blob: dc085514408a40aa17000db5a49870b9c7bb4f11 [file] [log] [blame]
Thomas Gleixner2874c5f2019-05-27 08:55:01 +02001// SPDX-License-Identifier: GPL-2.0-or-later
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -07002/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07003 * Cryptographic API.
4 *
5 * DES & Triple DES EDE Cipher Algorithms.
6 *
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -07007 * Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
Linus Torvalds1da177e2005-04-16 15:20:36 -07008 */
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -07009
Herbert Xu06ace7a2005-10-30 21:25:15 +110010#include <asm/byteorder.h>
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -070011#include <linux/bitops.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070012#include <linux/init.h>
13#include <linux/module.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070014#include <linux/errno.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070015#include <linux/crypto.h>
Herbert Xu06ace7a2005-10-30 21:25:15 +110016#include <linux/types.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070017
Evgeniy Polyakov16d004a2007-10-11 19:48:58 +080018#include <crypto/des.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070019
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -070020#define ROL(x, r) ((x) = rol32((x), (r)))
21#define ROR(x, r) ((x) = ror32((x), (r)))
Linus Torvalds1da177e2005-04-16 15:20:36 -070022
23struct des_ctx {
Linus Torvalds1da177e2005-04-16 15:20:36 -070024 u32 expkey[DES_EXPKEY_WORDS];
25};
26
27struct des3_ede_ctx {
Linus Torvalds1da177e2005-04-16 15:20:36 -070028 u32 expkey[DES3_EDE_EXPKEY_WORDS];
29};
30
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -070031/* Lookup tables for key expansion */
Linus Torvalds1da177e2005-04-16 15:20:36 -070032
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -070033static const u8 pc1[256] = {
34 0x00, 0x00, 0x40, 0x04, 0x10, 0x10, 0x50, 0x14,
35 0x04, 0x40, 0x44, 0x44, 0x14, 0x50, 0x54, 0x54,
36 0x02, 0x02, 0x42, 0x06, 0x12, 0x12, 0x52, 0x16,
37 0x06, 0x42, 0x46, 0x46, 0x16, 0x52, 0x56, 0x56,
38 0x80, 0x08, 0xc0, 0x0c, 0x90, 0x18, 0xd0, 0x1c,
39 0x84, 0x48, 0xc4, 0x4c, 0x94, 0x58, 0xd4, 0x5c,
40 0x82, 0x0a, 0xc2, 0x0e, 0x92, 0x1a, 0xd2, 0x1e,
41 0x86, 0x4a, 0xc6, 0x4e, 0x96, 0x5a, 0xd6, 0x5e,
42 0x20, 0x20, 0x60, 0x24, 0x30, 0x30, 0x70, 0x34,
43 0x24, 0x60, 0x64, 0x64, 0x34, 0x70, 0x74, 0x74,
44 0x22, 0x22, 0x62, 0x26, 0x32, 0x32, 0x72, 0x36,
45 0x26, 0x62, 0x66, 0x66, 0x36, 0x72, 0x76, 0x76,
46 0xa0, 0x28, 0xe0, 0x2c, 0xb0, 0x38, 0xf0, 0x3c,
47 0xa4, 0x68, 0xe4, 0x6c, 0xb4, 0x78, 0xf4, 0x7c,
48 0xa2, 0x2a, 0xe2, 0x2e, 0xb2, 0x3a, 0xf2, 0x3e,
49 0xa6, 0x6a, 0xe6, 0x6e, 0xb6, 0x7a, 0xf6, 0x7e,
50 0x08, 0x80, 0x48, 0x84, 0x18, 0x90, 0x58, 0x94,
51 0x0c, 0xc0, 0x4c, 0xc4, 0x1c, 0xd0, 0x5c, 0xd4,
52 0x0a, 0x82, 0x4a, 0x86, 0x1a, 0x92, 0x5a, 0x96,
53 0x0e, 0xc2, 0x4e, 0xc6, 0x1e, 0xd2, 0x5e, 0xd6,
54 0x88, 0x88, 0xc8, 0x8c, 0x98, 0x98, 0xd8, 0x9c,
55 0x8c, 0xc8, 0xcc, 0xcc, 0x9c, 0xd8, 0xdc, 0xdc,
56 0x8a, 0x8a, 0xca, 0x8e, 0x9a, 0x9a, 0xda, 0x9e,
57 0x8e, 0xca, 0xce, 0xce, 0x9e, 0xda, 0xde, 0xde,
58 0x28, 0xa0, 0x68, 0xa4, 0x38, 0xb0, 0x78, 0xb4,
59 0x2c, 0xe0, 0x6c, 0xe4, 0x3c, 0xf0, 0x7c, 0xf4,
60 0x2a, 0xa2, 0x6a, 0xa6, 0x3a, 0xb2, 0x7a, 0xb6,
61 0x2e, 0xe2, 0x6e, 0xe6, 0x3e, 0xf2, 0x7e, 0xf6,
62 0xa8, 0xa8, 0xe8, 0xac, 0xb8, 0xb8, 0xf8, 0xbc,
63 0xac, 0xe8, 0xec, 0xec, 0xbc, 0xf8, 0xfc, 0xfc,
64 0xaa, 0xaa, 0xea, 0xae, 0xba, 0xba, 0xfa, 0xbe,
65 0xae, 0xea, 0xee, 0xee, 0xbe, 0xfa, 0xfe, 0xfe
Linus Torvalds1da177e2005-04-16 15:20:36 -070066};
67
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -070068static const u8 rs[256] = {
69 0x00, 0x00, 0x80, 0x80, 0x02, 0x02, 0x82, 0x82,
70 0x04, 0x04, 0x84, 0x84, 0x06, 0x06, 0x86, 0x86,
71 0x08, 0x08, 0x88, 0x88, 0x0a, 0x0a, 0x8a, 0x8a,
72 0x0c, 0x0c, 0x8c, 0x8c, 0x0e, 0x0e, 0x8e, 0x8e,
73 0x10, 0x10, 0x90, 0x90, 0x12, 0x12, 0x92, 0x92,
74 0x14, 0x14, 0x94, 0x94, 0x16, 0x16, 0x96, 0x96,
75 0x18, 0x18, 0x98, 0x98, 0x1a, 0x1a, 0x9a, 0x9a,
76 0x1c, 0x1c, 0x9c, 0x9c, 0x1e, 0x1e, 0x9e, 0x9e,
77 0x20, 0x20, 0xa0, 0xa0, 0x22, 0x22, 0xa2, 0xa2,
78 0x24, 0x24, 0xa4, 0xa4, 0x26, 0x26, 0xa6, 0xa6,
79 0x28, 0x28, 0xa8, 0xa8, 0x2a, 0x2a, 0xaa, 0xaa,
80 0x2c, 0x2c, 0xac, 0xac, 0x2e, 0x2e, 0xae, 0xae,
81 0x30, 0x30, 0xb0, 0xb0, 0x32, 0x32, 0xb2, 0xb2,
82 0x34, 0x34, 0xb4, 0xb4, 0x36, 0x36, 0xb6, 0xb6,
83 0x38, 0x38, 0xb8, 0xb8, 0x3a, 0x3a, 0xba, 0xba,
84 0x3c, 0x3c, 0xbc, 0xbc, 0x3e, 0x3e, 0xbe, 0xbe,
85 0x40, 0x40, 0xc0, 0xc0, 0x42, 0x42, 0xc2, 0xc2,
86 0x44, 0x44, 0xc4, 0xc4, 0x46, 0x46, 0xc6, 0xc6,
