400400, 0x00000028, 0x08200800, 0x40001100,
  123. 0x10440400, 0x00000028, 0x0c200800, 0x40101100,
  124. 0x90000000, 0x00000010, 0x00200000, 0x00801000,
  125. 0x90040000, 0x00000010, 0x04200000, 0x00901000,
  126. 0x90400000, 0x00000018, 0x00200800, 0x40801000,
  127. 0x90440000, 0x00000018, 0x04200800, 0x40901000,
  128. 0x90000400, 0x00000030, 0x08200000, 0x00801100,
  129. 0x90040400, 0x00000030, 0x0c200000, 0x00901100,
  130. 0x90400400, 0x00000038, 0x08200800, 0x40801100,
  131. 0x90440400, 0x00000038, 0x0c200800, 0x40901100,
  132. 0x00000200, 0x00080000, 0x00000000, 0x00000004,
  133. 0x00040200, 0x00080000, 0x04000000, 0x00100004,
  134. 0x00400200, 0x00080008, 0x00000800, 0x40000004,
  135. 0x00440200, 0x00080008, 0x04000800, 0x40100004,
  136. 0x00000600, 0x00080020, 0x08000000, 0x00000104,
  137. 0x00040600, 0x00080020, 0x0c000000, 0x00100104,
  138. 0x00400600, 0x00080028, 0x08000800, 0x40000104,
  139. 0x00440600, 0x00080028, 0x0c000800, 0x40100104,
  140. 0x80000200, 0x00080010, 0x00000000, 0x00800004,
  141. 0x80040200, 0x00080010, 0x04000000, 0x00900004,
  142. 0x80400200, 0x00080018, 0x00000800, 0x40800004,
  143. 0x80440200, 0x00080018, 0x04000800, 0x40900004,
  144. 0x80000600, 0x00080030, 0x08000000, 0x00800104,
  145. 0x80040600, 0x00080030, 0x0c000000, 0x00900104,
  146. 0x80400600, 0x00080038, 0x08000800, 0x40800104,
  147. 0x80440600, 0x00080038, 0x0c000800, 0x40900104,
  148. 0x10000200, 0x00080000, 0x00200000, 0x00001004,
  149. 0x10040200, 0x00080000, 0x04200000, 0x00101004,
  150. 0x10400200, 0x00080008, 0x00200800, 0x40001004,
  151. 0x10440200, 0x00080008, 0x04200800, 0x40101004,
  152. 0x10000600, 0x00080020, 0x08200000, 0x00001104,
  153. 0x10040600, 0x00080020, 0x0c200000, 0x00101104,
  154. 0x10400600, 0x00080028, 0x08200800, 0x40001104,
  155. 0x10440600, 0x00080028, 0x0c200800, 0x40101104,
  156. 0x90000200, 0x00080010, 0x00200000, 0x00801004,
  157. 0x90040200, 0x00080010, 0x04200000, 0x00901004,
  158. 0x90400200, 0x00080018, 0x00200800, 0x40801004,
  159. 0x90440200, 0x00080018, 0x04200800, 0x40901004,
  160. 0x90000600, 0x00080030, 0x08200000, 0x00801104,
  161. 0x90040600, 0x00080030, 0x0c200000, 0x00901104,
  162. 0x90400600, 0x00080038, 0x08200800, 0x40801104,
  163. 0x90440600, 0x00080038, 0x0c200800, 0x40901104,
  164. 0x00000002, 0x00002000, 0x20000000, 0x00000001,
  165. 0x00040002, 0x00002000, 0x24000000, 0x00100001,
  166. 0x00400002, 0x00002008, 0x20000800, 0x40000001,
  167. 0x00440002, 0x00002008, 0x24000800, 0x40100001,
  168. 0x00000402, 0x00002020, 0x28000000, 0x00000101,
  169. 0x00040402, 0x00002020, 0x2c000000, 0x00100101,
  170. 0x00400402, 0x00002028, 0x28000800, 0x40000101,
  171. 0x00440402, 0x00002028, 0x2c000800, 0x40100101,
  172. 0x80000002, 0x00002010, 0x20000000, 0x00800001,
  173. 0x80040002, 0x00002010, 0x24000000, 0x00900001,
  174. 0x80400002, 0x00002018, 0x20000800, 0x40800001,
  175. 0x80440002, 0x00002018, 0x24000800, 0x40900001,
  176. 0x80000402, 0x00002030, 0x28000000, 0x00800101,
  177. 0x80040402, 0x00002030, 0x2c000000, 0x00900101,
  178. 0x80400402, 0x00002038, 0x28000800, 0x40800101,
  179. 0x80440402, 0x00002038, 0x2c000800, 0x40900101,
  180. 0x10000002, 0x00002000, 0x20200000, 0x00001001,
  181. 0x10040002, 0x00002000, 0x24200000, 0x00101001,
  182. 0x10400002, 0x00002008, 0x20200800, 0x40001001,
  183. 0x10440002, 0x00002008, 0x24200800, 0x40101001,
  184. 0x10000402, 0x00002020, 0x28200000, 0x00001101,
  185. 0x10040402, 0x00002020, 0x2c200000, 0x00101101,
  186. 0x10400402, 0x00002028, 0x28200800, 0x40001101,
  187. 0x10440402, 0x00002028, 0x2c200800, 0x40101101,
  188. 0x90000002, 0x00002010, 0x20200000, 0x00801001,
  189. 0x90040002, 0x00002010, 0x24200000, 0x00901001,
  190. 0x90400002, 0x00002018, 0x20200800, 0x40801001,
