/src/botan/src/lib/block/des/des.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * DES |
3 | | * (C) 1999-2008,2018,2020 Jack Lloyd |
4 | | * |
5 | | * Based on a public domain implemenation by Phil Karn (who in turn |
6 | | * credited Richard Outerbridge and Jim Gillogly) |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | */ |
10 | | |
11 | | #include <botan/internal/des.h> |
12 | | #include <botan/internal/loadstor.h> |
13 | | #include <botan/internal/rotate.h> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | namespace { |
18 | | |
19 | | alignas(256) const uint8_t SPBOX_CATS[64*8] = { |
20 | | 0x54, 0x00, 0x10, 0x55, 0x51, 0x15, 0x01, 0x10, 0x04, 0x54, 0x55, 0x04, 0x45, 0x51, 0x40, 0x01, |
21 | | 0x05, 0x44, 0x44, 0x14, 0x14, 0x50, 0x50, 0x45, 0x11, 0x41, 0x41, 0x11, 0x00, 0x05, 0x15, 0x40, |
22 | | 0x10, 0x55, 0x01, 0x50, 0x54, 0x40, 0x40, 0x04, 0x51, 0x10, 0x14, 0x41, 0x04, 0x01, 0x45, 0x15, |
23 | | 0x55, 0x11, 0x50, 0x45, 0x41, 0x05, 0x15, 0x54, 0x05, 0x44, 0x44, 0x00, 0x11, 0x14, 0x00, 0x51, |
24 | | |
25 | | 0x55, 0x44, 0x04, 0x15, 0x10, 0x01, 0x51, 0x45, 0x41, 0x55, 0x54, 0x40, 0x44, 0x10, 0x01, 0x51, |
26 | | 0x14, 0x11, 0x45, 0x00, 0x40, 0x04, 0x15, 0x50, 0x11, 0x41, 0x00, 0x14, 0x05, 0x54, 0x50, 0x05, |
27 | | 0x00, 0x15, 0x51, 0x10, 0x45, 0x50, 0x54, 0x04, 0x50, 0x44, 0x01, 0x55, 0x15, 0x01, 0x04, 0x40, |
28 | | 0x05, 0x54, 0x10, 0x41, 0x11, 0x45, 0x41, 0x11, 0x14, 0x00, 0x44, 0x05, 0x40, 0x51, 0x55, 0x14, |
29 | | |
30 | | 0x09, 0xA8, 0x00, 0xA1, 0x88, 0x00, 0x29, 0x88, 0x21, 0x81, 0x81, 0x20, 0xA9, 0x21, 0xA0, 0x09, |
31 | | 0x80, 0x01, 0xA8, 0x08, 0x28, 0xA0, 0xA1, 0x29, 0x89, 0x28, 0x20, 0x89, 0x01, 0xA9, 0x08, 0x80, |
32 | | 0xA8, 0x80, 0x21, 0x09, 0x20, 0xA8, 0x88, 0x00, 0x08, 0x21, 0xA9, 0x88, 0x81, 0x08, 0x00, 0xA1, |
33 | | 0x89, 0x20, 0x80, 0xA9, 0x01, 0x29, 0x28, 0x81, 0xA0, 0x89, 0x09, 0xA0, 0x29, 0x01, 0xA1, 0x28, |
34 | | |
35 | | 0x51, 0x15, 0x15, 0x04, 0x54, 0x45, 0x41, 0x11, 0x00, 0x50, 0x50, 0x55, 0x05, 0x00, 0x44, 0x41, |
36 | | 0x01, 0x10, 0x40, 0x51, 0x04, 0x40, 0x11, 0x14, 0x45, 0x01, 0x14, 0x44, 0x10, 0x54, 0x55, 0x05, |
37 | | 0x44, 0x41, 0x50, 0x55, 0x05, 0x00, 0x00, 0x50, 0x14, 0x44, 0x45, 0x01, 0x51, 0x15, 0x15, 0x04, |
38 | | 0x55, 0x05, 0x01, 0x10, 0x41, 0x11, 0x54, 0x45, 0x11, 0x14, 0x40, 0x51, 0x04, 0x40, 0x10, 0x54, |
39 | | |
40 | | 0x01, 0x29, 0x28, 0xA1, 0x08, 0x01, 0x80, 0x28, 0x89, 0x08, 0x21, 0x89, 0xA1, 0xA8, 0x09, 0x80, |
41 | | 0x20, 0x88, 0x88, 0x00, 0x81, 0xA9, 0xA9, 0x21, 0xA8, 0x81, 0x00, 0xA0, 0x29, 0x20, 0xA0, 0x09, |
42 | | 0x08, 0xA1, 0x01, 0x20, 0x80, 0x28, 0xA1, 0x89, 0x21, 0x80, 0xA8, 0x29, 0x89, 0x01, 0x20, 0xA8, |
