projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[CRYPTO] Remove unused iv field from context structure
[deliverable/linux.git] / crypto / des.c
1 /*
2 * Cryptographic API.
3 *
4 * DES & Triple DES EDE Cipher Algorithms.
5 *
6 * Originally released as descore by Dana L. How <how@isl.stanford.edu>.
7 * Modified by Raimar Falke <rf13@inf.tu-dresden.de> for the Linux-Kernel.
8 * Derived from Cryptoapi and Nettle implementations, adapted for in-place
9 * scatterlist interface. Changed LGPL to GPL per section 3 of the LGPL.
10 *
11 * Copyright (c) 1992 Dana L. How.
12 * Copyright (c) Raimar Falke <rf13@inf.tu-dresden.de>
13 * Copyright (c) Gisle Sælensminde <gisle@ii.uib.no>
14 * Copyright (C) 2001 Niels Möller.
15 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 */
23 #include <linux/init.h>
24 #include <linux/module.h>
25 #include <linux/mm.h>
26 #include <linux/errno.h>
27 #include <asm/scatterlist.h>
28 #include <linux/crypto.h>
29
30 #define DES_KEY_SIZE 8
31 #define DES_EXPKEY_WORDS 32
32 #define DES_BLOCK_SIZE 8
33
34 #define DES3_EDE_KEY_SIZE (3 * DES_KEY_SIZE)
35 #define DES3_EDE_EXPKEY_WORDS (3 * DES_EXPKEY_WORDS)
36 #define DES3_EDE_BLOCK_SIZE DES_BLOCK_SIZE
37
38 #define ROR(d,c,o) ((d) = (d) >> (c) | (d) << (o))
39
40 struct des_ctx {
41 u32 expkey[DES_EXPKEY_WORDS];
42 };
43
44 struct des3_ede_ctx {
45 u32 expkey[DES3_EDE_EXPKEY_WORDS];
46 };
47
48 static const u32 des_keymap[] = {
49 0x02080008, 0x02082000, 0x00002008, 0x00000000,
50 0x02002000, 0x00080008, 0x02080000, 0x02082008,
51 0x00000008, 0x02000000, 0x00082000, 0x00002008,
52 0x00082008, 0x02002008, 0x02000008, 0x02080000,
53 0x00002000, 0x00082008, 0x00080008, 0x02002000,
54 0x02082008, 0x02000008, 0x00000000, 0x00082000,
55 0x02000000, 0x00080000, 0x02002008, 0x02080008,
56 0x00080000, 0x00002000, 0x02082000, 0x00000008,
57 0x00080000, 0x00002000, 0x02000008, 0x02082008,
58 0x00002008, 0x02000000, 0x00000000, 0x00082000,
59 0x02080008, 0x02002008, 0x02002000, 0x00080008,
60 0x02082000, 0x00000008, 0x00080008, 0x02002000,
61 0x02082008, 0x00080000, 0x02080000, 0x02000008,
62 0x00082000, 0x00002008, 0x02002008, 0x02080000,
63 0x00000008, 0x02082000, 0x00082008, 0x00000000,
64 0x02000000, 0x02080008, 0x00002000, 0x00082008,
65
66 0x08000004, 0x00020004, 0x00000000, 0x08020200,
67 0x00020004, 0x00000200, 0x08000204, 0x00020000,
68 0x00000204, 0x08020204, 0x00020200, 0x08000000,
69 0x08000200, 0x08000004, 0x08020000, 0x00020204,
70 0x00020000, 0x08000204, 0x08020004, 0x00000000,
71 0x00000200, 0x00000004, 0x08020200, 0x08020004,
72 0x08020204, 0x08020000, 0x08000000, 0x00000204,
73 0x00000004, 0x00020200, 0x00020204, 0x08000200,
74 0x00000204, 0x08000000, 0x08000200, 0x00020204,
75 0x08020200, 0x00020004, 0x00000000, 0x08000200,
76 0x08000000, 0x00000200, 0x08020004, 0x00020000,
77 0x00020004, 0x08020204, 0x00020200, 0x00000004,
78 0x08020204, 0x00020200, 0x00020000, 0x08000204,
79 0x08000004, 0x08020000, 0x00020204, 0x00000000,
80 0x00000200, 0x08000004, 0x08000204, 0x08020200,
81 0x08020000, 0x00000204, 0x00000004, 0x08020004,
82
83 0x80040100, 0x01000100, 0x80000000, 0x81040100,
84 0x00000000, 0x01040000, 0x81000100, 0x80040000,
85 0x01040100, 0x81000000, 0x01000000, 0x80000100,
86 0x81000000, 0x80040100, 0x00040000, 0x01000000,
87 0x81040000, 0x00040100, 0x00000100, 0x80000000,
88 0x00040100, 0x81000100, 0x01040000, 0x00000100,
89 0x80000100, 0x00000000, 0x80040000, 0x01040100,
90 0x01000100, 0x81040000, 0x81040100, 0x00040000,
91 0x81040000, 0x80000100, 0x00040000, 0x81000000,
92 0x00040100, 0x01000100, 0x80000000, 0x01040000,
93 0x81000100, 0x00000000, 0x00000100, 0x80040000,
94 0x00000000, 0x81040000, 0x01040100, 0x00000100,
95 0x01000000, 0x81040100, 0x80040100, 0x00040000,
96 0x81040100, 0x80000000, 0x01000100, 0x80040100,
97 0x80040000, 0x00040100, 0x01040000, 0x81000100,
98 0x80000100, 0x01000000, 0x81000000, 0x01040100,
99
100 0x04010801, 0x00000000, 0x00010800, 0x04010000,
101 0x04000001, 0x00000801, 0x04000800, 0x00010800,
102 0x00000800, 0x04010001, 0x00000001, 0x04000800,
103 0x00010001, 0x04010800, 0x04010000, 0x00000001,
104 0x00010000, 0x04000801, 0x04010001, 0x00000800,
105 0x00010801, 0x04000000, 0x00000000, 0x00010001,
106 0x04000801, 0x00010801, 0x04010800, 0x04000001,
107 0x04000000, 0x00010000, 0x00000801, 0x04010801,
108 0x00010001, 0x04010800, 0x04000800, 0x00010801,
109 0x04010801, 0x00010001, 0x04000001, 0x00000000,
110 0x04000000, 0x00000801, 0x00010000, 0x04010001,
111 0x00000800, 0x04000000, 0x00010801, 0x04000801,
112 0x04010800, 0x00000800, 0x00000000, 0x04000001,
113 0x00000001, 0x04010801, 0x00010800, 0x04010000,
114 0x04010001, 0x00010000, 0x00000801, 0x04000800,
115 0x04000801, 0x00000001, 0x04010000, 0x00010800,
116
117 0x00000400, 0x00000020, 0x00100020, 0x40100000,
118 0x40100420, 0x40000400, 0x00000420, 0x00000000,
119 0x00100000, 0x40100020, 0x40000020, 0x00100400,
120 0x40000000, 0x00100420, 0x00100400, 0x40000020,
121 0x40100020, 0x00000400, 0x40000400, 0x40100420,
122 0x00000000, 0x00100020, 0x40100000, 0x00000420,
123 0x40100400, 0x40000420, 0x00100420, 0x40000000,
124 0x40000420, 0x40100400, 0x00000020, 0x00100000,
125 0x40000420, 0x00100400, 0x40100400, 0x40000020,
126 0x00000400, 0x00000020, 0x00100000, 0x40100400,
127 0x40100020, 0x40000420, 0x00000420, 0x00000000,
128 0x00000020, 0x40100000, 0x40000000, 0x00100020,
129 0x00000000, 0x40100020, 0x00100020, 0x00000420,
130 0x40000020, 0x00000400, 0x40100420, 0x00100000,
131 0x00100420, 0x40000000, 0x40000400, 0x40100420,
132 0x40100000, 0x00100420, 0x00100400, 0x40000400,
133
134 0x00800000, 0x00001000, 0x00000040, 0x00801042,
135 0x00801002, 0x00800040, 0x00001042, 0x00801000,
136 0x00001000, 0x00000002, 0x00800002, 0x00001040,
137 0x00800042, 0x00801002, 0x00801040, 0x00000000,
138 0x00001040, 0x00800000, 0x00001002, 0x00000042,
139 0x00800040, 0x00001042, 0x00000000, 0x00800002,
140 0x00000002, 0x00800042, 0x00801042, 0x00001002,