  191. 0x90440002, 0x00002018, 0x24200800, 0x40901001,
  192. 0x90000402, 0x00002030, 0x28200000, 0x00801101,
  193. 0x90040402, 0x00002030, 0x2c200000, 0x00901101,
  194. 0x90400402, 0x00002038, 0x28200800, 0x40801101,
  195. 0x90440402, 0x00002038, 0x2c200800, 0x40901101,
  196. 0x00000202, 0x00082000, 0x20000000, 0x00000005,
  197. 0x00040202, 0x00082000, 0x24000000, 0x00100005,
  198. 0x00400202, 0x00082008, 0x20000800, 0x40000005,
  199. 0x00440202, 0x00082008, 0x24000800, 0x40100005,
  200. 0x00000602, 0x00082020, 0x28000000, 0x00000105,
  201. 0x00040602, 0x00082020, 0x2c000000, 0x00100105,
  202. 0x00400602, 0x00082028, 0x28000800, 0x40000105,
  203. 0x00440602, 0x00082028, 0x2c000800, 0x40100105,
  204. 0x80000202, 0x00082010, 0x20000000, 0x00800005,
  205. 0x80040202, 0x00082010, 0x24000000, 0x00900005,
  206. 0x80400202, 0x00082018, 0x20000800, 0x40800005,
  207. 0x80440202, 0x00082018, 0x24000800, 0x40900005,
  208. 0x80000602, 0x00082030, 0x28000000, 0x00800105,
  209. 0x80040602, 0x00082030, 0x2c000000, 0x00900105,
  210. 0x80400602, 0x00082038, 0x28000800, 0x40800105,
  211. 0x80440602, 0x00082038, 0x2c000800, 0x40900105,
  212. 0x10000202, 0x00082000, 0x20200000, 0x00001005,
  213. 0x10040202, 0x00082000, 0x24200000, 0x00101005,
  214. 0x10400202, 0x00082008, 0x20200800, 0x40001005,
  215. 0x10440202, 0x00082008, 0x24200800, 0x40101005,
  216. 0x10000602, 0x00082020, 0x28200000, 0x00001105,
  217. 0x10040602, 0x00082020, 0x2c200000, 0x00101105,
  218. 0x10400602, 0x00082028, 0x28200800, 0x40001105,
  219. 0x10440602, 0x00082028, 0x2c200800, 0x40101105,
  220. 0x90000202, 0x00082010, 0x20200000, 0x00801005,
  221. 0x90040202, 0x00082010, 0x24200000, 0x00901005,
  222. 0x90400202, 0x00082018, 0x20200800, 0x40801005,
  223. 0x90440202, 0x00082018, 0x24200800, 0x40901005,
  224. 0x90000602, 0x00082030, 0x28200000, 0x00801105,
  225. 0x90040602, 0x00082030, 0x2c200000, 0x00901105,
  226. 0x90400602, 0x00082038, 0x28200800, 0x40801105,
  227. 0x90440602, 0x00082038, 0x2c200800, 0x40901105,
  228. 0x00000000, 0x00000000, 0x00000000, 0x00000000,
  229. 0x00000000, 0x00000008, 0x00080000, 0x10000000,
  230. 0x02000000, 0x00000000, 0x00000080, 0x00001000,
  231. 0x02000000, 0x00000008, 0x00080080, 0x10001000,
  232. 0x00004000, 0x00000000, 0x00000040, 0x00040000,
  233. 0x00004000, 0x00000008, 0x00080040, 0x10040000,
  234. 0x02004000, 0x00000000, 0x000000c0, 0x00041000,
  235. 0x02004000, 0x00000008, 0x000800c0, 0x10041000,
  236. 0x00020000, 0x00008000, 0x08000000, 0x00200000,
  237. 0x00020000, 0x00008008, 0x08080000, 0x10200000,
  238. 0x02020000, 0x00008000, 0x08000080, 0x00201000,
  239. 0x02020000, 0x00008008, 0x08080080, 0x10201000,
  240. 0x00024000, 0x00008000, 0x08000040, 0x00240000,
  241. 0x00024000, 0x00008008, 0x08080040, 0x10240000,
  242. 0x02024000, 0x00008000, 0x080000c0, 0x00241000,
  243. 0x02024000, 0x00008008, 0x080800c0, 0x10241000,
  244. 0x00000000, 0x01000000, 0x00002000, 0x00000020,
  245. 0x00000000, 0x01000008, 0x00082000, 0x10000020,
  246. 0x02000000, 0x01000000, 0x00002080, 0x00001020,
  247. 0x02000000, 0x01000008, 0x00082080, 0x10001020,
  248. 0x00004000, 0x01000000, 0x00002040, 0x00040020,
  249. 0x00004000, 0x01000008, 0x00082040, 0x10040020,
  250. 0x02004000, 0x01000000, 0x000020c0, 0x00041020,
  251. 0x02004000, 0x01000008, 0x000820c0, 0x10041020,
  252. 0x00020000, 0x01008000, 0x08002000, 0x00200020,
  253. 0x00020000, 0x01008008, 0x08082000, 0x10200020,
  254. 0x02020000, 0x01008000, 0x08002080, 0x00201020,
  255. 0x02020000, 0x01008008, 0x08082080, 0x10201020,
  256. 0x00024000, 0x01008000, 0x08002040, 0x00240020,
  257. 0x00024000, 0x01008008, 0x08082040, 0x10240020,
  258. 0x02024000, 0x01008000, 0x080020c0, 0x00241020,
  259. 0x02024000, 0x01008008, 0x080820c0, 0x10241020,