87 0x48, 0x48, 0xc8, 0xc8, 0x4a, 0x4a, 0xca, 0xca,
88 0x4c, 0x4c, 0xcc, 0xcc, 0x4e, 0x4e, 0xce, 0xce,
89 0x50, 0x50, 0xd0, 0xd0, 0x52, 0x52, 0xd2, 0xd2,
90 0x54, 0x54, 0xd4, 0xd4, 0x56, 0x56, 0xd6, 0xd6,
91 0x58, 0x58, 0xd8, 0xd8, 0x5a, 0x5a, 0xda, 0xda,
92 0x5c, 0x5c, 0xdc, 0xdc, 0x5e, 0x5e, 0xde, 0xde,
93 0x60, 0x60, 0xe0, 0xe0, 0x62, 0x62, 0xe2, 0xe2,
94 0x64, 0x64, 0xe4, 0xe4, 0x66, 0x66, 0xe6, 0xe6,
95 0x68, 0x68, 0xe8, 0xe8, 0x6a, 0x6a, 0xea, 0xea,
96 0x6c, 0x6c, 0xec, 0xec, 0x6e, 0x6e, 0xee, 0xee,
97 0x70, 0x70, 0xf0, 0xf0, 0x72, 0x72, 0xf2, 0xf2,
98 0x74, 0x74, 0xf4, 0xf4, 0x76, 0x76, 0xf6, 0xf6,
99 0x78, 0x78, 0xf8, 0xf8, 0x7a, 0x7a, 0xfa, 0xfa,
100 0x7c, 0x7c, 0xfc, 0xfc, 0x7e, 0x7e, 0xfe, 0xfe
Linus Torvalds1da177e2005-04-16 15:20:36 -0700101};
102
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700103static const u32 pc2[1024] = {
104 0x00000000, 0x00000000, 0x00000000, 0x00000000,
105 0x00040000, 0x00000000, 0x04000000, 0x00100000,
106 0x00400000, 0x00000008, 0x00000800, 0x40000000,
107 0x00440000, 0x00000008, 0x04000800, 0x40100000,
108 0x00000400, 0x00000020, 0x08000000, 0x00000100,
109 0x00040400, 0x00000020, 0x0c000000, 0x00100100,
110 0x00400400, 0x00000028, 0x08000800, 0x40000100,
111 0x00440400, 0x00000028, 0x0c000800, 0x40100100,
112 0x80000000, 0x00000010, 0x00000000, 0x00800000,
113 0x80040000, 0x00000010, 0x04000000, 0x00900000,
114 0x80400000, 0x00000018, 0x00000800, 0x40800000,
115 0x80440000, 0x00000018, 0x04000800, 0x40900000,
116 0x80000400, 0x00000030, 0x08000000, 0x00800100,
117 0x80040400, 0x00000030, 0x0c000000, 0x00900100,
118 0x80400400, 0x00000038, 0x08000800, 0x40800100,
119 0x80440400, 0x00000038, 0x0c000800, 0x40900100,
120 0x10000000, 0x00000000, 0x00200000, 0x00001000,
121 0x10040000, 0x00000000, 0x04200000, 0x00101000,
122 0x10400000, 0x00000008, 0x00200800, 0x40001000,
123 0x10440000, 0x00000008, 0x04200800, 0x40101000,
124 0x10000400, 0x00000020, 0x08200000, 0x00001100,
125 0x10040400, 0x00000020, 0x0c200000, 0x00101100,
126 0x10400400, 0x00000028, 0x08200800, 0x40001100,
127 0x10440400, 0x00000028, 0x0c200800, 0x40101100,
128 0x90000000, 0x00000010, 0x00200000, 0x00801000,
129 0x90040000, 0x00000010, 0x04200000, 0x00901000,
130 0x90400000, 0x00000018, 0x00200800, 0x40801000,
131 0x90440000, 0x00000018, 0x04200800, 0x40901000,
132 0x90000400, 0x00000030, 0x08200000, 0x00801100,
133 0x90040400, 0x00000030, 0x0c200000, 0x00901100,
134 0x90400400, 0x00000038, 0x08200800, 0x40801100,
135 0x90440400, 0x00000038, 0x0c200800, 0x40901100,
136 0x00000200, 0x00080000, 0x00000000, 0x00000004,
137 0x00040200, 0x00080000, 0x04000000, 0x00100004,
138 0x00400200, 0x00080008, 0x00000800, 0x40000004,
139 0x00440200, 0x00080008, 0x04000800, 0x40100004,
140 0x00000600, 0x00080020, 0x08000000, 0x00000104,
141 0x00040600, 0x00080020, 0x0c000000, 0x00100104,
142 0x00400600, 0x00080028, 0x08000800, 0x40000104,
143 0x00440600, 0x00080028, 0x0c000800, 0x40100104,
144 0x80000200, 0x00080010, 0x00000000, 0x00800004,
145 0x80040200, 0x00080010, 0x04000000, 0x00900004,
146 0x80400200, 0x00080018, 0x00000800, 0x40800004,
147 0x80440200, 0x00080018, 0x04000800, 0x40900004,
148 0x80000600, 0x00080030, 0x08000000, 0x00800104,
149 0x80040600, 0x00080030, 0x0c000000, 0x00900104,
150 0x80400600, 0x00080038, 0x08000800, 0x40800104,
151 0x80440600, 0x00080038, 0x0c000800, 0x40900104,
152 0x10000200, 0x00080000, 0x00200000, 0x00001004,
153 0x10040200, 0x00080000, 0x04200000, 0x00101004,
154 0x10400200, 0x00080008, 0x00200800, 0x40001004,
155 0x10440200, 0x00080008, 0x04200800, 0x40101004,
156 0x10000600, 0x00080020, 0x08200000, 0x00001104,
157 0x10040600, 0x00080020, 0x0c200000, 0x00101104,
158 0x10400600, 0x00080028, 0x08200800, 0x40001104,
159 0x10440600, 0x00080028, 0x0c200800, 0x40101104,
160 0x90000200, 0x00080010, 0x00200000, 0x00801004,
161 0x90040200, 0x00080010, 0x04200000, 0x00901004,
162 0x90400200, 0x00080018, 0x00200800, 0x40801004,
163 0x90440200, 0x00080018, 0x04200800, 0x40901004,
164 0x90000600, 0x00080030, 0x08200000, 0x00801104,
165 0x90040600, 0x00080030, 0x0c200000, 0x00901104,
166 0x90400600, 0x00080038, 0x08200800, 0x40801104,
167 0x90440600, 0x00080038, 0x0c200800, 0x40901104,
168 0x00000002, 0x00002000, 0x20000000, 0x00000001,
169 0x00040002, 0x00002000, 0x24000000, 0x00100001,
170 0x00400002, 0x00002008, 0x20000800, 0x40000001,
171 0x00440002, 0x00002008, 0x24000800, 0x40100001,
172 0x00000402, 0x00002020, 0x28000000, 0x00000101,
173 0x00040402, 0x00002020, 0x2c000000, 0x00100101,
174 0x00400402, 0x00002028, 0x28000800, 0x40000101,
175 0x00440402, 0x00002028, 0x2c000800, 0x40100101,
176 0x80000002, 0x00002010, 0x20000000, 0x00800001,