141 0x00801000, 0x00000040, 0x00000042, 0x00801040,
142 0x00801040, 0x00800042, 0x00001002, 0x00801000,
143 0x00001000, 0x00000002, 0x00800002, 0x00800040,
144 0x00800000, 0x00001040, 0x00801042, 0x00000000,
145 0x00001042, 0x00800000, 0x00000040, 0x00001002,
146 0x00800042, 0x00000040, 0x00000000, 0x00801042,
147 0x00801002, 0x00801040, 0x00000042, 0x00001000,
148 0x00001040, 0x00801002, 0x00800040, 0x00000042,
149 0x00000002, 0x00001042, 0x00801000, 0x00800002,
150
151 0x10400000, 0x00404010, 0x00000010, 0x10400010,
152 0x10004000, 0x00400000, 0x10400010, 0x00004010,
153 0x00400010, 0x00004000, 0x00404000, 0x10000000,
154 0x10404010, 0x10000010, 0x10000000, 0x10404000,
155 0x00000000, 0x10004000, 0x00404010, 0x00000010,
156 0x10000010, 0x10404010, 0x00004000, 0x10400000,
157 0x10404000, 0x00400010, 0x10004010, 0x00404000,
158 0x00004010, 0x00000000, 0x00400000, 0x10004010,
159 0x00404010, 0x00000010, 0x10000000, 0x00004000,
160 0x10000010, 0x10004000, 0x00404000, 0x10400010,
161 0x00000000, 0x00404010, 0x00004010, 0x10404000,
162 0x10004000, 0x00400000, 0x10404010, 0x10000000,
163 0x10004010, 0x10400000, 0x00400000, 0x10404010,
164 0x00004000, 0x00400010, 0x10400010, 0x00004010,
165 0x00400010, 0x00000000, 0x10404000, 0x10000010,
166 0x10400000, 0x10004010, 0x00000010, 0x00404000,
167
168 0x00208080, 0x00008000, 0x20200000, 0x20208080,
169 0x00200000, 0x20008080, 0x20008000, 0x20200000,
170 0x20008080, 0x00208080, 0x00208000, 0x20000080,
171 0x20200080, 0x00200000, 0x00000000, 0x20008000,
172 0x00008000, 0x20000000, 0x00200080, 0x00008080,
173 0x20208080, 0x00208000, 0x20000080, 0x00200080,
174 0x20000000, 0x00000080, 0x00008080, 0x20208000,
175 0x00000080, 0x20200080, 0x20208000, 0x00000000,
176 0x00000000, 0x20208080, 0x00200080, 0x20008000,
177 0x00208080, 0x00008000, 0x20000080, 0x00200080,
178 0x20208000, 0x00000080, 0x00008080, 0x20200000,
179 0x20008080, 0x20000000, 0x20200000, 0x00208000,
180 0x20208080, 0x00008080, 0x00208000, 0x20200080,
181 0x00200000, 0x20000080, 0x20008000, 0x00000000,
182 0x00008000, 0x00200000, 0x20200080, 0x00208080,
183 0x20000000, 0x20208000, 0x00000080, 0x20008080,
184 };
185
186 static const u8 rotors[] = {
187 34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20,
188 14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21,
189 38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40,
190 1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43,
191
192 41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27,
193 21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28,
194 45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47,
195 8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50,
196
197 55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41,
198 35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42,
199 6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4,
200 22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9,
201
202 12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55,
203 49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1,
204 20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18,
205 36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23,
206
207 26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12,
208 8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15,
209 34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32,
210 50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37,
211
212 40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26,
213 22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29,
214 48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46,
215 9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51,
216
217 54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40,
218 36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43,
219 5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31,
220 23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10,
221
222 11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54,
223 50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2,
224 19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45,
225 37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24,
226
227 18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4,
228 2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9,
229 26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52,
230 44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0,
231
232 32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18,
233 16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23,
234 40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13,
235 3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14,
236
237 46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32,
238 30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37,
239 54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27,
240 17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28,
241
242 31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46,
243 44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51,
244 11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41,
245 0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42,
246
247 45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31,
248 3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10,
249 25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55,
250 14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1,
251
252 6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45,
253 17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24,
254 39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12,
255 28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15,
256
257 20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6,
258 0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7,
259 53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26,