43 | | 0xA9, 0x09, 0xA0, 0xA9, 0x28, 0x00, 0x88, 0xA0, 0x09, 0x21, 0x81, 0x08, 0x00, 0x88, 0x29, 0x81, |
44 | | |
45 | | 0x41, 0x50, 0x04, 0x55, 0x50, 0x01, 0x55, 0x10, 0x44, 0x15, 0x10, 0x41, 0x11, 0x44, 0x40, 0x05, |
46 | | 0x00, 0x11, 0x45, 0x04, 0x14, 0x45, 0x01, 0x51, 0x51, 0x00, 0x15, 0x54, 0x05, 0x14, 0x54, 0x40, |
47 | | 0x44, 0x01, 0x51, 0x14, 0x55, 0x10, 0x05, 0x41, 0x10, 0x44, 0x40, 0x05, 0x41, 0x55, 0x14, 0x50, |
48 | | 0x15, 0x54, 0x00, 0x51, 0x01, 0x04, 0x50, 0x15, 0x04, 0x11, 0x45, 0x00, 0x54, 0x40, 0x11, 0x45, |
49 | | |
50 | | 0x10, 0x51, 0x45, 0x00, 0x04, 0x45, 0x15, 0x54, 0x55, 0x10, 0x00, 0x41, 0x01, 0x40, 0x51, 0x05, |
51 | | 0x44, 0x15, 0x11, 0x44, 0x41, 0x50, 0x54, 0x11, 0x50, 0x04, 0x05, 0x55, 0x14, 0x01, 0x40, 0x14, |
52 | | 0x40, 0x14, 0x10, 0x45, 0x45, 0x51, 0x51, 0x01, 0x11, 0x40, 0x44, 0x10, 0x54, 0x05, 0x15, 0x54, |
53 | | 0x05, 0x41, 0x55, 0x50, 0x14, 0x00, 0x01, 0x55, 0x00, 0x15, 0x50, 0x04, 0x41, 0x44, 0x04, 0x11, |
54 | | |
55 | | 0x89, 0x08, 0x20, 0xA9, 0x80, 0x89, 0x01, 0x80, 0x21, 0xA0, 0xA9, 0x28, 0xA8, 0x29, 0x08, 0x01, |
56 | | 0xA0, 0x81, 0x88, 0x09, 0x28, 0x21, 0xA1, 0xA8, 0x09, 0x00, 0x00, 0xA1, 0x81, 0x88, 0x29, 0x20, |
57 | | 0x29, 0x20, 0xa8, 0x08, 0x01, 0xA1, 0x08, 0x29, 0x88, 0x01, 0x81, 0xA0, 0xA1, 0x80, 0x20, 0x89, |
58 | | 0x00, 0xA9, 0x21, 0x81, 0xA0, 0x88, 0x89, 0x00, 0xA9, 0x28, 0x28, 0x09, 0x09, 0x21, 0x80, 0xA8, |
59 | | }; |
60 | | |
61 | | const uint32_t SPBOX_CAT_0_MUL = 0x70041106; |
62 | | const uint32_t SPBOX_CAT_1_MUL = 0x02012020; |
63 | | const uint32_t SPBOX_CAT_2_MUL = 0x00901048; |
64 | | const uint32_t SPBOX_CAT_3_MUL = 0x8e060221; |
65 | | const uint32_t SPBOX_CAT_4_MUL = 0x00912140; |
66 | | const uint32_t SPBOX_CAT_5_MUL = 0x80841018; |
67 | | const uint32_t SPBOX_CAT_6_MUL = 0xe0120202; |
68 | | const uint32_t SPBOX_CAT_7_MUL = 0x00212240; |
69 | | |
70 | | const uint32_t SPBOX_CAT_0_MASK = 0x01010404; |
71 | | const uint32_t SPBOX_CAT_1_MASK = 0x80108020; |
72 | | const uint32_t SPBOX_CAT_2_MASK = 0x08020208; |
73 | | const uint32_t SPBOX_CAT_3_MASK = 0x00802081; |
74 | | const uint32_t SPBOX_CAT_4_MASK = 0x42080100; |
75 | | const uint32_t SPBOX_CAT_5_MASK = 0x20404010; |
76 | | const uint32_t SPBOX_CAT_6_MASK = 0x04200802; |
77 | | const uint32_t SPBOX_CAT_7_MASK = 0x10041040; |
78 | | |
79 | | /* |
80 | | * DES Key Schedule |
81 | | */ |
82 | | void des_key_schedule(uint32_t round_key[32], const uint8_t key[8]) |
83 | 651 | { |
84 | 651 | static const uint8_t ROT[16] = { 1, 1, 2, 2, 2, 2, 2, 2, |
85 | 651 | 1, 2, 2, 2, 2, 2, 2, 1 }; |
86 | | |