177 0x80040002, 0x00002010, 0x24000000, 0x00900001,
178 0x80400002, 0x00002018, 0x20000800, 0x40800001,
179 0x80440002, 0x00002018, 0x24000800, 0x40900001,
180 0x80000402, 0x00002030, 0x28000000, 0x00800101,
181 0x80040402, 0x00002030, 0x2c000000, 0x00900101,
182 0x80400402, 0x00002038, 0x28000800, 0x40800101,
183 0x80440402, 0x00002038, 0x2c000800, 0x40900101,
184 0x10000002, 0x00002000, 0x20200000, 0x00001001,
185 0x10040002, 0x00002000, 0x24200000, 0x00101001,
186 0x10400002, 0x00002008, 0x20200800, 0x40001001,
187 0x10440002, 0x00002008, 0x24200800, 0x40101001,
188 0x10000402, 0x00002020, 0x28200000, 0x00001101,
189 0x10040402, 0x00002020, 0x2c200000, 0x00101101,
190 0x10400402, 0x00002028, 0x28200800, 0x40001101,
191 0x10440402, 0x00002028, 0x2c200800, 0x40101101,
192 0x90000002, 0x00002010, 0x20200000, 0x00801001,
193 0x90040002, 0x00002010, 0x24200000, 0x00901001,
194 0x90400002, 0x00002018, 0x20200800, 0x40801001,
195 0x90440002, 0x00002018, 0x24200800, 0x40901001,
196 0x90000402, 0x00002030, 0x28200000, 0x00801101,
197 0x90040402, 0x00002030, 0x2c200000, 0x00901101,
198 0x90400402, 0x00002038, 0x28200800, 0x40801101,
199 0x90440402, 0x00002038, 0x2c200800, 0x40901101,
200 0x00000202, 0x00082000, 0x20000000, 0x00000005,
201 0x00040202, 0x00082000, 0x24000000, 0x00100005,
202 0x00400202, 0x00082008, 0x20000800, 0x40000005,
203 0x00440202, 0x00082008, 0x24000800, 0x40100005,
204 0x00000602, 0x00082020, 0x28000000, 0x00000105,
205 0x00040602, 0x00082020, 0x2c000000, 0x00100105,
206 0x00400602, 0x00082028, 0x28000800, 0x40000105,
207 0x00440602, 0x00082028, 0x2c000800, 0x40100105,
208 0x80000202, 0x00082010, 0x20000000, 0x00800005,
209 0x80040202, 0x00082010, 0x24000000, 0x00900005,
210 0x80400202, 0x00082018, 0x20000800, 0x40800005,
211 0x80440202, 0x00082018, 0x24000800, 0x40900005,
212 0x80000602, 0x00082030, 0x28000000, 0x00800105,
213 0x80040602, 0x00082030, 0x2c000000, 0x00900105,
214 0x80400602, 0x00082038, 0x28000800, 0x40800105,
215 0x80440602, 0x00082038, 0x2c000800, 0x40900105,
216 0x10000202, 0x00082000, 0x20200000, 0x00001005,
217 0x10040202, 0x00082000, 0x24200000, 0x00101005,
218 0x10400202, 0x00082008, 0x20200800, 0x40001005,
219 0x10440202, 0x00082008, 0x24200800, 0x40101005,
220 0x10000602, 0x00082020, 0x28200000, 0x00001105,
221 0x10040602, 0x00082020, 0x2c200000, 0x00101105,
222 0x10400602, 0x00082028, 0x28200800, 0x40001105,
223 0x10440602, 0x00082028, 0x2c200800, 0x40101105,
224 0x90000202, 0x00082010, 0x20200000, 0x00801005,
225 0x90040202, 0x00082010, 0x24200000, 0x00901005,
226 0x90400202, 0x00082018, 0x20200800, 0x40801005,
227 0x90440202, 0x00082018, 0x24200800, 0x40901005,
228 0x90000602, 0x00082030, 0x28200000, 0x00801105,
229 0x90040602, 0x00082030, 0x2c200000, 0x00901105,
230 0x90400602, 0x00082038, 0x28200800, 0x40801105,
231 0x90440602, 0x00082038, 0x2c200800, 0x40901105,
232
233 0x00000000, 0x00000000, 0x00000000, 0x00000000,
234 0x00000000, 0x00000008, 0x00080000, 0x10000000,
235 0x02000000, 0x00000000, 0x00000080, 0x00001000,
236 0x02000000, 0x00000008, 0x00080080, 0x10001000,
237 0x00004000, 0x00000000, 0x00000040, 0x00040000,
238 0x00004000, 0x00000008, 0x00080040, 0x10040000,
239 0x02004000, 0x00000000, 0x000000c0, 0x00041000,
240 0x02004000, 0x00000008, 0x000800c0, 0x10041000,
241 0x00020000, 0x00008000, 0x08000000, 0x00200000,
242 0x00020000, 0x00008008, 0x08080000, 0x10200000,
243 0x02020000, 0x00008000, 0x08000080, 0x00201000,
244 0x02020000, 0x00008008, 0x08080080, 0x10201000,
245 0x00024000, 0x00008000, 0x08000040, 0x00240000,
246 0x00024000, 0x00008008, 0x08080040, 0x10240000,
247 0x02024000, 0x00008000, 0x080000c0, 0x00241000,
248 0x02024000, 0x00008008, 0x080800c0, 0x10241000,
249 0x00000000, 0x01000000, 0x00002000, 0x00000020,
250 0x00000000, 0x01000008, 0x00082000, 0x10000020,
251 0x02000000, 0x01000000, 0x00002080, 0x00001020,
252 0x02000000, 0x01000008, 0x00082080, 0x10001020,
253 0x00004000, 0x01000000, 0x00002040, 0x00040020,
254 0x00004000, 0x01000008, 0x00082040, 0x10040020,
255 0x02004000, 0x01000000, 0x000020c0, 0x00041020,
256 0x02004000, 0x01000008, 0x000820c0, 0x10041020,
257 0x00020000, 0x01008000, 0x08002000, 0x00200020,
258 0x00020000, 0x01008008, 0x08082000, 0x10200020,
259 0x02020000, 0x01008000, 0x08002080, 0x00201020,
260 0x02020000, 0x01008008, 0x08082080, 0x10201020,
261 0x00024000, 0x01008000, 0x08002040, 0x00240020,
262 0x00024000, 0x01008008, 0x08082040, 0x10240020,
263 0x02024000, 0x01008000, 0x080020c0, 0x00241020,
264 0x02024000, 0x01008008, 0x080820c0, 0x10241020,
265 0x00000400, 0x04000000, 0x00100000, 0x00000004,
266 0x00000400, 0x04000008, 0x00180000, 0x10000004,