  260. 0x00000400, 0x04000000, 0x00100000, 0x00000004,
  261. 0x00000400, 0x04000008, 0x00180000, 0x10000004,
  262. 0x02000400, 0x04000000, 0x00100080, 0x00001004,
  263. 0x02000400, 0x04000008, 0x00180080, 0x10001004,
  264. 0x00004400, 0x04000000, 0x00100040, 0x00040004,
  265. 0x00004400, 0x04000008, 0x00180040, 0x10040004,
  266. 0x02004400, 0x04000000, 0x001000c0, 0x00041004,
  267. 0x02004400, 0x04000008, 0x001800c0, 0x10041004,
  268. 0x00020400, 0x04008000, 0x08100000, 0x00200004,
  269. 0x00020400, 0x04008008, 0x08180000, 0x10200004,
  270. 0x02020400, 0x04008000, 0x08100080, 0x00201004,
  271. 0x02020400, 0x04008008, 0x08180080, 0x10201004,
  272. 0x00024400, 0x04008000, 0x08100040, 0x00240004,
  273. 0x00024400, 0x04008008, 0x08180040, 0x10240004,
  274. 0x02024400, 0x04008000, 0x081000c0, 0x00241004,
  275. 0x02024400, 0x04008008, 0x081800c0, 0x10241004,
  276. 0x00000400, 0x05000000, 0x00102000, 0x00000024,
  277. 0x00000400, 0x05000008, 0x00182000, 0x10000024,
  278. 0x02000400, 0x05000000, 0x00102080, 0x00001024,
  279. 0x02000400, 0x05000008, 0x00182080, 0x10001024,
  280. 0x00004400, 0x05000000, 0x00102040, 0x00040024,
  281. 0x00004400, 0x05000008, 0x00182040, 0x10040024,
  282. 0x02004400, 0x05000000, 0x001020c0, 0x00041024,
  283. 0x02004400, 0x05000008, 0x001820c0, 0x10041024,
  284. 0x00020400, 0x05008000, 0x08102000, 0x00200024,
  285. 0x00020400, 0x05008008, 0x08182000, 0x10200024,
  286. 0x02020400, 0x05008000, 0x08102080, 0x00201024,
  287. 0x02020400, 0x05008008, 0x08182080, 0x10201024,
  288. 0x00024400, 0x05008000, 0x08102040, 0x00240024,
  289. 0x00024400, 0x05008008, 0x08182040, 0x10240024,
  290. 0x02024400, 0x05008000, 0x081020c0, 0x00241024,
  291. 0x02024400, 0x05008008, 0x081820c0, 0x10241024,
  292. 0x00000800, 0x00010000, 0x20000000, 0x00000010,
  293. 0x00000800, 0x00010008, 0x20080000, 0x10000010,
  294. 0x02000800, 0x00010000, 0x20000080, 0x00001010,
  295. 0x02000800, 0x00010008, 0x20080080, 0x10001010,
  296. 0x00004800, 0x00010000, 0x20000040, 0x00040010,
  297. 0x00004800, 0x00010008, 0x20080040, 0x10040010,
  298. 0x02004800, 0x00010000, 0x200000c0, 0x00041010,
  299. 0x02004800, 0x00010008, 0x200800c0, 0x10041010,
  300. 0x00020800, 0x00018000, 0x28000000, 0x00200010,
  301. 0x00020800, 0x00018008, 0x28080000, 0x10200010,
  302. 0x02020800, 0x00018000, 0x28000080, 0x00201010,
  303. 0x02020800, 0x00018008, 0x28080080, 0x10201010,
  304. 0x00024800, 0x00018000, 0x28000040, 0x00240010,
  305. 0x00024800, 0x00018008, 0x28080040, 0x10240010,
  306. 0x02024800, 0x00018000, 0x280000c0, 0x00241010,
  307. 0x02024800, 0x00018008, 0x280800c0, 0x10241010,
  308. 0x00000800, 0x01010000, 0x20002000, 0x00000030,
  309. 0x00000800, 0x01010008, 0x20082000, 0x10000030,
  310. 0x02000800, 0x01010000, 0x20002080, 0x00001030,
  311. 0x02000800, 0x01010008, 0x20082080, 0x10001030,
  312. 0x00004800, 0x01010000, 0x20002040, 0x00040030,
  313. 0x00004800, 0x01010008, 0x20082040, 0x10040030,
  314. 0x02004800, 0x01010000, 0x200020c0, 0x00041030,
  315. 0x02004800, 0x01010008, 0x200820c0, 0x10041030,
  316. 0x00020800, 0x01018000, 0x28002000, 0x00200030,
  317. 0x00020800, 0x01018008, 0x28082000, 0x10200030,
  318. 0x02020800, 0x01018000, 0x28002080, 0x00201030,
  319. 0x02020800, 0x01018008, 0x28082080, 0x10201030,
  320. 0x00024800, 0x01018000, 0x28002040, 0x00240030,
  321. 0x00024800, 0x01018008, 0x28082040, 0x10240030,
  322. 0x02024800, 0x01018000, 0x280020c0, 0x00241030,
  323. 0x02024800, 0x01018008, 0x280820c0, 0x10241030,
  324. 0x00000c00, 0x04010000, 0x20100000, 0x00000014,
  325. 0x00000c00, 0x04010008, 0x20180000, 0x10000014,
  326. 0x02000c00, 0x04010000, 0x20100080, 0x00001014,
  327. 0x02000c00, 0x04010008, 0x20180080, 0x10001014,
  328. 0x00004c00, 0x04010000, 0x20100040, 0x00040014,