87 | 651 | uint32_t C = ((key[7] & 0x80) << 20) | ((key[6] & 0x80) << 19) | |
88 | 651 | ((key[5] & 0x80) << 18) | ((key[4] & 0x80) << 17) | |
89 | 651 | ((key[3] & 0x80) << 16) | ((key[2] & 0x80) << 15) | |
90 | 651 | ((key[1] & 0x80) << 14) | ((key[0] & 0x80) << 13) | |
91 | 651 | ((key[7] & 0x40) << 13) | ((key[6] & 0x40) << 12) | |
92 | 651 | ((key[5] & 0x40) << 11) | ((key[4] & 0x40) << 10) | |
93 | 651 | ((key[3] & 0x40) << 9) | ((key[2] & 0x40) << 8) | |
94 | 651 | ((key[1] & 0x40) << 7) | ((key[0] & 0x40) << 6) | |
95 | 651 | ((key[7] & 0x20) << 6) | ((key[6] & 0x20) << 5) | |
96 | 651 | ((key[5] & 0x20) << 4) | ((key[4] & 0x20) << 3) | |
97 | 651 | ((key[3] & 0x20) << 2) | ((key[2] & 0x20) << 1) | |
98 | 651 | ((key[1] & 0x20) ) | ((key[0] & 0x20) >> 1) | |
99 | 651 | ((key[7] & 0x10) >> 1) | ((key[6] & 0x10) >> 2) | |
100 | 651 | ((key[5] & 0x10) >> 3) | ((key[4] & 0x10) >> 4); |
101 | 651 | uint32_t D = ((key[7] & 0x02) << 26) | ((key[6] & 0x02) << 25) | |
102 | 651 | ((key[5] & 0x02) << 24) | ((key[4] & 0x02) << 23) | |
103 | 651 | ((key[3] & 0x02) << 22) | ((key[2] & 0x02) << 21) | |
104 | 651 | ((key[1] & 0x02) << 20) | ((key[0] & 0x02) << 19) | |
105 | 651 | ((key[7] & 0x04) << 17) | ((key[6] & 0x04) << 16) | |
106 | 651 | ((key[5] & 0x04) << 15) | ((key[4] & 0x04) << 14) | |
107 | 651 | ((key[3] & 0x04) << 13) | ((key[2] & 0x04) << 12) | |
108 | 651 | ((key[1] & 0x04) << 11) | ((key[0] & 0x04) << 10) | |
109 | 651 | ((key[7] & 0x08) << 8) | ((key[6] & 0x08) << 7) | |
110 | 651 | ((key[5] & 0x08) << 6) | ((key[4] & 0x08) << 5) | |
111 | 651 | ((key[3] & 0x08) << 4) | ((key[2] & 0x08) << 3) | |
112 | 651 | ((key[1] & 0x08) << 2) | ((key[0] & 0x08) << 1) | |
113 | 651 | ((key[3] & 0x10) >> 1) | ((key[2] & 0x10) >> 2) | |
114 | 651 | ((key[1] & 0x10) >> 3) | ((key[0] & 0x10) >> 4); |
115 | | |
116 | 11.0k | for(size_t i = 0; i != 16; ++i) |
117 | 10.4k | { |
118 | 10.4k | C = ((C << ROT[i]) | (C >> (28-ROT[i]))) & 0x0FFFFFFF; |
119 | 10.4k | D = ((D << ROT[i]) | (D >> (28-ROT[i]))) & 0x0FFFFFFF; |
120 | 10.4k | round_key[2*i ] = ((C & 0x00000010) << 22) | ((C & 0x00000800) << 17) | |
121 | 10.4k | ((C & 0x00000020) << 16) | ((C & 0x00004004) << 15) | |
122 | 10.4k | ((C & 0x00000200) << 11) | ((C & 0x00020000) << 10) | |
123 | 10.4k | ((C & 0x01000000) >> 6) | ((C & 0x00100000) >> 4) | |
124 | 10.4k | ((C & 0x00010000) << 3) | ((C & 0x08000000) >> 2) | |
125 | 10.4k | ((C & 0x00800000) << 1) | ((D & 0x00000010) << 8) | |
126 | 10.4k | ((D & 0x00000002) << 7) | ((D & 0x00000001) << 2) | |
127 | 10.4k | ((D & 0x00000200) ) | ((D & 0x00008000) >> 2) | |
128 | 10.4k | ((D & 0x00000088) >> 3) | ((D & 0x00001000) >> 7) | |