267 0x02000400, 0x04000000, 0x00100080, 0x00001004,
268 0x02000400, 0x04000008, 0x00180080, 0x10001004,
269 0x00004400, 0x04000000, 0x00100040, 0x00040004,
270 0x00004400, 0x04000008, 0x00180040, 0x10040004,
271 0x02004400, 0x04000000, 0x001000c0, 0x00041004,
272 0x02004400, 0x04000008, 0x001800c0, 0x10041004,
273 0x00020400, 0x04008000, 0x08100000, 0x00200004,
274 0x00020400, 0x04008008, 0x08180000, 0x10200004,
275 0x02020400, 0x04008000, 0x08100080, 0x00201004,
276 0x02020400, 0x04008008, 0x08180080, 0x10201004,
277 0x00024400, 0x04008000, 0x08100040, 0x00240004,
278 0x00024400, 0x04008008, 0x08180040, 0x10240004,
279 0x02024400, 0x04008000, 0x081000c0, 0x00241004,
280 0x02024400, 0x04008008, 0x081800c0, 0x10241004,
281 0x00000400, 0x05000000, 0x00102000, 0x00000024,
282 0x00000400, 0x05000008, 0x00182000, 0x10000024,
283 0x02000400, 0x05000000, 0x00102080, 0x00001024,
284 0x02000400, 0x05000008, 0x00182080, 0x10001024,
285 0x00004400, 0x05000000, 0x00102040, 0x00040024,
286 0x00004400, 0x05000008, 0x00182040, 0x10040024,
287 0x02004400, 0x05000000, 0x001020c0, 0x00041024,
288 0x02004400, 0x05000008, 0x001820c0, 0x10041024,
289 0x00020400, 0x05008000, 0x08102000, 0x00200024,
290 0x00020400, 0x05008008, 0x08182000, 0x10200024,
291 0x02020400, 0x05008000, 0x08102080, 0x00201024,
292 0x02020400, 0x05008008, 0x08182080, 0x10201024,
293 0x00024400, 0x05008000, 0x08102040, 0x00240024,
294 0x00024400, 0x05008008, 0x08182040, 0x10240024,
295 0x02024400, 0x05008000, 0x081020c0, 0x00241024,
296 0x02024400, 0x05008008, 0x081820c0, 0x10241024,
297 0x00000800, 0x00010000, 0x20000000, 0x00000010,
298 0x00000800, 0x00010008, 0x20080000, 0x10000010,
299 0x02000800, 0x00010000, 0x20000080, 0x00001010,
300 0x02000800, 0x00010008, 0x20080080, 0x10001010,
301 0x00004800, 0x00010000, 0x20000040, 0x00040010,
302 0x00004800, 0x00010008, 0x20080040, 0x10040010,
303 0x02004800, 0x00010000, 0x200000c0, 0x00041010,
304 0x02004800, 0x00010008, 0x200800c0, 0x10041010,
305 0x00020800, 0x00018000, 0x28000000, 0x00200010,
306 0x00020800, 0x00018008, 0x28080000, 0x10200010,
307 0x02020800, 0x00018000, 0x28000080, 0x00201010,
308 0x02020800, 0x00018008, 0x28080080, 0x10201010,
309 0x00024800, 0x00018000, 0x28000040, 0x00240010,
310 0x00024800, 0x00018008, 0x28080040, 0x10240010,
311 0x02024800, 0x00018000, 0x280000c0, 0x00241010,
312 0x02024800, 0x00018008, 0x280800c0, 0x10241010,
313 0x00000800, 0x01010000, 0x20002000, 0x00000030,
314 0x00000800, 0x01010008, 0x20082000, 0x10000030,
315 0x02000800, 0x01010000, 0x20002080, 0x00001030,
316 0x02000800, 0x01010008, 0x20082080, 0x10001030,
317 0x00004800, 0x01010000, 0x20002040, 0x00040030,
318 0x00004800, 0x01010008, 0x20082040, 0x10040030,
319 0x02004800, 0x01010000, 0x200020c0, 0x00041030,
320 0x02004800, 0x01010008, 0x200820c0, 0x10041030,
321 0x00020800, 0x01018000, 0x28002000, 0x00200030,
322 0x00020800, 0x01018008, 0x28082000, 0x10200030,
323 0x02020800, 0x01018000, 0x28002080, 0x00201030,
324 0x02020800, 0x01018008, 0x28082080, 0x10201030,
325 0x00024800, 0x01018000, 0x28002040, 0x00240030,
326 0x00024800, 0x01018008, 0x28082040, 0x10240030,
327 0x02024800, 0x01018000, 0x280020c0, 0x00241030,
328 0x02024800, 0x01018008, 0x280820c0, 0x10241030,
329 0x00000c00, 0x04010000, 0x20100000, 0x00000014,
330 0x00000c00, 0x04010008, 0x20180000, 0x10000014,
331 0x02000c00, 0x04010000, 0x20100080, 0x00001014,
332 0x02000c00, 0x04010008, 0x20180080, 0x10001014,
333 0x00004c00, 0x04010000, 0x20100040, 0x00040014,
334 0x00004c00, 0x04010008, 0x20180040, 0x10040014,
335 0x02004c00, 0x04010000, 0x201000c0, 0x00041014,
336 0x02004c00, 0x04010008, 0x201800c0, 0x10041014,
337 0x00020c00, 0x04018000, 0x28100000, 0x00200014,
338 0x00020c00, 0x04018008, 0x28180000, 0x10200014,
339 0x02020c00, 0x04018000, 0x28100080, 0x00201014,
340 0x02020c00, 0x04018008, 0x28180080, 0x10201014,
341 0x00024c00, 0x04018000, 0x28100040, 0x00240014,
342 0x00024c00, 0x04018008, 0x28180040, 0x10240014,
343 0x02024c00, 0x04018000, 0x281000c0, 0x00241014,
344 0x02024c00, 0x04018008, 0x281800c0, 0x10241014,
345 0x00000c00, 0x05010000, 0x20102000, 0x00000034,
346 0x00000c00, 0x05010008, 0x20182000, 0x10000034,
347 0x02000c00, 0x05010000, 0x20102080, 0x00001034,
348 0x02000c00, 0x05010008, 0x20182080, 0x10001034,
349 0x00004c00, 0x05010000, 0x20102040, 0x00040034,
350 0x00004c00, 0x05010008, 0x20182040, 0x10040034,
351 0x02004c00, 0x05010000, 0x201020c0, 0x00041034,
352 0x02004c00, 0x05010008, 0x201820c0, 0x10041034,
353 0x00020c00, 0x05018000, 0x28102000, 0x00200034,
354 0x00020c00, 0x05018008, 0x28182000, 0x10200034,
355 0x02020c00, 0x05018000, 0x28102080, 0x00201034,