260 42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29,
261
262 27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13,
263 7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14,
264 31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33,
265 49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36,
266 };
267
268 static const u8 parity[] = {
269 8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
270 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
271 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
272 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
273 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
274 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
275 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
276 4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,
277 };
278
279
280 static void des_small_fips_encrypt(u32 *expkey, u8 *dst, const u8 *src)
281 {
282 u32 x, y, z;
283
284 x = src[7];
285 x <<= 8;
286 x |= src[6];
287 x <<= 8;
288 x |= src[5];
289 x <<= 8;
290 x |= src[4];
291 y = src[3];
292 y <<= 8;
293 y |= src[2];
294 y <<= 8;
295 y |= src[1];
296 y <<= 8;
297 y |= src[0];
298 z = ((x >> 004) ^ y) & 0x0F0F0F0FL;
299 x ^= z << 004;
300 y ^= z;
301 z = ((y >> 020) ^ x) & 0x0000FFFFL;
302 y ^= z << 020;
303 x ^= z;
304 z = ((x >> 002) ^ y) & 0x33333333L;
305 x ^= z << 002;
306 y ^= z;
307 z = ((y >> 010) ^ x) & 0x00FF00FFL;
308 y ^= z << 010;
309 x ^= z;
310 x = x >> 1 | x << 31;
311 z = (x ^ y) & 0x55555555L;
312 y ^= z;
313 x ^= z;
314 y = y >> 1 | y << 31;
315 z = expkey[0];
316 z ^= y;
317 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
318 z >>= 8;
319 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
320 z >>= 8;
321 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
322 z >>= 8;
323 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
324 z = expkey[1];
325 z ^= y;
326 z = z << 4 | z >> 28;
327 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
328 z >>= 8;
329 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
330 z >>= 8;
331 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
332 z >>= 8;
333 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
334 z = expkey[2];
335 z ^= x;
336 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
337 z >>= 8;
338 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
339 z >>= 8;
340 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
341 z >>= 8;
342 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
343 z = expkey[3];
344 z ^= x;
345 z = z << 4 | z >> 28;
346 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
347 z >>= 8;
348 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
349 z >>= 8;
350 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
351 z >>= 8;
352 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
353 z = expkey[4];
354 z ^= y;
355 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
356 z >>= 8;
357 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
358 z >>= 8;
359 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
360 z >>= 8;
361 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
362 z = expkey[5];
363 z ^= y;
364 z = z << 4 | z >> 28;
365 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
366 z >>= 8;
367 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
368 z >>= 8;
369 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
370 z >>= 8;
371 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
372 z = expkey[6];
373 z ^= x;
374 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
375 z >>= 8;
376 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
377 z >>= 8;
378 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
379 z >>= 8;
380 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
381 z = expkey[7];
382 z ^= x;
383 z = z << 4 | z >> 28;
384 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
385 z >>= 8;
386 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
387 z >>= 8;
388 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
389 z >>= 8;
390 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
391 z = expkey[8];
392 z ^= y;
393 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
394 z >>= 8;
395 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
396 z >>= 8;
397 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
398 z >>= 8;
399 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
400 z = expkey[9];
401 z ^= y;
402 z = z << 4 | z >> 28;
403 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
404 z >>= 8;
405 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
406 z >>= 8;
407 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
408 z >>= 8;
409 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
410 z = expkey[10];
411 z ^= x;
412 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
413 z >>= 8;
414 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
415 z >>= 8;
416 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
417 z >>= 8;
418 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
419 z = expkey[11];
420 z ^= x;
421 z = z << 4 | z >> 28;
422 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
423 z >>= 8;
424 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
425 z >>= 8;
426 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
427 z >>= 8;
428 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
429 z = expkey[12];
430 z ^= y;
431 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
432 z >>= 8;
433 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
434 z >>= 8;
435 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
436 z >>= 8;
437 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
438 z = expkey[13];
439 z ^= y;
440 z = z << 4 | z >> 28;
441 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
442 z >>= 8;
443 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
444 z >>= 8;
445 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
446 z >>= 8;
447 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