  329. 0x00004c00, 0x04010008, 0x20180040, 0x10040014,
  330. 0x02004c00, 0x04010000, 0x201000c0, 0x00041014,
  331. 0x02004c00, 0x04010008, 0x201800c0, 0x10041014,
  332. 0x00020c00, 0x04018000, 0x28100000, 0x00200014,
  333. 0x00020c00, 0x04018008, 0x28180000, 0x10200014,
  334. 0x02020c00, 0x04018000, 0x28100080, 0x00201014,
  335. 0x02020c00, 0x04018008, 0x28180080, 0x10201014,
  336. 0x00024c00, 0x04018000, 0x28100040, 0x00240014,
  337. 0x00024c00, 0x04018008, 0x28180040, 0x10240014,
  338. 0x02024c00, 0x04018000, 0x281000c0, 0x00241014,
  339. 0x02024c00, 0x04018008, 0x281800c0, 0x10241014,
  340. 0x00000c00, 0x05010000, 0x20102000, 0x00000034,
  341. 0x00000c00, 0x05010008, 0x20182000, 0x10000034,
  342. 0x02000c00, 0x05010000, 0x20102080, 0x00001034,
  343. 0x02000c00, 0x05010008, 0x20182080, 0x10001034,
  344. 0x00004c00, 0x05010000, 0x20102040, 0x00040034,
  345. 0x00004c00, 0x05010008, 0x20182040, 0x10040034,
  346. 0x02004c00, 0x05010000, 0x201020c0, 0x00041034,
  347. 0x02004c00, 0x05010008, 0x201820c0, 0x10041034,
  348. 0x00020c00, 0x05018000, 0x28102000, 0x00200034,
  349. 0x00020c00, 0x05018008, 0x28182000, 0x10200034,
  350. 0x02020c00, 0x05018000, 0x28102080, 0x00201034,
  351. 0x02020c00, 0x05018008, 0x28182080, 0x10201034,
  352. 0x00024c00, 0x05018000, 0x28102040, 0x00240034,
  353. 0x00024c00, 0x05018008, 0x28182040, 0x10240034,
  354. 0x02024c00, 0x05018000, 0x281020c0, 0x00241034,
  355. 0x02024c00, 0x05018008, 0x281820c0, 0x10241034
  356. };
  357. /* S-box lookup tables */
  358. static const u32 S1[64] = {
  359. 0x01010400, 0x00000000, 0x00010000, 0x01010404,
  360. 0x01010004, 0x00010404, 0x00000004, 0x00010000,
  361. 0x00000400, 0x01010400, 0x01010404, 0x00000400,
  362. 0x01000404, 0x01010004, 0x01000000, 0x00000004,
  363. 0x00000404, 0x01000400, 0x01000400, 0x00010400,
  364. 0x00010400, 0x01010000, 0x01010000, 0x01000404,
  365. 0x00010004, 0x01000004, 0x01000004, 0x00010004,
  366. 0x00000000, 0x00000404, 0x00010404, 0x01000000,
  367. 0x00010000, 0x01010404, 0x00000004, 0x01010000,
  368. 0x01010400, 0x01000000, 0x01000000, 0x00000400,
  369. 0x01010004, 0x00010000, 0x00010400, 0x01000004,
  370. 0x00000400, 0x00000004, 0x01000404, 0x00010404,
  371. 0x01010404, 0x00010004, 0x01010000, 0x01000404,
  372. 0x01000004, 0x00000404, 0x00010404, 0x01010400,
  373. 0x00000404, 0x01000400, 0x01000400, 0x00000000,
  374. 0x00010004, 0x00010400, 0x00000000, 0x01010004
  375. };
  376. static const u32 S2[64] = {
  377. 0x80108020, 0x80008000, 0x00008000, 0x00108020,
  378. 0x00100000, 0x00000020, 0x80100020, 0x80008020,
  379. 0x80000020, 0x80108020, 0x80108000, 0x80000000,
  380. 0x80008000, 0x00100000, 0x00000020, 0x80100020,
  381. 0x00108000, 0x00100020, 0x80008020, 0x00000000,
  382. 0x80000000, 0x00008000, 0x00108020, 0x80100000,
  383. 0x00100020, 0x80000020, 0x00000000, 0x00108000,
  384. 0x00008020, 0x80108000, 0x80100000, 0x00008020,
  385. 0x00000000, 0x00108020, 0x80100020, 0x00100000,
  386. 0x80008020, 0x80100000, 0x80108000, 0x00008000,
  387. 0x80100000, 0x80008000, 0x00000020, 0x80108020,
  388. 0x00108020, 0x00000020, 0x00008000, 0x80000000,
  389. 0x00008020, 0x80108000, 0x00100000, 0x80000020,
  390. 0x00100020, 0x80008020, 0x80000020, 0x00100020,
  391. 0x00108000, 0x00000000, 0x80008000, 0x00008020,
  392. 0x80000000, 0x80100020, 0x80108020, 0x00108000
  393. };
  394. static const u32 S3[64] = {
  395. 0x00000208, 0x08020200, 0x00000000, 0x08020008,
  396. 0x08000200, 0x00000000, 0x00020208, 0x08000200,
  397. 0x00020008, 0x08000008, 0x08000008, 0x00020000,
  398. 0x08020208, 0x00020008, 0x08020000, 0x00000208,
  399. 0x08000000, 0x00000008, 0x08020200, 0x00000200,
  400. 0x00020200, 0x08020000, 0x08020008, 0x00020208,
  401. 0x08000208, 0x00020200, 0x00020000, 0x08000208,