356 0x02020c00, 0x05018008, 0x28182080, 0x10201034,
357 0x00024c00, 0x05018000, 0x28102040, 0x00240034,
358 0x00024c00, 0x05018008, 0x28182040, 0x10240034,
359 0x02024c00, 0x05018000, 0x281020c0, 0x00241034,
360 0x02024c00, 0x05018008, 0x281820c0, 0x10241034
Linus Torvalds1da177e2005-04-16 15:20:36 -0700361};
362
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700363/* S-box lookup tables */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700364
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700365static const u32 S1[64] = {
366 0x01010400, 0x00000000, 0x00010000, 0x01010404,
367 0x01010004, 0x00010404, 0x00000004, 0x00010000,
368 0x00000400, 0x01010400, 0x01010404, 0x00000400,
369 0x01000404, 0x01010004, 0x01000000, 0x00000004,
370 0x00000404, 0x01000400, 0x01000400, 0x00010400,
371 0x00010400, 0x01010000, 0x01010000, 0x01000404,
372 0x00010004, 0x01000004, 0x01000004, 0x00010004,
373 0x00000000, 0x00000404, 0x00010404, 0x01000000,
374 0x00010000, 0x01010404, 0x00000004, 0x01010000,
375 0x01010400, 0x01000000, 0x01000000, 0x00000400,
376 0x01010004, 0x00010000, 0x00010400, 0x01000004,
377 0x00000400, 0x00000004, 0x01000404, 0x00010404,
378 0x01010404, 0x00010004, 0x01010000, 0x01000404,
379 0x01000004, 0x00000404, 0x00010404, 0x01010400,
380 0x00000404, 0x01000400, 0x01000400, 0x00000000,
381 0x00010004, 0x00010400, 0x00000000, 0x01010004
382};
383
384static const u32 S2[64] = {
385 0x80108020, 0x80008000, 0x00008000, 0x00108020,
386 0x00100000, 0x00000020, 0x80100020, 0x80008020,
387 0x80000020, 0x80108020, 0x80108000, 0x80000000,
388 0x80008000, 0x00100000, 0x00000020, 0x80100020,
389 0x00108000, 0x00100020, 0x80008020, 0x00000000,
390 0x80000000, 0x00008000, 0x00108020, 0x80100000,
391 0x00100020, 0x80000020, 0x00000000, 0x00108000,
392 0x00008020, 0x80108000, 0x80100000, 0x00008020,
393 0x00000000, 0x00108020, 0x80100020, 0x00100000,
394 0x80008020, 0x80100000, 0x80108000, 0x00008000,
395 0x80100000, 0x80008000, 0x00000020, 0x80108020,
396 0x00108020, 0x00000020, 0x00008000, 0x80000000,
397 0x00008020, 0x80108000, 0x00100000, 0x80000020,
398 0x00100020, 0x80008020, 0x80000020, 0x00100020,
399 0x00108000, 0x00000000, 0x80008000, 0x00008020,
400 0x80000000, 0x80100020, 0x80108020, 0x00108000
401};
402
403static const u32 S3[64] = {
404 0x00000208, 0x08020200, 0x00000000, 0x08020008,
405 0x08000200, 0x00000000, 0x00020208, 0x08000200,
406 0x00020008, 0x08000008, 0x08000008, 0x00020000,
407 0x08020208, 0x00020008, 0x08020000, 0x00000208,
408 0x08000000, 0x00000008, 0x08020200, 0x00000200,
409 0x00020200, 0x08020000, 0x08020008, 0x00020208,
410 0x08000208, 0x00020200, 0x00020000, 0x08000208,
411 0x00000008, 0x08020208, 0x00000200, 0x08000000,
412 0x08020200, 0x08000000, 0x00020008, 0x00000208,
413 0x00020000, 0x08020200, 0x08000200, 0x00000000,
414 0x00000200, 0x00020008, 0x08020208, 0x08000200,
415 0x08000008, 0x00000200, 0x00000000, 0x08020008,
416 0x08000208, 0x00020000, 0x08000000, 0x08020208,
417 0x00000008, 0x00020208, 0x00020200, 0x08000008,
418 0x08020000, 0x08000208, 0x00000208, 0x08020000,
419 0x00020208, 0x00000008, 0x08020008, 0x00020200
420};
421
422static const u32 S4[64] = {
423 0x00802001, 0x00002081, 0x00002081, 0x00000080,
424 0x00802080, 0x00800081, 0x00800001, 0x00002001,
425 0x00000000, 0x00802000, 0x00802000, 0x00802081,
426 0x00000081, 0x00000000, 0x00800080, 0x00800001,
427 0x00000001, 0x00002000, 0x00800000, 0x00802001,
428 0x00000080, 0x00800000, 0x00002001, 0x00002080,
429 0x00800081, 0x00000001, 0x00002080, 0x00800080,
430 0x00002000, 0x00802080, 0x00802081, 0x00000081,
431 0x00800080, 0x00800001, 0x00802000, 0x00802081,
432 0x00000081, 0x00000000, 0x00000000, 0x00802000,
433 0x00002080, 0x00800080, 0x00800081, 0x00000001,
434 0x00802001, 0x00002081, 0x00002081, 0x00000080,
435 0x00802081, 0x00000081, 0x00000001, 0x00002000,
436 0x00800001, 0x00002001, 0x00802080, 0x00800081,
437 0x00002001, 0x00002080, 0x00800000, 0x00802001,
438 0x00000080, 0x00800000, 0x00002000, 0x00802080
439};
440
441static const u32 S5[64] = {
442 0x00000100, 0x02080100, 0x02080000, 0x42000100,
443 0x00080000, 0x00000100, 0x40000000, 0x02080000,
444 0x40080100, 0x00080000, 0x02000100, 0x40080100,
445 0x42000100, 0x42080000, 0x00080100, 0x40000000,
446 0x02000000, 0x40080000, 0x40080000, 0x00000000,
447 0x40000100, 0x42080100, 0x42080100, 0x02000100,
448 0x42080000, 0x40000100, 0x00000000, 0x42000000,
449 0x02080100, 0x02000000, 0x42000000, 0x00080100,
450 0x00080000, 0x42000100, 0x00000100, 0x02000000,
451 0x40000000, 0x02080000, 0x42000100, 0x40080100,
452 0x02000100, 0x40000000, 0x42080000, 0x02080100,