448 z = expkey[14];
449 z ^= x;
450 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
451 z >>= 8;
452 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
453 z >>= 8;
454 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
455 z >>= 8;
456 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
457 z = expkey[15];
458 z ^= x;
459 z = z << 4 | z >> 28;
460 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
461 z >>= 8;
462 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
463 z >>= 8;
464 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
465 z >>= 8;
466 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
467 z = expkey[16];
468 z ^= y;
469 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
470 z >>= 8;
471 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
472 z >>= 8;
473 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
474 z >>= 8;
475 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
476 z = expkey[17];
477 z ^= y;
478 z = z << 4 | z >> 28;
479 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
480 z >>= 8;
481 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
482 z >>= 8;
483 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
484 z >>= 8;
485 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
486 z = expkey[18];
487 z ^= x;
488 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
489 z >>= 8;
490 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
491 z >>= 8;
492 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
493 z >>= 8;
494 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
495 z = expkey[19];
496 z ^= x;
497 z = z << 4 | z >> 28;
498 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
499 z >>= 8;
500 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
501 z >>= 8;
502 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
503 z >>= 8;
504 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
505 z = expkey[20];
506 z ^= y;
507 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
508 z >>= 8;
509 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
510 z >>= 8;
511 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
512 z >>= 8;
513 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
514 z = expkey[21];
515 z ^= y;
516 z = z << 4 | z >> 28;
517 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
518 z >>= 8;
519 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
520 z >>= 8;
521 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
522 z >>= 8;
523 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
524 z = expkey[22];
525 z ^= x;
526 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
527 z >>= 8;
528 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
529 z >>= 8;
530 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
531 z >>= 8;
532 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
533 z = expkey[23];
534 z ^= x;
535 z = z << 4 | z >> 28;
536 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
537 z >>= 8;
538 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
539 z >>= 8;
540 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
541 z >>= 8;
542 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
543 z = expkey[24];
544 z ^= y;
545 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
546 z >>= 8;
547 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
548 z >>= 8;
549 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
550 z >>= 8;
551 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
552 z = expkey[25];
553 z ^= y;
554 z = z << 4 | z >> 28;
555 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
556 z >>= 8;
557 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
558 z >>= 8;
559 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
560 z >>= 8;
561 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
562 z = expkey[26];
563 z ^= x;
564 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
565 z >>= 8;
566 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
567 z >>= 8;
568 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
569 z >>= 8;
570 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
571 z = expkey[27];
572 z ^= x;
573 z = z << 4 | z >> 28;
574 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
575 z >>= 8;
576 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
577 z >>= 8;
578 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
579 z >>= 8;
580 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
581 z = expkey[28];
582 z ^= y;
583 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
584 z >>= 8;
585 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
586 z >>= 8;
587 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
588 z >>= 8;
589 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
590 z = expkey[29];
591 z ^= y;
592 z = z << 4 | z >> 28;
593 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
594 z >>= 8;
595 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
596 z >>= 8;
597 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
598 z >>= 8;
599 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
600 z = expkey[30];
601 z ^= x;
602 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
603 z >>= 8;
604 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
605 z >>= 8;
606 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
607 z >>= 8;
608 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
609 z = expkey[31];
610 z ^= x;
611 z = z << 4 | z >> 28;
612 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
613 z >>= 8;
614 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
615 z >>= 8;
616 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
617 z >>= 8;
618 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
619 x = x << 1 | x >> 31;
620 z = (x ^ y) & 0x55555555L;
621 y ^= z;
622 x ^= z;
623 y = y << 1 | y >> 31;
624 z = ((x >> 010) ^ y) & 0x00FF00FFL;
625 x ^= z << 010;
626 y ^= z;
627 z = ((y >> 002) ^ x) & 0x33333333L;
628 y ^= z << 002;
629 x ^= z;