  402. 0x00000008, 0x08020208, 0x00000200, 0x08000000,
  403. 0x08020200, 0x08000000, 0x00020008, 0x00000208,
  404. 0x00020000, 0x08020200, 0x08000200, 0x00000000,
  405. 0x00000200, 0x00020008, 0x08020208, 0x08000200,
  406. 0x08000008, 0x00000200, 0x00000000, 0x08020008,
  407. 0x08000208, 0x00020000, 0x08000000, 0x08020208,
  408. 0x00000008, 0x00020208, 0x00020200, 0x08000008,
  409. 0x08020000, 0x08000208, 0x00000208, 0x08020000,
  410. 0x00020208, 0x00000008, 0x08020008, 0x00020200
  411. };
  412. static const u32 S4[64] = {
  413. 0x00802001, 0x00002081, 0x00002081, 0x00000080,
  414. 0x00802080, 0x00800081, 0x00800001, 0x00002001,
  415. 0x00000000, 0x00802000, 0x00802000, 0x00802081,
  416. 0x00000081, 0x00000000, 0x00800080, 0x00800001,
  417. 0x00000001, 0x00002000, 0x00800000, 0x00802001,
  418. 0x00000080, 0x00800000, 0x00002001, 0x00002080,
  419. 0x00800081, 0x00000001, 0x00002080, 0x00800080,
  420. 0x00002000, 0x00802080, 0x00802081, 0x00000081,
  421. 0x00800080, 0x00800001, 0x00802000, 0x00802081,
  422. 0x00000081, 0x00000000, 0x00000000, 0x00802000,
  423. 0x00002080, 0x00800080, 0x00800081, 0x00000001,
  424. 0x00802001, 0x00002081, 0x00002081, 0x00000080,
  425. 0x00802081, 0x00000081, 0x00000001, 0x00002000,
  426. 0x00800001, 0x00002001, 0x00802080, 0x00800081,
  427. 0x00002001, 0x00002080, 0x00800000, 0x00802001,
  428. 0x00000080, 0x00800000, 0x00002000, 0x00802080
  429. };
  430. static const u32 S5[64] = {
  431. 0x00000100, 0x02080100, 0x02080000, 0x42000100,
  432. 0x00080000, 0x00000100, 0x40000000, 0x02080000,
  433. 0x40080100, 0x00080000, 0x02000100, 0x40080100,
  434. 0x42000100, 0x42080000, 0x00080100, 0x40000000,
  435. 0x02000000, 0x40080000, 0x40080000, 0x00000000,
  436. 0x40000100, 0x42080100, 0x42080100, 0x02000100,
  437. 0x42080000, 0x40000100, 0x00000000, 0x42000000,
  438. 0x02080100, 0x02000000, 0x42000000, 0x00080100,
  439. 0x00080000, 0x42000100, 0x00000100, 0x02000000,
  440. 0x40000000, 0x02080000, 0x42000100, 0x40080100,
  441. 0x02000100, 0x40000000, 0x42080000, 0x02080100,
  442. 0x40080100, 0x00000100, 0x02000000, 0x42080000,
  443. 0x42080100, 0x00080100, 0x42000000, 0x42080100,
  444. 0x02080000, 0x00000000, 0x40080000, 0x42000000,
  445. 0x00080100, 0x02000100, 0x40000100, 0x00080000,
  446. 0x00000000, 0x40080000, 0x02080100, 0x40000100
  447. };
  448. static const u32 S6[64] = {
  449. 0x20000010, 0x20400000, 0x00004000, 0x20404010,
  450. 0x20400000, 0x00000010, 0x20404010, 0x00400000,
  451. 0x20004000, 0x00404010, 0x00400000, 0x20000010,
  452. 0x00400010, 0x20004000, 0x20000000, 0x00004010,
  453. 0x00000000, 0x00400010, 0x20004010, 0x00004000,
  454. 0x00404000, 0x20004010, 0x00000010, 0x20400010,
  455. 0x20400010, 0x00000000, 0x00404010, 0x20404000,
  456. 0x00004010, 0x00404000, 0x20404000, 0x20000000,
  457. 0x20004000, 0x00000010, 0x20400010, 0x00404000,
  458. 0x20404010, 0x00400000, 0x00004010, 0x20000010,
  459. 0x00400000, 0x20004000, 0x20000000, 0x00004010,
  460. 0x20000010, 0x20404010, 0x00404000, 0x20400000,
  461. 0x00404010, 0x20404000, 0x00000000, 0x20400010,
  462. 0x00000010, 0x00004000, 0x20400000, 0x00404010,
  463. 0x00004000, 0x00400010, 0x20004010, 0x00000000,
  464. 0x20404000, 0x20000000, 0x00400010, 0x20004010
  465. };
  466. static const u32 S7[64] = {
  467. 0x00200000, 0x04200002, 0x04000802, 0x00000000,
  468. 0x00000800, 0x04000802, 0x00200802, 0x04200800,
  469. 0x04200802, 0x00200000, 0x00000000, 0x04000002,
  470. 0x00000002, 0x04000000, 0x04200002, 0x00000802,
  471. 0x04000800, 0x00200802, 0x00200002, 0x04000800,
  472. 0x04000002, 0x04200000, 0x04200800, 0x00200002,
  473. 0x04200000, 0x00000800, 0x00000802, 0x04200802,
  474. 0x00200800, 0x00000002, 0x04000000, 0x00200800,
  475. 0x04000000, 0x00200800, 0x00200000, 0x04000802,