453 0x40080100, 0x00000100, 0x02000000, 0x42080000,
454 0x42080100, 0x00080100, 0x42000000, 0x42080100,
455 0x02080000, 0x00000000, 0x40080000, 0x42000000,
456 0x00080100, 0x02000100, 0x40000100, 0x00080000,
457 0x00000000, 0x40080000, 0x02080100, 0x40000100
458};
459
460static const u32 S6[64] = {
461 0x20000010, 0x20400000, 0x00004000, 0x20404010,
462 0x20400000, 0x00000010, 0x20404010, 0x00400000,
463 0x20004000, 0x00404010, 0x00400000, 0x20000010,
464 0x00400010, 0x20004000, 0x20000000, 0x00004010,
465 0x00000000, 0x00400010, 0x20004010, 0x00004000,
466 0x00404000, 0x20004010, 0x00000010, 0x20400010,
467 0x20400010, 0x00000000, 0x00404010, 0x20404000,
468 0x00004010, 0x00404000, 0x20404000, 0x20000000,
469 0x20004000, 0x00000010, 0x20400010, 0x00404000,
470 0x20404010, 0x00400000, 0x00004010, 0x20000010,
471 0x00400000, 0x20004000, 0x20000000, 0x00004010,
472 0x20000010, 0x20404010, 0x00404000, 0x20400000,
473 0x00404010, 0x20404000, 0x00000000, 0x20400010,
474 0x00000010, 0x00004000, 0x20400000, 0x00404010,
475 0x00004000, 0x00400010, 0x20004010, 0x00000000,
476 0x20404000, 0x20000000, 0x00400010, 0x20004010
477};
478
479static const u32 S7[64] = {
480 0x00200000, 0x04200002, 0x04000802, 0x00000000,
481 0x00000800, 0x04000802, 0x00200802, 0x04200800,
482 0x04200802, 0x00200000, 0x00000000, 0x04000002,
483 0x00000002, 0x04000000, 0x04200002, 0x00000802,
484 0x04000800, 0x00200802, 0x00200002, 0x04000800,
485 0x04000002, 0x04200000, 0x04200800, 0x00200002,
486 0x04200000, 0x00000800, 0x00000802, 0x04200802,
487 0x00200800, 0x00000002, 0x04000000, 0x00200800,
488 0x04000000, 0x00200800, 0x00200000, 0x04000802,
489 0x04000802, 0x04200002, 0x04200002, 0x00000002,
490 0x00200002, 0x04000000, 0x04000800, 0x00200000,
491 0x04200800, 0x00000802, 0x00200802, 0x04200800,
492 0x00000802, 0x04000002, 0x04200802, 0x04200000,
493 0x00200800, 0x00000000, 0x00000002, 0x04200802,
494 0x00000000, 0x00200802, 0x04200000, 0x00000800,
495 0x04000002, 0x04000800, 0x00000800, 0x00200002
496};
497
498static const u32 S8[64] = {
499 0x10001040, 0x00001000, 0x00040000, 0x10041040,
500 0x10000000, 0x10001040, 0x00000040, 0x10000000,
501 0x00040040, 0x10040000, 0x10041040, 0x00041000,
502 0x10041000, 0x00041040, 0x00001000, 0x00000040,
503 0x10040000, 0x10000040, 0x10001000, 0x00001040,
504 0x00041000, 0x00040040, 0x10040040, 0x10041000,
505 0x00001040, 0x00000000, 0x00000000, 0x10040040,
506 0x10000040, 0x10001000, 0x00041040, 0x00040000,
507 0x00041040, 0x00040000, 0x10041000, 0x00001000,
508 0x00000040, 0x10040040, 0x00001000, 0x00041040,
509 0x10001000, 0x00000040, 0x10000040, 0x10040000,
510 0x10040040, 0x10000000, 0x00040000, 0x10001040,
511 0x00000000, 0x10041040, 0x00040040, 0x10000040,
512 0x10040000, 0x10001000, 0x10001040, 0x00000000,
513 0x10041040, 0x00041000, 0x00041000, 0x00001040,
514 0x00001040, 0x00040040, 0x10000000, 0x10041000
515};
516
517/* Encryption components: IP, FP, and round function */
518
519#define IP(L, R, T) \
520 ROL(R, 4); \
521 T = L; \
522 L ^= R; \
523 L &= 0xf0f0f0f0; \
524 R ^= L; \
525 L ^= T; \
526 ROL(R, 12); \
527 T = L; \
528 L ^= R; \
529 L &= 0xffff0000; \
530 R ^= L; \
531 L ^= T; \
532 ROR(R, 14); \
533 T = L; \
534 L ^= R; \
535 L &= 0xcccccccc; \
536 R ^= L; \
537 L ^= T; \
538 ROL(R, 6); \
539 T = L; \
540 L ^= R; \
541 L &= 0xff00ff00; \
542 R ^= L; \
543 L ^= T; \
544 ROR(R, 7); \
545 T = L; \
546 L ^= R; \
547 L &= 0xaaaaaaaa; \
548 R ^= L; \
549 L ^= T; \
550 ROL(L, 1);
551
552#define FP(L, R, T) \
553 ROR(L, 1); \
554 T = L; \
555 L ^= R; \
556 L &= 0xaaaaaaaa; \
557 R ^= L; \
558 L ^= T; \
559 ROL(R, 7); \
560 T = L; \
561 L ^= R; \
562 L &= 0xff00ff00; \
563 R ^= L; \
564 L ^= T; \
565 ROR(R, 6); \
566 T = L; \
567 L ^= R; \
568 L &= 0xcccccccc; \
569 R ^= L; \
570 L ^= T; \
571 ROL(R, 14); \
572 T = L; \
573 L ^= R; \
574 L &= 0xffff0000; \
575 R ^= L; \
576 L ^= T; \
577 ROR(R, 12); \
578 T = L; \
579 L ^= R; \
580 L &= 0xf0f0f0f0; \
581 R ^= L; \
582 L ^= T; \
583 ROR(R, 4);
584
585#define ROUND(L, R, A, B, K, d) \
586 B = K[0]; A = K[1]; K += d; \
587 B ^= R; A ^= R; \
588 B &= 0x3f3f3f3f; ROR(A, 4); \
589 L ^= S8[0xff & B]; A &= 0x3f3f3f3f; \
590 L ^= S6[0xff & (B >> 8)]; B >>= 16; \
591 L ^= S7[0xff & A]; \
592 L ^= S5[0xff & (A >> 8)]; A >>= 16; \
593 L ^= S4[0xff & B]; \
594 L ^= S2[0xff & (B >> 8)]; \
595 L ^= S3[0xff & A]; \
596 L ^= S1[0xff & (A >> 8)];
597
598/*
599 * PC2 lookup tables are organized as 2 consecutive sets of 4 interleaved
600 * tables of 128 elements. One set is for C_i and the other for D_i, while
601 * the 4 interleaved tables correspond to four 7-bit subsets of C_i or D_i.