630 z = ((x >> 020) ^ y) & 0x0000FFFFL;
631 x ^= z << 020;
632 y ^= z;
633 z = ((y >> 004) ^ x) & 0x0F0F0F0FL;
634 y ^= z << 004;
635 x ^= z;
636 dst[0] = x;
637 x >>= 8;
638 dst[1] = x;
639 x >>= 8;
640 dst[2] = x;
641 x >>= 8;
642 dst[3] = x;
643 dst[4] = y;
644 y >>= 8;
645 dst[5] = y;
646 y >>= 8;
647 dst[6] = y;
648 y >>= 8;
649 dst[7] = y;
650 }
651
652 static void des_small_fips_decrypt(u32 *expkey, u8 *dst, const u8 *src)
653 {
654 u32 x, y, z;
655
656 x = src[7];
657 x <<= 8;
658 x |= src[6];
659 x <<= 8;
660 x |= src[5];
661 x <<= 8;
662 x |= src[4];
663 y = src[3];
664 y <<= 8;
665 y |= src[2];
666 y <<= 8;
667 y |= src[1];
668 y <<= 8;
669 y |= src[0];
670 z = ((x >> 004) ^ y) & 0x0F0F0F0FL;
671 x ^= z << 004;
672 y ^= z;
673 z = ((y >> 020) ^ x) & 0x0000FFFFL;
674 y ^= z << 020;
675 x ^= z;
676 z = ((x >> 002) ^ y) & 0x33333333L;
677 x ^= z << 002;
678 y ^= z;
679 z = ((y >> 010) ^ x) & 0x00FF00FFL;
680 y ^= z << 010;
681 x ^= z;
682 x = x >> 1 | x << 31;
683 z = (x ^ y) & 0x55555555L;
684 y ^= z;
685 x ^= z;
686 y = y >> 1 | y << 31;
687 z = expkey[31];
688 z ^= y;
689 z = z << 4 | z >> 28;
690 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
691 z >>= 8;
692 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
693 z >>= 8;
694 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
695 z >>= 8;
696 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
697 z = expkey[30];
698 z ^= y;
699 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
700 z >>= 8;
701 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
702 z >>= 8;
703 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
704 z >>= 8;
705 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
706 z = expkey[29];
707 z ^= x;
708 z = z << 4 | z >> 28;
709 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
710 z >>= 8;
711 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
712 z >>= 8;
713 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
714 z >>= 8;
715 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
716 z = expkey[28];
717 z ^= x;
718 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
719 z >>= 8;
720 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
721 z >>= 8;
722 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
723 z >>= 8;
724 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
725 z = expkey[27];
726 z ^= y;
727 z = z << 4 | z >> 28;
728 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
729 z >>= 8;
730 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
731 z >>= 8;
732 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
733 z >>= 8;
734 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
735 z = expkey[26];
736 z ^= y;
737 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
738 z >>= 8;
739 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
740 z >>= 8;
741 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
742 z >>= 8;
743 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
744 z = expkey[25];
745 z ^= x;
746 z = z << 4 | z >> 28;
747 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
748 z >>= 8;
749 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
750 z >>= 8;
751 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
752 z >>= 8;
753 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
754 z = expkey[24];
755 z ^= x;
756 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
757 z >>= 8;
758 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
759 z >>= 8;
760 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
761 z >>= 8;
762 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
763 z = expkey[23];
764 z ^= y;
765 z = z << 4 | z >> 28;
766 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
767 z >>= 8;
768 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
769 z >>= 8;
770 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
771 z >>= 8;
772 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
773 z = expkey[22];
774 z ^= y;
775 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
776 z >>= 8;
777 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
778 z >>= 8;
779 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
780 z >>= 8;
781 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
782 z = expkey[21];
783 z ^= x;
784 z = z << 4 | z >> 28;
785 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
786 z >>= 8;
787 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
788 z >>= 8;
789 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
790 z >>= 8;
791 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
792 z = expkey[20];
793 z ^= x;
794 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
795 z >>= 8;
796 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
797 z >>= 8;
798 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
799 z >>= 8;
800 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
801 z = expkey[19];
802 z ^= y;
803 z = z << 4 | z >> 28;
804 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
805 z >>= 8;
806 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
807 z >>= 8;
808 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
809 z >>= 8;
810 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
811 z = expkey[18];
812 z ^= y;
813 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
814 z >>= 8;
815 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
816 z >>= 8;
817 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
818 z >>= 8;
819 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
820 z = expkey[17];
821 z ^= x;
822 z = z << 4 | z >> 28;
823 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
824 z >>= 8;
825 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
826 z >>= 8;
827 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
828 z >>= 8;
829 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
830 z = expkey[16];
831 z ^= x;
832 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
833 z >>= 8;