129 | 10.4k | ((D & 0x00080000) >> 9) | ((D & 0x02020000) >> 14) | |
130 | 10.4k | ((D & 0x00400000) >> 21); |
131 | 10.4k | round_key[2*i+1] = ((C & 0x00000001) << 28) | ((C & 0x00000082) << 18) | |
132 | 10.4k | ((C & 0x00002000) << 14) | ((C & 0x00000100) << 10) | |
133 | 10.4k | ((C & 0x00001000) << 9) | ((C & 0x00040000) << 6) | |
134 | 10.4k | ((C & 0x02400000) << 4) | ((C & 0x00008000) << 2) | |
135 | 10.4k | ((C & 0x00200000) >> 1) | ((C & 0x04000000) >> 10) | |
136 | 10.4k | ((D & 0x00000020) << 6) | ((D & 0x00000100) ) | |
137 | 10.4k | ((D & 0x00000800) >> 1) | ((D & 0x00000040) >> 3) | |
138 | 10.4k | ((D & 0x00010000) >> 4) | ((D & 0x00000400) >> 5) | |
139 | 10.4k | ((D & 0x00004000) >> 10) | ((D & 0x04000000) >> 13) | |
140 | 10.4k | ((D & 0x00800000) >> 14) | ((D & 0x00100000) >> 18) | |
141 | 10.4k | ((D & 0x01000000) >> 24) | ((D & 0x08000000) >> 26); |
142 | 10.4k | } |
143 | 651 | } |
144 | | |
145 | | inline uint32_t spbox(uint32_t T0, uint32_t T1) |
146 | 196k | { |
147 | 196k | return |
148 | 196k | ((SPBOX_CATS[0*64 + ((T0 >> 24) & 0x3F)] * SPBOX_CAT_0_MUL) & SPBOX_CAT_0_MASK) ^ |
149 | 196k | ((SPBOX_CATS[1*64 + ((T1 >> 24) & 0x3F)] * SPBOX_CAT_1_MUL) & SPBOX_CAT_1_MASK) ^ |
150 | 196k | ((SPBOX_CATS[2*64 + ((T0 >> 16) & 0x3F)] * SPBOX_CAT_2_MUL) & SPBOX_CAT_2_MASK) ^ |
151 | 196k | ((SPBOX_CATS[3*64 + ((T1 >> 16) & 0x3F)] * SPBOX_CAT_3_MUL) & SPBOX_CAT_3_MASK) ^ |
152 | 196k | ((SPBOX_CATS[4*64 + ((T0 >> 8) & 0x3F)] * SPBOX_CAT_4_MUL) & SPBOX_CAT_4_MASK) ^ |
153 | 196k | ((SPBOX_CATS[5*64 + ((T1 >> 8) & 0x3F)] * SPBOX_CAT_5_MUL) & SPBOX_CAT_5_MASK) ^ |
154 | 196k | ((SPBOX_CATS[6*64 + ((T0 >> 0) & 0x3F)] * SPBOX_CAT_6_MUL) & SPBOX_CAT_6_MASK) ^ |
155 | 196k | ((SPBOX_CATS[7*64 + ((T1 >> 0) & 0x3F)] * SPBOX_CAT_7_MUL) & SPBOX_CAT_7_MASK); |
156 | 196k | } |
157 | | |
158 | | /* |
159 | | * DES Encryption |
160 | | */ |
161 | | inline void des_encrypt(uint32_t& Lr, uint32_t& Rr, |
162 | | const uint32_t round_key[32]) |
163 | 1.09k | { |
164 | 1.09k | uint32_t L = Lr; |
165 | 1.09k | uint32_t R = Rr; |
166 | 9.84k | for(size_t i = 0; i != 16; i += 2) |
167 | 8.75k | { |
168 | 8.75k | L ^= spbox(rotr<4>(R) ^ round_key[2*i ], R ^ round_key[2*i+1]); |
169 | 8.75k | R ^= spbox(rotr<4>(L) ^ round_key[2*i+2], L ^ round_key[2*i+3]); |
170 | 8.75k | } |
171 | | |
172 | 1.09k | Lr = L; |
173 | 1.09k | Rr = R; |
174 | 1.09k | } |
175 | | |
176 | | inline void des_encrypt_x2(uint32_t& L0r, uint32_t& R0r, |
177 | | uint32_t& L1r, uint32_t& R1r, |
178 | | const uint32_t round_key[32]) |
179 | 1.76k | { |
180 | 1.76k | uint32_t L0 = L0r; |
