1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <gmssl/des.h>
15 #include <gmssl/endian.h>
16
17
18 /* permuted choice 1 for key schedule, 64 bits to 56 bits */
19 static unsigned char PC1[56] = {
20 57, 49, 41, 33, 25, 17, 9,
21 1, 58, 50, 42, 34, 26, 18,
22 10, 2, 59, 51, 43, 35, 27,
23 19, 11, 3, 60, 52, 44, 36,
24 63, 55, 47, 39, 31, 23, 15,
25 7, 62, 54, 46, 38, 30, 22,
26 14, 6, 61, 53, 45, 37, 29,
27 21, 13, 5, 28, 20, 12, 4,
28 };
29
30 /* permuted choice 2 for key schedule, 48 bits to 48 bits */
31 static unsigned char PC2[48] = {
32 14, 17, 11, 24, 1, 5,
33 3, 28, 15, 6, 21, 10,
34 23, 19, 12, 4, 26, 8,
35 16, 7, 27, 20, 13, 2,
36 41, 52, 31, 37, 47, 55,
37 30, 40, 51, 45, 33, 48,
38 44, 49, 39, 56, 34, 53,
39 46, 42, 50, 36, 29, 32,
40 };
41
42 /* rotations for every round of key schedule */
43 static unsigned char S[16] = {
44 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
45 };
46
47 /* initial permutation, 64 bits to 64 bits */
48 static unsigned char IP[64] = {
49 58, 50, 42, 34, 26, 18, 10, 2,
50 60, 52, 44, 36, 28, 20, 12, 4,
51 62, 54, 46, 38, 30, 22, 14, 6,
52 64, 56, 48, 40, 32, 24, 16, 8,
53 57, 49, 41, 33, 25, 17, 9, 1,
54 59, 51, 43, 35, 27, 19, 11, 3,
55 61, 53, 45, 37, 29, 21, 13, 5,
56 63, 55, 47, 39, 31, 23, 15, 7,
57 };
58
59 /* inverse initial permutation, 64 bits to 64 bits */
60 static unsigned char IP_inv[64] = {
61 40, 8, 48, 16, 56, 24, 64, 32,
62 39, 7, 47, 15, 55, 23, 63, 31,
63 38, 6, 46, 14, 54, 22, 62, 30,
64 37, 5, 45, 13, 53, 21, 61, 29,
65 36, 4, 44, 12, 52, 20, 60, 28,
66 35, 3, 43, 11, 51, 19, 59, 27,
67 34, 2, 42, 10, 50, 18, 58, 26,
68 33, 1, 41, 9, 49, 17, 57, 25,
69 };
70
71 /* expansion permutation, 32 bits to 48 bits */
72 static unsigned char E[48] = {
73 32, 1, 2, 3, 4, 5,
74 4, 5, 6, 7, 8, 9,
75 8, 9, 10, 11, 12, 13,
76 12, 13, 14, 15, 16, 17,
77 16, 17, 18, 19, 20, 21,
78 20, 21, 22, 23, 24, 25,
79 24, 25, 26, 27, 28, 29,
80 28, 29, 30, 31, 32, 1,
81 };
82
83 /* eight s-box, 6 bits to 4 bits */
84 static unsigned char S1[64] = {
85 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
86 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
87 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
88 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
89 };
90
91 static unsigned char S2[64] = {
92 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
93 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
94 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
95 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
96 };
97
98 static unsigned char S3[64] = {
99 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
100 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
101 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
102 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
103 };
104
105 static unsigned char S4[64] = {
106 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
107 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
108 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
109 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
110 };
111
112 static unsigned char S5[64] = {
113 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
114 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
115 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
116 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
117 };
118
119 static unsigned char S6[64] = {
120 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
121 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
122 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
123 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
124 };
125
126 static unsigned char S7[64] = {
127 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
128 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
129 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
130 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
131 };
132
133 static unsigned char S8[64] = {
134 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
135 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
136 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
137 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11,
138 };
139
140 /* permutation, 32 bits to 32 bits */
141 static unsigned char P[32] = {
142 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
143 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
144 };
145
146
permute(const unsigned char * table,size_t n,uint64_t A)147 static uint64_t permute(const unsigned char *table, size_t n, uint64_t A)
148 {
149 uint64_t R = 0;
150 for (size_t i = 0; i < n; i++) {
151 R |= (A >> (n - table[i])) & 0x01;
152 }
153 return R;
154 }
155
substitution(const uint64_t A)156 static uint32_t substitution(const uint64_t A)
157 {
158 return (((uint32_t)S1[(A >> 42) & 0x3f]) << 28) |
159 (((uint32_t)S2[(A >> 36) & 0x3f]) << 24) |
160 (((uint32_t)S3[(A >> 30) & 0x3f]) << 20) |
161 (((uint32_t)S4[(A >> 24) & 0x3f]) << 16) |
162 (((uint32_t)S5[(A >> 18) & 0x3f]) << 12) |
163 (((uint32_t)S6[(A >> 12) & 0x3f]) << 8) |
164 (((uint32_t)S7[(A >> 6) & 0x3f]) << 4) |
165 (((uint32_t)S8[(A ) & 0x3f]) );
166 }
167
168 //#define ROL32(A,Si) (((A)<<(Si))|((A)>>(32-(Si))))
169
des_set_encrypt_key(DES_KEY * key,const unsigned char user_key[8])170 void des_set_encrypt_key(DES_KEY *key, const unsigned char user_key[8])
171 {
172 uint64_t K;
173 uint32_t L, R;
174 int i;
175
176 K = GETU64(user_key);
177 K = permute(PC1, sizeof(PC1), K);
178 L = K >> 28;
179 R = K & 0x0fffffff;
180
181 for (i = 0; i < 16; i++) {
182 L = ROL32(L, S[i]);
183 R = ROL32(R, S[i]);
184 K = ((uint64_t)L << 28) | R;
185 key->rk[i] = permute(PC2, sizeof(PC2), K);
186 }
187 }
188
des_set_decrypt_key(DES_KEY * key,const unsigned char user_key[8])189 void des_set_decrypt_key(DES_KEY *key, const unsigned char user_key[8])
190 {
191 // TODO
192 }
193
des_encrypt(DES_KEY * key,const unsigned char in[DES_BLOCK_SIZE],unsigned char out[DES_BLOCK_SIZE])194 void des_encrypt(DES_KEY *key, const unsigned char in[DES_BLOCK_SIZE],
195 unsigned char out[DES_BLOCK_SIZE])
196 {
197 uint64_t T;
198 uint32_t L, R;
199 int i;
200
201 T = GETU64(in);
202
203 /* initial permutation */
204 T = permute(IP, sizeof(IP), T);
205
206 L = T >> 32;
207 R = T & 0xffffffff;
208
209 for (i = 0; i < 16; i++) {
210
211 /* compute F_{Ki}(R) */
212 T = permute(E, sizeof(E), R);
213 T ^= key->rk[i];
214 T = substitution(T);
215 T = permute(P, sizeof(P), T);
216
217 T ^= L;
218
219 L = R;
220 R = T;
221 }
222
223 T = ((uint64_t)L << 32) | R;
224
225 /* inverse initial permutation */
226 T = permute(IP_inv, sizeof(IP_inv), T);
227
228 PUTU64(out, T);
229 }
230