834 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
835 z >>= 8;
836 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
837 z >>= 8;
838 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
839 z = expkey[15];
840 z ^= y;
841 z = z << 4 | z >> 28;
842 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
843 z >>= 8;
844 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
845 z >>= 8;
846 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
847 z >>= 8;
848 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
849 z = expkey[14];
850 z ^= y;
851 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
852 z >>= 8;
853 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
854 z >>= 8;
855 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
856 z >>= 8;
857 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
858 z = expkey[13];
859 z ^= x;
860 z = z << 4 | z >> 28;
861 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
862 z >>= 8;
863 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
864 z >>= 8;
865 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
866 z >>= 8;
867 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
868 z = expkey[12];
869 z ^= x;
870 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
871 z >>= 8;
872 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
873 z >>= 8;
874 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
875 z >>= 8;
876 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
877 z = expkey[11];
878 z ^= y;
879 z = z << 4 | z >> 28;
880 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
881 z >>= 8;
882 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
883 z >>= 8;
884 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
885 z >>= 8;
886 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
887 z = expkey[10];
888 z ^= y;
889 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
890 z >>= 8;
891 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
892 z >>= 8;
893 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
894 z >>= 8;
895 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
896 z = expkey[9];
897 z ^= x;
898 z = z << 4 | z >> 28;
899 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
900 z >>= 8;
901 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
902 z >>= 8;
903 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
904 z >>= 8;
905 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
906 z = expkey[8];
907 z ^= x;
908 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
909 z >>= 8;
910 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
911 z >>= 8;
912 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
913 z >>= 8;
914 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
915 z = expkey[7];
916 z ^= y;
917 z = z << 4 | z >> 28;
918 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
919 z >>= 8;
920 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
921 z >>= 8;
922 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
923 z >>= 8;
924 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
925 z = expkey[6];
926 z ^= y;
927 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
928 z >>= 8;
929 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
930 z >>= 8;
931 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
932 z >>= 8;
933 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
934 z = expkey[5];
935 z ^= x;
936 z = z << 4 | z >> 28;
937 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
938 z >>= 8;
939 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
940 z >>= 8;
941 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
942 z >>= 8;
943 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
944 z = expkey[4];
945 z ^= x;
946 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
947 z >>= 8;
948 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
949 z >>= 8;
950 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
951 z >>= 8;
952 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
953 z = expkey[3];
954 z ^= y;
955 z = z << 4 | z >> 28;
956 x ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
957 z >>= 8;
958 x ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
959 z >>= 8;
960 x ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
961 z >>= 8;
962 x ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
963 z = expkey[2];
964 z ^= y;
965 x ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
966 z >>= 8;
967 x ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
968 z >>= 8;
969 x ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
970 z >>= 8;
971 x ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
972 z = expkey[1];
973 z ^= x;
974 z = z << 4 | z >> 28;
975 y ^= * (u32 *) ((u8 *) (des_keymap + 448) + (0xFC & z));
976 z >>= 8;
977 y ^= * (u32 *) ((u8 *) (des_keymap + 384) + (0xFC & z));
978 z >>= 8;
979 y ^= * (u32 *) ((u8 *) (des_keymap + 320) + (0xFC & z));
980 z >>= 8;
981 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
982 z = expkey[0];
983 z ^= x;
984 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
985 z >>= 8;
986 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
987 z >>= 8;
988 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
989 z >>= 8;
990 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
991 x = x << 1 | x >> 31;
992 z = (x ^ y) & 0x55555555L;
993 y ^= z;
994 x ^= z;
995 y = y << 1 | y >> 31;
996 z = ((x >> 010) ^ y) & 0x00FF00FFL;
997 x ^= z << 010;
998 y ^= z;
999 z = ((y >> 002) ^ x) & 0x33333333L;
1000 y ^= z << 002;
1001 x ^= z;
1002 z = ((x >> 020) ^ y) & 0x0000FFFFL;
1003 x ^= z << 020;
1004 y ^= z;
1005 z = ((y >> 004) ^ x) & 0x0F0F0F0FL;
1006 y ^= z << 004;
1007 x ^= z;
1008 dst[0] = x;
1009 x >>= 8;
1010 dst[1] = x;
1011 x >>= 8;
1012 dst[2] = x;
1013 x >>= 8;
1014 dst[3] = x;
1015 dst[4] = y;
1016 y >>= 8;
1017 dst[5] = y;
1018 y >>= 8;
1019 dst[6] = y;
1020 y >>= 8;
1021 dst[7] = y;
1022 }
1023
1024 /*
1025 * RFC2451: Weak key checks SHOULD be performed.