181 | 1.76k | uint32_t R0 = R0r; |
182 | 1.76k | uint32_t L1 = L1r; |
183 | 1.76k | uint32_t R1 = R1r; |
184 | | |
185 | 15.8k | for(size_t i = 0; i != 16; i += 2) |
186 | 14.1k | { |
187 | 14.1k | L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i ], R0 ^ round_key[2*i+1]); |
188 | 14.1k | L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i ], R1 ^ round_key[2*i+1]); |
189 | | |
190 | 14.1k | R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i+2], L0 ^ round_key[2*i+3]); |
191 | 14.1k | R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i+2], L1 ^ round_key[2*i+3]); |
192 | 14.1k | } |
193 | | |
194 | 1.76k | L0r = L0; |
195 | 1.76k | R0r = R0; |
196 | 1.76k | L1r = L1; |
197 | 1.76k | R1r = R1; |
198 | 1.76k | } |
199 | | |
200 | | /* |
201 | | * DES Decryption |
202 | | */ |
203 | | inline void des_decrypt(uint32_t& Lr, uint32_t& Rr, |
204 | | const uint32_t round_key[32]) |
205 | 583 | { |
206 | 583 | uint32_t L = Lr; |
207 | 583 | uint32_t R = Rr; |
208 | 5.24k | for(size_t i = 16; i != 0; i -= 2) |
209 | 4.66k | { |
210 | 4.66k | L ^= spbox(rotr<4>(R) ^ round_key[2*i - 2], R ^ round_key[2*i - 1]); |
211 | 4.66k | R ^= spbox(rotr<4>(L) ^ round_key[2*i - 4], L ^ round_key[2*i - 3]); |
212 | 4.66k | } |
213 | 583 | Lr = L; |
214 | 583 | Rr = R; |
215 | 583 | } |
216 | | |
217 | | inline void des_decrypt_x2(uint32_t& L0r, uint32_t& R0r, |
218 | | uint32_t& L1r, uint32_t& R1r, |
219 | | const uint32_t round_key[32]) |
220 | 3.53k | { |
221 | 3.53k | uint32_t L0 = L0r; |
222 | 3.53k | uint32_t R0 = R0r; |
223 | 3.53k | uint32_t L1 = L1r; |
224 | 3.53k | uint32_t R1 = R1r; |
225 | | |
226 | 31.7k | for(size_t i = 16; i != 0; i -= 2) |
227 | 28.2k | { |
228 | 28.2k | L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i - 2], R0 ^ round_key[2*i - 1]); |
229 | 28.2k | L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i - 2], R1 ^ round_key[2*i - 1]); |
230 | | |
231 | 28.2k | R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i - 4], L0 ^ round_key[2*i - 3]); |
232 | 28.2k | R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i - 4], L1 ^ round_key[2*i - 3]); |
233 | 28.2k | } |
234 | | |
235 | 3.53k | L0r = L0; |
236 | 3.53k | R0r = R0; |
237 | 3.53k | L1r = L1; |
238 | 3.53k | R1r = R1; |
239 | 3.53k | } |
240 | | |
241 | | inline void des_IP(uint32_t& L, uint32_t& R) |
242 | 4.08k | { |
243 | | // IP sequence by Wei Dai, taken from public domain Crypto++ |
244 | 4.08k | uint32_t T; |
245 | 4.08k | R = rotl<4>(R); |
246 | 4.08k | T = (L ^ R) & 0xF0F0F0F0; |
247 | 4.08k | L ^= T; |
248 | 4.08k | R = rotr<20>(R ^ T); |
249 | 4.08k | T = (L ^ R) & 0xFFFF0000; |