  476. 0x04000802, 0x04200002, 0x04200002, 0x00000002,
  477. 0x00200002, 0x04000000, 0x04000800, 0x00200000,
  478. 0x04200800, 0x00000802, 0x00200802, 0x04200800,
  479. 0x00000802, 0x04000002, 0x04200802, 0x04200000,
  480. 0x00200800, 0x00000000, 0x00000002, 0x04200802,
  481. 0x00000000, 0x00200802, 0x04200000, 0x00000800,
  482. 0x04000002, 0x04000800, 0x00000800, 0x00200002
  483. };
  484. static const u32 S8[64] = {
  485. 0x10001040, 0x00001000, 0x00040000, 0x10041040,
  486. 0x10000000, 0x10001040, 0x00000040, 0x10000000,
  487. 0x00040040, 0x10040000, 0x10041040, 0x00041000,
  488. 0x10041000, 0x00041040, 0x00001000, 0x00000040,
  489. 0x10040000, 0x10000040, 0x10001000, 0x00001040,
  490. 0x00041000, 0x00040040, 0x10040040, 0x10041000,
  491. 0x00001040, 0x00000000, 0x00000000, 0x10040040,
  492. 0x10000040, 0x10001000, 0x00041040, 0x00040000,
  493. 0x00041040, 0x00040000, 0x10041000, 0x00001000,
  494. 0x00000040, 0x10040040, 0x00001000, 0x00041040,
  495. 0x10001000, 0x00000040, 0x10000040, 0x10040000,
  496. 0x10040040, 0x10000000, 0x00040000, 0x10001040,
  497. 0x00000000, 0x10041040, 0x00040040, 0x10000040,
  498. 0x10040000, 0x10001000, 0x10001040, 0x00000000,
  499. 0x10041040, 0x00041000, 0x00041000, 0x00001040,
  500. 0x00001040, 0x00040040, 0x10000000, 0x10041000
  501. };
  502. /* Encryption components: IP, FP, and round function */
  503. #define IP(L, R, T) \
  504. ROL(R, 4); \
  505. T = L; \
  506. L ^= R; \
  507. L &= 0xf0f0f0f0; \
  508. R ^= L; \
  509. L ^= T; \
  510. ROL(R, 12); \
  511. T = L; \
  512. L ^= R; \
  513. L &= 0xffff0000; \
  514. R ^= L; \
  515. L ^= T; \
  516. ROR(R, 14); \
  517. T = L; \
  518. L ^= R; \
  519. L &= 0xcccccccc; \
  520. R ^= L; \
  521. L ^= T; \
  522. ROL(R, 6); \
  523. T = L; \
  524. L ^= R; \
  525. L &= 0xff00ff00; \
  526. R ^= L; \
  527. L ^= T; \
  528. ROR(R, 7); \
  529. T = L; \
  530. L ^= R; \
  531. L &= 0xaaaaaaaa; \
  532. R ^= L; \
  533. L ^= T; \
  534. ROL(L, 1);
  535. #define FP(L, R, T) \
  536. ROR(L, 1); \
  537. T = L; \
  538. L ^= R; \
  539. L &= 0xaaaaaaaa; \
  540. R ^= L; \
  541. L ^= T; \
  542. ROL(R, 7); \
  543. T = L; \
  544. L ^= R; \
  545. L &= 0xff00ff00; \
  546. R ^= L; \
  547. L ^= T; \
  548. ROR(R, 6); \
  549. T = L; \
  550. L ^= R; \
  551. L &= 0xcccccccc; \
  552. R ^= L; \
  553. L ^= T; \
  554. ROL(R, 14); \
  555. T = L; \
  556. L ^= R; \
  557. L &= 0xffff0000; \
  558. R ^= L; \
  559. L ^= T; \
  560. ROR(R, 12); \
  561. T = L; \
  562. L ^= R; \
  563. L &= 0xf0f0f0f0; \
  564. R ^= L; \
  565. L ^= T; \
  566. ROR(R, 4);
  567. #define ROUND(L, R, A, B, K, d) \
  568. B = K[0]; A = K[1]; K += d; \
  569. B ^= R; A ^= R; \
  570. B &= 0x3f3f3f3f; ROR(A, 4); \
  571. L ^= S8[0xff & B]; A &= 0x3f3f3f3f; \
  572. L ^= S6[0xff & (B >> 8)]; B >>= 16; \
  573. L ^= S7[0xff & A]; \
  574. L ^= S5[0xff & (A >> 8)]; A >>= 16; \
  575. L ^= S4[0xff & B]; \
  576. L ^= S2[0xff & (B >> 8)]; \
  577. L ^= S3[0xff & A]; \
  578. L ^= S1[0xff & (A >> 8)];
  579. /*
  580. * PC2 lookup tables are organized as 2 consecutive sets of 4 interleaved
  581. * tables of 128 elements. One set is for C_i and the other for D_i, while
  582. * the 4 interleaved tables correspond to four 7-bit subsets of C_i or D_i.
  583. *
  584. * After PC1 each of the variables a,b,c,d contains a 7 bit subset of C_i
  585. * or D_i in bits 7-1 (bit 0 being the least significant).
  586. */
  587. #define T1(x) pt[2 * (x) + 0]
  588. #define T2(x) pt[2 * (x) + 1]
  589. #define T3(x) pt[2 * (x) + 2]
  590. #define T4(x) pt[2 * (x) + 3]
  591. #define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
  592. /*
  593. * Encryption key expansion
  594. *
  595. * RFC2451: Weak key checks SHOULD be performed.
