3 * The des block cipher.
8 /* nettle, low-level cryptographics library
10 * Copyright (C) 2001 Niels Möller
12 * The nettle library is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Lesser General Public License as published by
14 * the Free Software Foundation; either version 2.1 of the License, or (at your
15 * option) any later version.
17 * The nettle library is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
20 * License for more details.
22 * You should have received a copy of the GNU Lesser General Public License
23 * along with the nettle library; see the file COPYING.LIB. If not, write to
24 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /* des - fast & portable DES encryption & decryption.
29 * Copyright (C) 1992 Dana L. How
30 * Please see the file `descore.README' for the complete copyright notice.
39 static ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
40 static DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
44 uint32_t des_keymap[] = {
48 static uint8_t rotors[] = {
51 static char parity[] = {
56 des_set_key(struct des_ctx *ctx, const uint8_t *key)
58 register uint32_t n, w;
59 register char * b0, * b1;
60 char bits0[56], bits1[56];
64 /* check for bad parity and weak keys */
66 n = b0[key[0]]; n <<= 4;
67 n |= b0[key[1]]; n <<= 4;
68 n |= b0[key[2]]; n <<= 4;
69 n |= b0[key[3]]; n <<= 4;
70 n |= b0[key[4]]; n <<= 4;
71 n |= b0[key[5]]; n <<= 4;
72 n |= b0[key[6]]; n <<= 4;
75 /* report bad parity in key */
78 ctx->status = DES_BAD_PARITY;
81 ctx->status = DES_WEAK_KEY;
82 /* report a weak or semi-weak key */
83 if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
84 if ( n < 0X41415151 ) {
85 if ( n < 0X31312121 ) {
86 if ( n < 0X14141515 ) {
87 /* 01 01 01 01 01 01 01 01 */
88 if ( n == 0X11111111 ) return 0;
89 /* 01 1F 01 1F 01 0E 01 0E */
90 if ( n == 0X13131212 ) return 0;
92 /* 01 E0 01 E0 01 F1 01 F1 */
93 if ( n == 0X14141515 ) return 0;
94 /* 01 FE 01 FE 01 FE 01 FE */
95 if ( n == 0X16161616 ) return 0;
98 if ( n < 0X34342525 ) {
99 /* 1F 01 1F 01 0E 01 0E 01 */
100 if ( n == 0X31312121 ) return 0;
101 /* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
102 if ( n == 0X33332222 ) return 0;;
104 /* 1F E0 1F E0 0E F1 0E F1 */
105 if ( n == 0X34342525 ) return 0;;
106 /* 1F FE 1F FE 0E FE 0E FE */
107 if ( n == 0X36362626 ) return 0;;
111 if ( n < 0X61616161 ) {
112 if ( n < 0X44445555 ) {
113 /* E0 01 E0 01 F1 01 F1 01 */
114 if ( n == 0X41415151 ) return 0;
115 /* E0 1F E0 1F F1 0E F1 0E */
116 if ( n == 0X43435252 ) return 0;
118 /* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
119 if ( n == 0X44445555 ) return 0;
120 /* E0 FE E0 FE F1 FE F1 FE */
121 if ( n == 0X46465656 ) return 0;
124 if ( n < 0X64646565 ) {
125 /* FE 01 FE 01 FE 01 FE 01 */
126 if ( n == 0X61616161 ) return 0;
127 /* FE 1F FE 1F FE 0E FE 0E */
128 if ( n == 0X63636262 ) return 0;
130 /* FE E0 FE E0 FE F1 FE F1 */
131 if ( n == 0X64646565 ) return 0;
132 /* FE FE FE FE FE FE FE FE */
133 if ( n == 0X66666666 ) return 0;
140 ctx->status = DES_OK;
142 /* explode the bits */
147 w = (256 | *key++) << 2;
156 /* put the bits in the correct places */
162 w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
163 w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
164 w |= b1[k[ 4 ]] | b0[k[ 5 ]];
166 w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
167 w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
168 w |= b1[k[10 ]] | b0[k[11 ]];
170 w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
171 w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
172 w |= b1[k[16 ]] | b0[k[17 ]];
174 w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
175 w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
176 w |= b1[k[22 ]] | b0[k[23 ]];
180 w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
181 w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
182 w |= b1[k[ 4+24]] | b0[k[ 5+24]];
184 w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
185 w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
186 w |= b1[k[10+24]] | b0[k[11+24]];
188 w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
189 w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
190 w |= b1[k[16+24]] | b0[k[17+24]];
192 w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
193 w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
194 w |= b1[k[22+24]] | b0[k[23+24]];
196 ROR(w, 4, 28); /* could be eliminated */
207 des_encrypt(struct des_ctx *ctx,
208 unsigned length, uint8_t *dst,
211 assert(!(length % DES_BLOCK_SIZE));
212 assert(ctx->status == DES_OK);
216 DesSmallFipsEncrypt(dst, ctx->key, src);
217 length -= DES_BLOCK_SIZE;
218 src += DES_BLOCK_SIZE;
219 dst += DES_BLOCK_SIZE;
224 des_decrypt(struct des_ctx *ctx,
225 unsigned length, uint8_t *dst,
228 assert(!(length % DES_BLOCK_SIZE));
229 assert(ctx->status == DES_OK);
233 DesSmallFipsDecrypt(dst, ctx->key, src);
234 length -= DES_BLOCK_SIZE;
235 src += DES_BLOCK_SIZE;
236 dst += DES_BLOCK_SIZE;