1026 */
1027 static int setkey(u32 *expkey, const u8 *key, unsigned int keylen, u32 *flags)
1028 {
1029 const u8 *k;
1030 u8 *b0, *b1;
1031 u32 n, w;
1032 u8 bits0[56], bits1[56];
1033
1034 n = parity[key[0]]; n <<= 4;
1035 n |= parity[key[1]]; n <<= 4;
1036 n |= parity[key[2]]; n <<= 4;
1037 n |= parity[key[3]]; n <<= 4;
1038 n |= parity[key[4]]; n <<= 4;
1039 n |= parity[key[5]]; n <<= 4;
1040 n |= parity[key[6]]; n <<= 4;
1041 n |= parity[key[7]];
1042 w = 0x88888888L;
1043
1044 if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY)
1045 && !((n - (w >> 3)) & w)) { /* 1 in 10^10 keys passes this test */
1046 if (n < 0x41415151) {
1047 if (n < 0x31312121) {
1048 if (n < 0x14141515) {
1049 /* 01 01 01 01 01 01 01 01 */
1050 if (n == 0x11111111) goto weak;
1051 /* 01 1F 01 1F 01 0E 01 0E */
1052 if (n == 0x13131212) goto weak;
1053 } else {
1054 /* 01 E0 01 E0 01 F1 01 F1 */
1055 if (n == 0x14141515) goto weak;
1056 /* 01 FE 01 FE 01 FE 01 FE */
1057 if (n == 0x16161616) goto weak;
1058 }
1059 } else {
1060 if (n < 0x34342525) {
1061 /* 1F 01 1F 01 0E 01 0E 01 */
1062 if (n == 0x31312121) goto weak;
1063 /* 1F 1F 1F 1F 0E 0E 0E 0E (?) */
1064 if (n == 0x33332222) goto weak;
1065 } else {
1066 /* 1F E0 1F E0 0E F1 0E F1 */
1067 if (n == 0x34342525) goto weak;
1068 /* 1F FE 1F FE 0E FE 0E FE */
1069 if (n == 0x36362626) goto weak;
1070 }
1071 }
1072 } else {
1073 if (n < 0x61616161) {
1074 if (n < 0x44445555) {
1075 /* E0 01 E0 01 F1 01 F1 01 */
1076 if (n == 0x41415151) goto weak;
1077 /* E0 1F E0 1F F1 0E F1 0E */
1078 if (n == 0x43435252) goto weak;
1079 } else {
1080 /* E0 E0 E0 E0 F1 F1 F1 F1 (?) */
1081 if (n == 0x44445555) goto weak;
1082 /* E0 FE E0 FE F1 FE F1 FE */
1083 if (n == 0x46465656) goto weak;
1084 }
1085 } else {
1086 if (n < 0x64646565) {
1087 /* FE 01 FE 01 FE 01 FE 01 */
1088 if (n == 0x61616161) goto weak;
1089 /* FE 1F FE 1F FE 0E FE 0E */
1090 if (n == 0x63636262) goto weak;
1091 } else {
1092 /* FE E0 FE E0 FE F1 FE F1 */
1093 if (n == 0x64646565) goto weak;
1094 /* FE FE FE FE FE FE FE FE */
1095 if (n == 0x66666666) goto weak;
1096 }
1097 }
1098 }
1099
1100 goto not_weak;
1101 weak:
1102 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
1103 return -EINVAL;
1104 }
1105
1106 not_weak:
1107
1108 /* explode the bits */
1109 n = 56;
1110 b0 = bits0;
1111 b1 = bits1;
1112
1113 do {
1114 w = (256 | *key++) << 2;
1115 do {
1116 --n;
1117 b1[n] = 8 & w;
1118 w >>= 1;
1119 b0[n] = 4 & w;
1120 } while ( w >= 16 );
1121 } while ( n );
1122
1123 /* put the bits in the correct places */
1124 n = 16;
1125 k = rotors;
1126
1127 do {
1128 w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
1129 w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
1130 w |= b1[k[ 4 ]] | b0[k[ 5 ]];
1131 w <<= 8;
1132 w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
1133 w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
1134 w |= b1[k[10 ]] | b0[k[11 ]];
1135 w <<= 8;
1136 w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
1137 w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
1138 w |= b1[k[16 ]] | b0[k[17 ]];
1139 w <<= 8;
1140 w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
1141 w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
1142 w |= b1[k[22 ]] | b0[k[23 ]];
1143 expkey[0] = w;
1144
1145 w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
1146 w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
1147 w |= b1[k[ 4+24]] | b0[k[ 5+24]];
1148 w <<= 8;
1149 w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
1150 w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
1151 w |= b1[k[10+24]] | b0[k[11+24]];
1152 w <<= 8;
1153 w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
1154 w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
1155 w |= b1[k[16+24]] | b0[k[17+24]];
1156 w <<= 8;
1157 w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
1158 w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
1159 w |= b1[k[22+24]] | b0[k[23+24]];
1160
1161 ROR(w, 4, 28); /* could be eliminated */
1162 expkey[1] = w;
1163
1164 k += 48;
1165 expkey += 2;
1166 } while (--n);
1167
1168 return 0;
1169 }
1170
1171 static int des_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
1172 {
1173 return setkey(((struct des_ctx *)ctx)->expkey, key, keylen, flags);
1174 }
1175
1176 static void des_encrypt(void *ctx, u8 *dst, const u8 *src)
1177 {
1178 des_small_fips_encrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1179 }
1180
1181 static void des_decrypt(void *ctx, u8 *dst, const u8 *src)
1182 {
1183 des_small_fips_decrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1184 }
1185
1186 /*
1187 * RFC2451:
1188 *
1189 * For DES-EDE3, there is no known need to reject weak or
1190 * complementation keys. Any weakness is obviated by the use of
1191 * multiple keys.