  596. *
  597. * FIPS 74:
  598. *
  599. * Keys having duals are keys which produce all zeros, all ones, or
  600. * alternating zero-one patterns in the C and D registers after Permuted
  601. * Choice 1 has operated on the key.
  602. *
  603. */
  604. unsigned long des_ekey(u32 *pe, const u8 *k)
  605. {
  606. /* K&R: long is at least 32 bits */
  607. unsigned long a, b, c, d, w;
  608. const u32 *pt = pc2;
  609. d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
  610. c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
  611. b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
  612. a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
  613. pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
  614. pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  615. pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  616. pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  617. pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  618. pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  619. pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  620. pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
  621. pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  622. pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  623. pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  624. pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  625. pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  626. pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  627. pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
  628. pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
  629. /* Check if first half is weak */
  630. w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
  631. /* Skip to next table set */
  632. pt += 512;
  633. d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
  634. c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
  635. b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
  636. a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
  637. /* Check if second half is weak */
  638. w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
  639. pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
  640. pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  641. pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  642. pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  643. pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  644. pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  645. pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  646. pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
  647. pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  648. pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  649. pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  650. pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  651. pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  652. pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  653. pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
  654. pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
  655. /* Fixup: 2413 5768 -> 1357 2468 */
  656. for (d = 0; d < 16; ++d) {
  657. a = pe[2 * d];
  658. b = pe[2 * d + 1];
  659. c = a ^ b;
  660. c &= 0xffff0000;
  661. a ^= c;
  662. b ^= c;
  663. ROL(b, 18);
  664. pe[2 * d] = a;
  665. pe[2 * d + 1] = b;
  666. }
  667. /* Zero if weak key */
  668. return w;
  669. }
  670. EXPORT_SYMBOL_GPL(des_ekey);
  671. /*
  672. * Decryption key expansion
  673. *
  674. * No weak key checking is performed, as this is only used by triple DES
  675. *
  676. */
  677. static void dkey(u32 *pe, const u8 *k)
  678. {
  679. /* K&R: long is at least 32 bits */
  680. unsigned long a, b, c, d;
  681. const u32 *pt = pc2;
  682. d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
  683. c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
  684. b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
  685. a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
  686. pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
  687. pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  688. pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  689. pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  690. pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  691. pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  692. pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  693. pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
  694. pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  695. pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  696. pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  697. pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  698. pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  699. pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  700. pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
  701. pe[15 * 2] = DES_PC2(b, c, d, a);
  702. /* Skip to next table set */
  703. pt += 512;
  704. d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
  705. c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
  706. b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
  707. a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
  708. pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
  709. pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  710. pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  711. pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  712. pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  713. pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
  714. pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
  715. pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
  716. pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  717. pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  718. pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  719. pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  720. pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
  721. pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
  722. pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
  723. pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
  724. /* Fixup: 2413 5768 -> 1357 2468 */
  725. for (d = 0; d < 16; ++d) {
  726. a = pe[2 * d];
  727. b = pe[2 * d + 1];
  728. c = a ^ b;
  729. c &= 0xffff0000;
  730. a ^= c;
  731. b ^= c;
  732. ROL(b, 18);
  733. pe[2 * d] = a;
  734. pe[2 * d + 1] = b;
  735. }
  736. }
  737. static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
  738. unsigned int keylen)
  739. {
  740. struct des_ctx *dctx = crypto_tfm_ctx(tfm);
  741. u32 *flags = &tfm->crt_flags;
  742. u32 tmp[DES_EXPKEY_WORDS];
  743. int ret;
  744. /* Expand to tmp */
  745. ret = des_ekey(tmp, key);
  746. if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
  747. *flags |= CRYPTO_TFM_RES_WEAK_KEY;
  748. return -EINVAL;
  749. }
  750. /* Copy to output */
  751. memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
  752. return 0;
  753. }
  754. static void des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
  755. {
  756. struct des_ctx *ctx = crypto_tfm_ctx(tfm);
  757. const u32 *K = ctx->expkey;
  758. const __le32 *s = (const __le32 *)src;
  759. __le32 *d = (__le32 *)dst;
  760. u32 L, R, A, B;
  761. int i;
  762. L = le32_to_cpu(s[0]);
  763. R = le32_to_cpu(s[1]);
  764. IP(L, R, A);
  765. for (i = 0; i < 8; i++) {
  766. ROUND(L, R, A, B, K, 2);
  767. ROUND(R, L, A, B, K, 2);
  768. }
  769. FP(R, L, A);
  770. d[0] = cpu_to_le32(R);
  771. d[1] = cpu_to_le32(L);
  772. }
  773. static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
  774. {
  775. struct des_ctx *ctx = crypto_tfm_ctx(tfm);
  776. const u32 *K = ctx->expkey + DES_EXPKEY_WORDS - 2;
  777. const __le32 *s = (const __le32 *)src;
  778. __le32 *d = (__le32 *)dst;
  779. u32 L, R, A, B;
  780. int i;
  781. L = le32_to_cpu(s[0]);
  782. R = le32_to_cpu(s[1]);
  783. IP(L, R, A);
  784. for (i = 0; i < 8; i++) {
  785. ROUND(L, R, A, B, K, -2);
  786. ROUND(R, L, A, B, K, -2);
  787. }
  788. FP(R, L, A);
  789. d[0] = cpu_to_le32(R);
  790. d[1] = cpu_to_le32(L);
  791. }
  792. /*
  793. * RFC2451:
  794. *
  795. * For DES-EDE3, there is no known need to reject weak or
  796. * complementation keys. Any weakness is obviated by the use of
  797. * multiple keys.