602 *
603 * After PC1 each of the variables a,b,c,d contains a 7 bit subset of C_i
604 * or D_i in bits 7-1 (bit 0 being the least significant).
605 */
606
607#define T1(x) pt[2 * (x) + 0]
608#define T2(x) pt[2 * (x) + 1]
609#define T3(x) pt[2 * (x) + 2]
610#define T4(x) pt[2 * (x) + 3]
611
David Howellsdb36b902010-10-07 14:08:50 +0100612#define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700613
614/*
615 * Encryption key expansion
616 *
617 * RFC2451: Weak key checks SHOULD be performed.
618 *
619 * FIPS 74:
620 *
621 * Keys having duals are keys which produce all zeros, all ones, or
622 * alternating zero-one patterns in the C and D registers after Permuted
623 * Choice 1 has operated on the key.
624 *
625 */
Evgeniy Polyakovc3041f92007-10-11 19:58:16 +0800626unsigned long des_ekey(u32 *pe, const u8 *k)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700627{
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700628 /* K&R: long is at least 32 bits */
629 unsigned long a, b, c, d, w;
630 const u32 *pt = pc2;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700631
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700632 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
633 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
634 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
635 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
636
David Howellsdb36b902010-10-07 14:08:50 +0100637 pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
638 pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
639 pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
640 pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
641 pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
642 pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
643 pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
644 pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
645 pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
646 pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
647 pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
648 pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
649 pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
650 pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
651 pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
652 pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700653
654 /* Check if first half is weak */
655 w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
656
657 /* Skip to next table set */
658 pt += 512;
659
660 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
661 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
662 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
663 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
664
665 /* Check if second half is weak */
666 w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
667
David Howellsdb36b902010-10-07 14:08:50 +0100668 pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
669 pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
670 pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
671 pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
672 pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
673 pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
674 pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
675 pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
676 pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
677 pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
678 pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
679 pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
680 pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
681 pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
682 pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
683 pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700684
685 /* Fixup: 2413 5768 -> 1357 2468 */
686 for (d = 0; d < 16; ++d) {
687 a = pe[2 * d];
688 b = pe[2 * d + 1];
689 c = a ^ b;
690 c &= 0xffff0000;
691 a ^= c;
692 b ^= c;
693 ROL(b, 18);
694 pe[2 * d] = a;
695 pe[2 * d + 1] = b;
696 }
697
698 /* Zero if weak key */
699 return w;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700700}
Evgeniy Polyakovc3041f92007-10-11 19:58:16 +0800701EXPORT_SYMBOL_GPL(des_ekey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700702
703/*
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700704 * Decryption key expansion
705 *
706 * No weak key checking is performed, as this is only used by triple DES
707 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700708 */
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700709static void dkey(u32 *pe, const u8 *k)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700710{
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700711 /* K&R: long is at least 32 bits */
712 unsigned long a, b, c, d;
713 const u32 *pt = pc2;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700714
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700715 d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
716 c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
717 b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
718 a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
719
David Howellsdb36b902010-10-07 14:08:50 +0100720 pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
721 pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
722 pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
723 pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
724 pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
725 pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
726 pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
727 pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
728 pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
729 pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
730 pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
731 pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
732 pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
733 pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
734 pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
735 pe[15 * 2] = DES_PC2(b, c, d, a);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700736
737 /* Skip to next table set */
738 pt += 512;
739
740 d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
741 c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
742 b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
743 a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
744
David Howellsdb36b902010-10-07 14:08:50 +0100745 pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
746 pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
747 pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
748 pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
749 pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
750 pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
751 pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
752 pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
753 pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
754 pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
755 pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
756 pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
757 pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
758 pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
759 pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
760 pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700761
762 /* Fixup: 2413 5768 -> 1357 2468 */
763 for (d = 0; d < 16; ++d) {
764 a = pe[2 * d];
765 b = pe[2 * d + 1];
766 c = a ^ b;
767 c &= 0xffff0000;
768 a ^= c;
769 b ^= c;
770 ROL(b, 18);
771 pe[2 * d] = a;
772 pe[2 * d + 1] = b;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700773 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700774}
775
Herbert Xu6c2bb982006-05-16 22:09:29 +1000776static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
Herbert Xu560c06a2006-08-13 14:16:39 +1000777 unsigned int keylen)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700778{
Herbert Xu6c2bb982006-05-16 22:09:29 +1000779 struct des_ctx *dctx = crypto_tfm_ctx(tfm);
Herbert Xu560c06a2006-08-13 14:16:39 +1000780 u32 *flags = &tfm->crt_flags;
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700781 u32 tmp[DES_EXPKEY_WORDS];
782 int ret;
783
784 /* Expand to tmp */
Evgeniy Polyakovc3041f92007-10-11 19:58:16 +0800785 ret = des_ekey(tmp, key);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700786
Eric Biggers231baec2019-01-18 22:48:00 -0800787 if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700788 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
789 return -EINVAL;
790 }
791
792 /* Copy to output */
793 memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
794
795 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700796}
797
Herbert Xu6c2bb982006-05-16 22:09:29 +1000798static void des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700799{
Herbert Xu6c2bb982006-05-16 22:09:29 +1000800 struct des_ctx *ctx = crypto_tfm_ctx(tfm);
801 const u32 *K = ctx->expkey;
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700802 const __le32 *s = (const __le32 *)src;
803 __le32 *d = (__le32 *)dst;
804 u32 L, R, A, B;
805 int i;
806
807 L = le32_to_cpu(s[0]);
808 R = le32_to_cpu(s[1]);
809
810 IP(L, R, A);
811 for (i = 0; i < 8; i++) {
812 ROUND(L, R, A, B, K, 2);
813 ROUND(R, L, A, B, K, 2);
814 }
815 FP(R, L, A);
816
817 d[0] = cpu_to_le32(R);
818 d[1] = cpu_to_le32(L);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700819}
820
Herbert Xu6c2bb982006-05-16 22:09:29 +1000821static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700822{
Herbert Xu6c2bb982006-05-16 22:09:29 +1000823 struct des_ctx *ctx = crypto_tfm_ctx(tfm);
824 const u32 *K = ctx->expkey + DES_EXPKEY_WORDS - 2;
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700825 const __le32 *s = (const __le32 *)src;
826 __le32 *d = (__le32 *)dst;
827 u32 L, R, A, B;
828 int i;
829
830 L = le32_to_cpu(s[0]);
831 R = le32_to_cpu(s[1]);
832
833 IP(L, R, A);
834 for (i = 0; i < 8; i++) {
835 ROUND(L, R, A, B, K, -2);
836 ROUND(R, L, A, B, K, -2);
837 }
838 FP(R, L, A);
839
840 d[0] = cpu_to_le32(R);
841 d[1] = cpu_to_le32(L);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700842}
843
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700844/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700845 * RFC2451:
846 *
847 * For DES-EDE3, there is no known need to reject weak or
848 * complementation keys. Any weakness is obviated by the use of
849 * multiple keys.