1192 *
1193 * However, if the first two or last two independent 64-bit keys are
1194 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
1195 * same as DES. Implementers MUST reject keys that exhibit this
1196 * property.
1197 *
1198 */
1199 static int des3_ede_setkey(void *ctx, const u8 *key,
1200 unsigned int keylen, u32 *flags)
1201 {
1202 unsigned int i, off;
1203 struct des3_ede_ctx *dctx = ctx;
1204
1205 if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
1206 memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
1207 DES_KEY_SIZE))) {
1208
1209 *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
1210 return -EINVAL;
1211 }
1212
1213 for (i = 0, off = 0; i < 3; i++, off += DES_EXPKEY_WORDS,
1214 key += DES_KEY_SIZE) {
1215 int ret = setkey(&dctx->expkey[off], key, DES_KEY_SIZE, flags);
1216 if (ret < 0)
1217 return ret;
1218 }
1219 return 0;
1220 }
1221
1222 static void des3_ede_encrypt(void *ctx, u8 *dst, const u8 *src)
1223 {
1224 struct des3_ede_ctx *dctx = ctx;
1225
1226 des_small_fips_encrypt(dctx->expkey, dst, src);
1227 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1228 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, dst);
1229 }
1230
1231 static void des3_ede_decrypt(void *ctx, u8 *dst, const u8 *src)
1232 {
1233 struct des3_ede_ctx *dctx = ctx;
1234
1235 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, src);
1236 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1237 des_small_fips_decrypt(dctx->expkey, dst, dst);
1238 }
1239
1240 static struct crypto_alg des_alg = {
1241 .cra_name = "des",
1242 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1243 .cra_blocksize = DES_BLOCK_SIZE,
1244 .cra_ctxsize = sizeof(struct des_ctx),
1245 .cra_module = THIS_MODULE,
1246 .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
1247 .cra_u = { .cipher = {
1248 .cia_min_keysize = DES_KEY_SIZE,
1249 .cia_max_keysize = DES_KEY_SIZE,
1250 .cia_setkey = des_setkey,
1251 .cia_encrypt = des_encrypt,
1252 .cia_decrypt = des_decrypt } }
1253 };
1254
1255 static struct crypto_alg des3_ede_alg = {
1256 .cra_name = "des3_ede",
1257 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1258 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1259 .cra_ctxsize = sizeof(struct des3_ede_ctx),
1260 .cra_module = THIS_MODULE,
1261 .cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list),
1262 .cra_u = { .cipher = {
1263 .cia_min_keysize = DES3_EDE_KEY_SIZE,
1264 .cia_max_keysize = DES3_EDE_KEY_SIZE,
1265 .cia_setkey = des3_ede_setkey,
1266 .cia_encrypt = des3_ede_encrypt,
1267 .cia_decrypt = des3_ede_decrypt } }
1268 };
1269
1270 MODULE_ALIAS("des3_ede");
1271
1272 static int __init init(void)
1273 {
1274 int ret = 0;
1275
1276 ret = crypto_register_alg(&des_alg);
1277 if (ret < 0)
1278 goto out;
1279
1280 ret = crypto_register_alg(&des3_ede_alg);
1281 if (ret < 0)
1282 crypto_unregister_alg(&des_alg);
1283 out:
1284 return ret;
1285 }
1286
1287 static void __exit fini(void)
1288 {
1289 crypto_unregister_alg(&des3_ede_alg);
1290 crypto_unregister_alg(&des_alg);
1291 }
1292
1293 module_init(init);
1294 module_exit(fini);
1295
1296 MODULE_LICENSE("GPL");
1297 MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
Linux kernel - Deliverables
This page took 0.066369 seconds and 6 git commands to generate.