250 | 4.08k | L ^= T; |
251 | 4.08k | R = rotr<18>(R ^ T); |
252 | 4.08k | T = (L ^ R) & 0x33333333; |
253 | 4.08k | L ^= T; |
254 | 4.08k | R = rotr<6>(R ^ T); |
255 | 4.08k | T = (L ^ R) & 0x00FF00FF; |
256 | 4.08k | L ^= T; |
257 | 4.08k | R = rotl<9>(R ^ T); |
258 | 4.08k | T = (L ^ R) & 0xAAAAAAAA; |
259 | 4.08k | L = rotl<1>(L ^ T); |
260 | 4.08k | R ^= T; |
261 | 4.08k | } |
262 | | |
263 | | inline void des_FP(uint32_t& L, uint32_t& R) |
264 | 4.08k | { |
265 | | // FP sequence by Wei Dai, taken from public domain Crypto++ |
266 | 4.08k | uint32_t T; |
267 | | |
268 | 4.08k | R = rotr<1>(R); |
269 | 4.08k | T = (L ^ R) & 0xAAAAAAAA; |
270 | 4.08k | R ^= T; |
271 | 4.08k | L = rotr<9>(L ^ T); |
272 | 4.08k | T = (L ^ R) & 0x00FF00FF; |
273 | 4.08k | R ^= T; |
274 | 4.08k | L = rotl<6>(L ^ T); |
275 | 4.08k | T = (L ^ R) & 0x33333333; |
276 | 4.08k | R ^= T; |
277 | 4.08k | L = rotl<18>(L ^ T); |
278 | 4.08k | T = (L ^ R) & 0xFFFF0000; |
279 | 4.08k | R ^= T; |
280 | 4.08k | L = rotl<20>(L ^ T); |
281 | 4.08k | T = (L ^ R) & 0xF0F0F0F0; |
282 | 4.08k | R ^= T; |
283 | 4.08k | L = rotr<4>(L ^ T); |
284 | 4.08k | } |
285 | | |
286 | | } |
287 | | |
288 | | /* |
289 | | * DES Encryption |
290 | | */ |
291 | | void DES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const |
292 | 0 | { |
293 | 0 | verify_key_set(m_round_key.empty() == false); |
294 | |
|
295 | 0 | while(blocks >= 2) |
296 | 0 | { |
297 | 0 | uint32_t L0 = load_be<uint32_t>(in, 0); |
298 | 0 | uint32_t R0 = load_be<uint32_t>(in, 1); |
299 | 0 | uint32_t L1 = load_be<uint32_t>(in, 2); |
300 | 0 | uint32_t R1 = load_be<uint32_t>(in, 3); |
301 | |
|
302 | 0 | des_IP(L0, R0); |
303 | 0 | des_IP(L1, R1); |
304 | |
|
305 | 0 | des_encrypt_x2(L0, R0, L1, R1, m_round_key.data()); |
306 | |
|
307 | 0 | des_FP(L0, R0); |
308 | 0 | des_FP(L1, R1); |
309 | |
|
310 | 0 | store_be(out, R0, L0, R1, L1); |
311 | |
|
312 | 0 | in += 2*BLOCK_SIZE; |
313 | 0 | out += 2*BLOCK_SIZE; |
314 | 0 | blocks -= 2; |
315 | 0 | } |
316 | |
|
317 | 0 | while(blocks > 0) |
318 | 0 | { |
319 | 0 | uint32_t L0 = load_be<uint32_t>(in, 0); |
320 | 0 | uint32_t R0 = load_be<uint32_t>(in, 1); |
321 | 0 | des_IP(L0, R0); |
322 | 0 | des_encrypt(L0, R0, m_round_key.data()); |
323 | 0 | des_FP(L0, R0); |
324 | 0 | store_be(out, R0, L0); |
325 | |
|
326 | 0 | in += BLOCK_SIZE; |
327 | 0 | out += BLOCK_SIZE; |
328 | 0 | blocks -= 1; |
329 | 0 | } |
330 | 0 | } |
331 | | |
332 | | /* |
333 | | * DES Decryption |
334 | | */ |
335 | | void DES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const |
336 | 0 | { |