  798. *
  799. * However, if the first two or last two independent 64-bit keys are
  800. * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
  801. * same as DES. Implementers MUST reject keys that exhibit this
  802. * property.
  803. *
  804. */
  805. static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
  806. unsigned int keylen)
  807. {
  808. const u32 *K = (const u32 *)key;
  809. struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
  810. u32 *expkey = dctx->expkey;
  811. u32 *flags = &tfm->crt_flags;
  812. if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
  813. !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
  814. (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
  815. *flags |= CRYPTO_TFM_RES_WEAK_KEY;
  816. return -EINVAL;
  817. }
  818. des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
  819. dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
  820. des_ekey(expkey, key);
  821. return 0;
  822. }
  823. static void des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
  824. {
  825. struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
  826. const u32 *K = dctx->expkey;
  827. const __le32 *s = (const __le32 *)src;
  828. __le32 *d = (__le32 *)dst;
  829. u32 L, R, A, B;
  830. int i;
  831. L = le32_to_cpu(s[0]);
  832. R = le32_to_cpu(s[1]);
  833. IP(L, R, A);
  834. for (i = 0; i < 8; i++) {
  835. ROUND(L, R, A, B, K, 2);
  836. ROUND(R, L, A, B, K, 2);
  837. }
  838. for (i = 0; i < 8; i++) {
  839. ROUND(R, L, A, B, K, 2);
  840. ROUND(L, R, A, B, K, 2);
  841. }
  842. for (i = 0; i < 8; i++) {
  843. ROUND(L, R, A, B, K, 2);
  844. ROUND(R, L, A, B, K, 2);
  845. }
  846. FP(R, L, A);
  847. d[0] = cpu_to_le32(R);
  848. d[1] = cpu_to_le32(L);
  849. }
  850. static void des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
  851. {
  852. struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
  853. const u32 *K = dctx->expkey + DES3_EDE_EXPKEY_WORDS - 2;
  854. const __le32 *s = (const __le32 *)src;
  855. __le32 *d = (__le32 *)dst;
  856. u32 L, R, A, B;
  857. int i;
  858. L = le32_to_cpu(s[0]);
  859. R = le32_to_cpu(s[1]);
  860. IP(L, R, A);
  861. for (i = 0; i < 8; i++) {
  862. ROUND(L, R, A, B, K, -2);
  863. ROUND(R, L, A, B, K, -2);
  864. }
  865. for (i = 0; i < 8; i++) {
  866. ROUND(R, L, A, B, K, -2);
  867. ROUND(L, R, A, B, K, -2);
  868. }
  869. for (i = 0; i < 8; i++) {
  870. ROUND(L, R, A, B, K, -2);
  871. ROUND(R, L, A, B, K, -2);
  872. }
  873. FP(R, L, A);
  874. d[0] = cpu_to_le32(R);
  875. d[1] = cpu_to_le32(L);
  876. }
  877. static struct crypto_alg des_alg = {
  878. .cra_name = "des",
  879. .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
  880. .cra_blocksize = DES_BLOCK_SIZE,
  881. .cra_ctxsize = sizeof(struct des_ctx),
  882. .cra_module = THIS_MODULE,
  883. .cra_alignmask = 3,
  884. .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
  885. .cra_u = { .cipher = {
  886. .cia_min_keysize = DES_KEY_SIZE,
  887. .cia_max_keysize = DES_KEY_SIZE,
  888. .cia_setkey = des_setkey,
  889. .cia_encrypt = des_encrypt,
  890. .cia_decrypt = des_decrypt } }
  891. };
  892. static struct crypto_alg des3_ede_alg = {
  893. .cra_name = "des3_ede",
  894. .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
  895. .cra_blocksize = DES3_EDE_BLOCK_SIZE,
  896. .cra_ctxsize = sizeof(struct des3_ede_ctx),
  897. .cra_module = THIS_MODULE,
  898. .cra_alignmask = 3,
  899. .cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list),
  900. .cra_u = { .cipher = {
  901. .cia_min_keysize = DES3_EDE_KEY_SIZE,
  902. .cia_max_keysize = DES3_EDE_KEY_SIZE,
  903. .cia_setkey = des3_ede_setkey,
  904. .cia_encrypt = des3_ede_encrypt,
  905. .cia_decrypt = des3_ede_decrypt } }
  906. };
  907. MODULE_ALIAS("des3_ede");
  908. static int __init des_generic_mod_init(void)
  909. {
  910. int ret = 0;
  911. ret = crypto_register_alg(&des_alg);
  912. if (ret < 0)
  913. goto out;
  914. ret = crypto_register_alg(&des3_ede_alg);
  915. if (ret < 0)
  916. crypto_unregister_alg(&des_alg);
  917. out:
  918. return ret;
  919. }
  920. static void __exit des_generic_mod_fini(void)
  921. {
  922. crypto_unregister_alg(&des3_ede_alg);
  923. crypto_unregister_alg(&des_alg);
  924. }
  925. module_init(des_generic_mod_init);
  926. module_exit(des_generic_mod_fini);
  927. MODULE_LICENSE("GPL");
  928. MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
  929. MODULE_AUTHOR("Dag Arne Osvik <da@osvik.no>");
  930. MODULE_ALIAS("des");