850 *
851 * However, if the first two or last two independent 64-bit keys are
852 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
853 * same as DES. Implementers MUST reject keys that exhibit this
854 * property.
855 *
856 */
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +0300857int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
858 unsigned int keylen)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700859{
Herbert Xud7198ce2019-04-11 16:50:56 +0800860 int err;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700861
Herbert Xud7198ce2019-04-11 16:50:56 +0800862 err = __des3_verify_key(flags, key);
863 if (unlikely(err))
864 return err;
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700865
Evgeniy Polyakovc3041f92007-10-11 19:58:16 +0800866 des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700867 dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
Evgeniy Polyakovc3041f92007-10-11 19:58:16 +0800868 des_ekey(expkey, key);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700869
Linus Torvalds1da177e2005-04-16 15:20:36 -0700870 return 0;
871}
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +0300872EXPORT_SYMBOL_GPL(__des3_ede_setkey);
873
874static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
875 unsigned int keylen)
876{
877 struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
878 u32 *flags = &tfm->crt_flags;
879 u32 *expkey = dctx->expkey;
880
881 return __des3_ede_setkey(expkey, flags, key, keylen);
882}
Linus Torvalds1da177e2005-04-16 15:20:36 -0700883
Herbert Xu6c2bb982006-05-16 22:09:29 +1000884static void des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700885{
Herbert Xu6c2bb982006-05-16 22:09:29 +1000886 struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700887 const u32 *K = dctx->expkey;
888 const __le32 *s = (const __le32 *)src;
889 __le32 *d = (__le32 *)dst;
890 u32 L, R, A, B;
891 int i;
892
893 L = le32_to_cpu(s[0]);
894 R = le32_to_cpu(s[1]);
895
896 IP(L, R, A);
897 for (i = 0; i < 8; i++) {
898 ROUND(L, R, A, B, K, 2);
899 ROUND(R, L, A, B, K, 2);
900 }
901 for (i = 0; i < 8; i++) {
902 ROUND(R, L, A, B, K, 2);
903 ROUND(L, R, A, B, K, 2);
904 }
905 for (i = 0; i < 8; i++) {
906 ROUND(L, R, A, B, K, 2);
907 ROUND(R, L, A, B, K, 2);
908 }
909 FP(R, L, A);
910
911 d[0] = cpu_to_le32(R);
912 d[1] = cpu_to_le32(L);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700913}
914
Herbert Xu6c2bb982006-05-16 22:09:29 +1000915static void des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700916{
Herbert Xu6c2bb982006-05-16 22:09:29 +1000917 struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700918 const u32 *K = dctx->expkey + DES3_EDE_EXPKEY_WORDS - 2;
919 const __le32 *s = (const __le32 *)src;
920 __le32 *d = (__le32 *)dst;
921 u32 L, R, A, B;
922 int i;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700923
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700924 L = le32_to_cpu(s[0]);
925 R = le32_to_cpu(s[1]);
926
927 IP(L, R, A);
928 for (i = 0; i < 8; i++) {
929 ROUND(L, R, A, B, K, -2);
930 ROUND(R, L, A, B, K, -2);
931 }
932 for (i = 0; i < 8; i++) {
933 ROUND(R, L, A, B, K, -2);
934 ROUND(L, R, A, B, K, -2);
935 }
936 for (i = 0; i < 8; i++) {
937 ROUND(L, R, A, B, K, -2);
938 ROUND(R, L, A, B, K, -2);
939 }
940 FP(R, L, A);
941
942 d[0] = cpu_to_le32(R);
943 d[1] = cpu_to_le32(L);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700944}
945
Jussi Kivilinna9935e6d2012-07-11 14:20:05 +0300946static struct crypto_alg des_algs[2] = { {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700947 .cra_name = "des",
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +0300948 .cra_driver_name = "des-generic",
949 .cra_priority = 100,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700950 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
951 .cra_blocksize = DES_BLOCK_SIZE,
952 .cra_ctxsize = sizeof(struct des_ctx),
953 .cra_module = THIS_MODULE,
Herbert Xua429d262006-01-07 16:38:15 +1100954 .cra_alignmask = 3,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700955 .cra_u = { .cipher = {
956 .cia_min_keysize = DES_KEY_SIZE,
957 .cia_max_keysize = DES_KEY_SIZE,
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700958 .cia_setkey = des_setkey,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700959 .cia_encrypt = des_encrypt,
960 .cia_decrypt = des_decrypt } }
Jussi Kivilinna9935e6d2012-07-11 14:20:05 +0300961}, {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700962 .cra_name = "des3_ede",
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +0300963 .cra_driver_name = "des3_ede-generic",
964 .cra_priority = 100,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700965 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
966 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
967 .cra_ctxsize = sizeof(struct des3_ede_ctx),
968 .cra_module = THIS_MODULE,
Atsushi Nemoto20ea3402006-03-13 21:30:29 +1100969 .cra_alignmask = 3,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700970 .cra_u = { .cipher = {
971 .cia_min_keysize = DES3_EDE_KEY_SIZE,
972 .cia_max_keysize = DES3_EDE_KEY_SIZE,
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700973 .cia_setkey = des3_ede_setkey,
974 .cia_encrypt = des3_ede_encrypt,
975 .cia_decrypt = des3_ede_decrypt } }
Jussi Kivilinna9935e6d2012-07-11 14:20:05 +0300976} };
Linus Torvalds1da177e2005-04-16 15:20:36 -0700977
Kamalesh Babulal3af5b902008-04-05 21:00:57 +0800978static int __init des_generic_mod_init(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700979{
Jussi Kivilinna9935e6d2012-07-11 14:20:05 +0300980 return crypto_register_algs(des_algs, ARRAY_SIZE(des_algs));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700981}
982
Kamalesh Babulal3af5b902008-04-05 21:00:57 +0800983static void __exit des_generic_mod_fini(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700984{
Jussi Kivilinna9935e6d2012-07-11 14:20:05 +0300985 crypto_unregister_algs(des_algs, ARRAY_SIZE(des_algs));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700986}
987
Eric Biggersc4741b22019-04-11 21:57:42 -0700988subsys_initcall(des_generic_mod_init);
Kamalesh Babulal3af5b902008-04-05 21:00:57 +0800989module_exit(des_generic_mod_fini);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700990
991MODULE_LICENSE("GPL");
992MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
Dag Arne Osvike1d5dea2005-07-06 13:55:44 -0700993MODULE_AUTHOR("Dag Arne Osvik <da@osvik.no>");
Mathias Krause3e14dcf2015-01-11 18:17:42 +0100994MODULE_ALIAS_CRYPTO("des");
995MODULE_ALIAS_CRYPTO("des-generic");
996MODULE_ALIAS_CRYPTO("des3_ede");
997MODULE_ALIAS_CRYPTO("des3_ede-generic");