337 | 0 | verify_key_set(m_round_key.empty() == false); |
338 | |
|
339 | 0 | while(blocks >= 2) |
340 | 0 | { |
341 | 0 | uint32_t L0 = load_be<uint32_t>(in, 0); |
342 | 0 | uint32_t R0 = load_be<uint32_t>(in, 1); |
343 | 0 | uint32_t L1 = load_be<uint32_t>(in, 2); |
344 | 0 | uint32_t R1 = load_be<uint32_t>(in, 3); |
345 | |
|
346 | 0 | des_IP(L0, R0); |
347 | 0 | des_IP(L1, R1); |
348 | |
|
349 | 0 | des_decrypt_x2(L0, R0, L1, R1, m_round_key.data()); |
350 | |
|
351 | 0 | des_FP(L0, R0); |
352 | 0 | des_FP(L1, R1); |
353 | |
|
354 | 0 | store_be(out, R0, L0, R1, L1); |
355 | |
|
356 | 0 | in += 2*BLOCK_SIZE; |
357 | 0 | out += 2*BLOCK_SIZE; |
358 | 0 | blocks -= 2; |
359 | 0 | } |
360 | |
|
361 | 0 | while(blocks > 0) |
362 | 0 | { |
363 | 0 | uint32_t L0 = load_be<uint32_t>(in, 0); |
364 | 0 | uint32_t R0 = load_be<uint32_t>(in, 1); |
365 | 0 | des_IP(L0, R0); |
366 | 0 | des_decrypt(L0, R0, m_round_key.data()); |
367 | 0 | des_FP(L0, R0); |
368 | 0 | store_be(out, R0, L0); |
369 | |
|
370 | 0 | in += BLOCK_SIZE; |
371 | 0 | out += BLOCK_SIZE; |
372 | 0 | blocks -= 1; |
373 | 0 | } |
374 | 0 | } |
375 | | |
376 | | /* |
377 | | * DES Key Schedule |
378 | | */ |
379 | | void DES::key_schedule(const uint8_t key[], size_t) |
380 | 0 | { |
381 | 0 | m_round_key.resize(32); |
382 | 0 | des_key_schedule(m_round_key.data(), key); |
383 | 0 | } |
384 | | |
385 | | void DES::clear() |
386 | 0 | { |
387 | 0 | zap(m_round_key); |
388 | 0 | } |
389 | | |
390 | | /* |
391 | | * TripleDES Encryption |
392 | | */ |
393 | | void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const |
394 | 535 | { |
395 | 535 | verify_key_set(m_round_key.empty() == false); |
396 | | |
397 | 535 | while(blocks >= 2) |
398 | 0 | { |
399 | 0 | uint32_t L0 = load_be<uint32_t>(in, 0); |
400 | 0 | uint32_t R0 = load_be<uint32_t>(in, 1); |
401 | 0 | uint32_t L1 = load_be<uint32_t>(in, 2); |
402 | 0 | uint32_t R1 = load_be<uint32_t>(in, 3); |
403 | |
|
404 | 0 | des_IP(L0, R0); |
405 | 0 | des_IP(L1, R1); |
406 | |
|
407 | 0 | des_encrypt_x2(L0, R0, L1, R1, &m_round_key[0]); |
408 | 0 | des_decrypt_x2(R0, L0, R1, L1, &m_round_key[32]); |
409 | 0 | des_encrypt_x2(L0, R0, L1, R1, &m_round_key[64]); |
410 | |
|
411 | 0 | des_FP(L0, R0); |
412 | 0 | des_FP(L1, R1); |
413 | |
|
414 | 0 | store_be(out, R0, L0, R1, L1); |
415 | |
|
416 | 0 | in += 2*BLOCK_SIZE; |
417 | 0 | out += 2*BLOCK_SIZE; |
418 | 0 | blocks -= 2; |
419 | 0 | } |
420 | | |
421 | 1.07k | while(blocks > 0) |
422 | 535 | { |
423 | 535 | uint32_t L0 = load_be<uint32_t>(in, 0); |
424 | 535 | uint32_t R0 = load_be<uint32_t>(in, 1); |
425 | | |
426 | 535 | des_IP(L0, R0); |
427 | 535 | des_encrypt(L0, R0, &m_round_key[0]); |
428 | 535 | des_decrypt(R0, L0, &m_round_key[32]); |
429 | 535 | des_encrypt(L0, R0, &m_round_key[64]); |
430 | 535 | des_FP(L0, R0); |
431 | | |
432 | 535 | store_be(out, R0, L0); |
433 | | |
434 | 535 | in += BLOCK_SIZE; |
435 | 535 | out += BLOCK_SIZE; |
436 | 535 | blocks -= 1; |
437 | 535 | } |
438 | 535 | } |
439 | | |
440 | | /* |
441 | | * TripleDES Decryption |
442 | | */ |
443 | | void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const |
444 | 901 | { |
445 | 901 | verify_key_set(m_round_key.empty() == false); |
446 | | |
447 | 2.66k | while(blocks >= 2) |
448 | 1.76k | { |
449 | 1.76k | uint32_t L0 = load_be<uint32_t>(in, 0); |
450 | 1.76k | uint32_t R0 = load_be<uint32_t>(in, 1); |
451 | 1.76k | uint32_t L1 = load_be<uint32_t>(in, 2); |
452 | 1.76k | uint32_t R1 = load_be<uint32_t>(in, 3); |
453 | | |
454 | 1.76k | des_IP(L0, R0); |
455 | 1.76k | des_IP(L1, R1); |
456 | | |
457 | 1.76k | des_decrypt_x2(L0, R0, L1, R1, &m_round_key[64]); |
458 | 1.76k | des_encrypt_x2(R0, L0, R1, L1, &m_round_key[32]); |
459 | 1.76k | des_decrypt_x2(L0, R0, L1, R1, &m_round_key[0]); |
460 | | |
461 | 1.76k | des_FP(L0, R0); |
462 | 1.76k | des_FP(L1, R1); |
463 | | |
464 | 1.76k | store_be(out, R0, L0, R1, L1); |
465 | | |
466 | 1.76k | in += 2*BLOCK_SIZE; |
467 | 1.76k | out += 2*BLOCK_SIZE; |
468 | 1.76k | blocks -= 2; |
469 | 1.76k | } |
470 | | |
471 | 925 | while(blocks > 0) |
472 | 24 | { |
473 | 24 | uint32_t L0 = load_be<uint32_t>(in, 0); |
474 | 24 | uint32_t R0 = load_be<uint32_t>(in, 1); |
475 | | |
476 | 24 | des_IP(L0, R0); |
477 | 24 | des_decrypt(L0, R0, &m_round_key[64]); |
478 | 24 | des_encrypt(R0, L0, &m_round_key[32]); |
479 | 24 | des_decrypt(L0, R0, &m_round_key[0]); |
480 | 24 | des_FP(L0, R0); |
481 | | |
482 | 24 | store_be(out, R0, L0); |
483 | | |
484 | 24 | in += BLOCK_SIZE; |
485 | 24 | out += BLOCK_SIZE; |
486 | 24 | blocks -= 1; |
487 | 24 | } |
488 | 901 | } |
489 | | |
490 | | /* |
491 | | * TripleDES Key Schedule |
492 | | */ |
493 | | void TripleDES::key_schedule(const uint8_t key[], size_t length) |
494 | 217 | { |
495 | 217 | m_round_key.resize(3*32); |
496 | 217 | des_key_schedule(&m_round_key[0], key); |
497 | 217 | des_key_schedule(&m_round_key[32], key + 8); |
498 | | |
499 | 217 | if(length == 24) |
500 | 217 | des_key_schedule(&m_round_key[64], key + 16); |
501 | 0 | else |
502 | 0 | copy_mem(&m_round_key[64], &m_round_key[0], 32); |
503 | 217 | } |
504 | | |
505 | | void TripleDES::clear() |
506 | 0 | { |
507 | 0 | zap(m_round_key); |
508 | 0 | } |
509 | | |
510 | | } |