📄 des.txt
字号:
983 y ^= * (u32 *) ((u8 *) (des_keymap + 256) + (0xFC & z));
984 z = expkey[0];
985 z ^= x;
986 y ^= * (u32 *) ((u8 *) (des_keymap + 192) + (0xFC & z));
987 z >>= 8;
988 y ^= * (u32 *) ((u8 *) (des_keymap + 128) + (0xFC & z));
989 z >>= 8;
990 y ^= * (u32 *) ((u8 *) (des_keymap + 64) + (0xFC & z));
991 z >>= 8;
992 y ^= * (u32 *) ((u8 *) des_keymap + (0xFC & z));
993 x = x << 1 | x >> 31;
994 z = (x ^ y) & 0x55555555L;
995 y ^= z;
996 x ^= z;
997 y = y << 1 | y >> 31;
998 z = ((x >> 010) ^ y) & 0x00FF00FFL;
999 x ^= z << 010;
1000 y ^= z;
1001 z = ((y >> 002) ^ x) & 0x33333333L;
1002 y ^= z << 002;
1003 x ^= z;
1004 z = ((x >> 020) ^ y) & 0x0000FFFFL;
1005 x ^= z << 020;
1006 y ^= z;
1007 z = ((y >> 004) ^ x) & 0x0F0F0F0FL;
1008 y ^= z << 004;
1009 x ^= z;
1010 dst[0] = x;
1011 x >>= 8;
1012 dst[1] = x;
1013 x >>= 8;
1014 dst[2] = x;
1015 x >>= 8;
1016 dst[3] = x;
1017 dst[4] = y;
1018 y >>= 8;
1019 dst[5] = y;
1020 y >>= 8;
1021 dst[6] = y;
1022 y >>= 8;
1023 dst[7] = y;
1024 }
1025
1026 /*
1027 * RFC2451: Weak key checks SHOULD be performed.
1028 */
1029 static int setkey(u32 *expkey, const u8 *key, unsigned int keylen, u32 *flags)
1030 {
1031 const u8 *k;
1032 u8 *b0, *b1;
1033 u32 n, w;
1034 u8 bits0[56], bits1[56];
1035
1036 n = parity[key[0]]; n <<= 4;
1037 n |= parity[key[1]]; n <<= 4;
1038 n |= parity[key[2]]; n <<= 4;
1039 n |= parity[key[3]]; n <<= 4;
1040 n |= parity[key[4]]; n <<= 4;
1041 n |= parity[key[5]]; n <<= 4;
1042 n |= parity[key[6]]; n <<= 4;
1043 n |= parity[key[7]];
1044 w = 0x88888888L;
1045
1046 if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY)
1047 && !((n - (w >> 3)) & w)) { /* 1 in 10^10 keys passes this test */
1048 if (n < 0x41415151) {
1049 if (n < 0x31312121) {
1050 if (n < 0x14141515) {
1051 /* 01 01 01 01 01 01 01 01 */
1052 if (n == 0x11111111) goto weak;
1053 /* 01 1F 01 1F 01 0E 01 0E */
1054 if (n == 0x13131212) goto weak;
1055 } else {
1056 /* 01 E0 01 E0 01 F1 01 F1 */
1057 if (n == 0x14141515) goto weak;
1058 /* 01 FE 01 FE 01 FE 01 FE */
1059 if (n == 0x16161616) goto weak;
1060 }
1061 } else {
1062 if (n < 0x34342525) {
1063 /* 1F 01 1F 01 0E 01 0E 01 */
1064 if (n == 0x31312121) goto weak;
1065 /* 1F 1F 1F 1F 0E 0E 0E 0E (?) */
1066 if (n == 0x33332222) goto weak;
1067 } else {
1068 /* 1F E0 1F E0 0E F1 0E F1 */
1069 if (n == 0x34342525) goto weak;
1070 /* 1F FE 1F FE 0E FE 0E FE */
1071 if (n == 0x36362626) goto weak;
1072 }
1073 }
1074 } else {
1075 if (n < 0x61616161) {
1076 if (n < 0x44445555) {
1077 /* E0 01 E0 01 F1 01 F1 01 */
1078 if (n == 0x41415151) goto weak;
1079 /* E0 1F E0 1F F1 0E F1 0E */
1080 if (n == 0x43435252) goto weak;
1081 } else {
1082 /* E0 E0 E0 E0 F1 F1 F1 F1 (?) */
1083 if (n == 0x44445555) goto weak;
1084 /* E0 FE E0 FE F1 FE F1 FE */
1085 if (n == 0x46465656) goto weak;
1086 }
1087 } else {
1088 if (n < 0x64646565) {
1089 /* FE 01 FE 01 FE 01 FE 01 */
1090 if (n == 0x61616161) goto weak;
1091 /* FE 1F FE 1F FE 0E FE 0E */
1092 if (n == 0x63636262) goto weak;
1093 } else {
1094 /* FE E0 FE E0 FE F1 FE F1 */
1095 if (n == 0x64646565) goto weak;
1096 /* FE FE FE FE FE FE FE FE */
1097 if (n == 0x66666666) goto weak;
1098 }
1099 }
1100 }
1101
1102 goto not_weak;
1103 weak:
1104 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
1105 return -EINVAL;
1106 }
1107
1108 not_weak:
1109
1110 /* explode the bits */
1111 n = 56;
1112 b0 = bits0;
1113 b1 = bits1;
1114
1115 do {
1116 w = (256 | *key++) << 2;
1117 do {
1118 --n;
1119 b1[n] = 8 & w;
1120 w >>= 1;
1121 b0[n] = 4 & w;
1122 } while ( w >= 16 );
1123 } while ( n );
1124
1125 /* put the bits in the correct places */
1126 n = 16;
1127 k = rotors;
1128
1129 do {
1130 w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
1131 w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
1132 w |= b1[k[ 4 ]] | b0[k[ 5 ]];
1133 w <<= 8;
1134 w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
1135 w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
1136 w |= b1[k[10 ]] | b0[k[11 ]];
1137 w <<= 8;
1138 w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
1139 w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
1140 w |= b1[k[16 ]] | b0[k[17 ]];
1141 w <<= 8;
1142 w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
1143 w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
1144 w |= b1[k[22 ]] | b0[k[23 ]];
1145 expkey[0] = w;
1146
1147 w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
1148 w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
1149 w |= b1[k[ 4+24]] | b0[k[ 5+24]];
1150 w <<= 8;
1151 w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
1152 w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
1153 w |= b1[k[10+24]] | b0[k[11+24]];
1154 w <<= 8;
1155 w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
1156 w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
1157 w |= b1[k[16+24]] | b0[k[17+24]];
1158 w <<= 8;
1159 w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
1160 w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
1161 w |= b1[k[22+24]] | b0[k[23+24]];
1162
1163 ROR(w, 4, 28); /* could be eliminated */
1164 expkey[1] = w;
1165
1166 k += 48;
1167 expkey += 2;
1168 } while (--n);
1169
1170 return 0;
1171 }
1172
1173 static int des_setkey(void *ctx, const u8 *key, unsigned int keylen, u32 *flags)
1174 {
1175 return setkey(((struct des_ctx *)ctx)->expkey, key, keylen, flags);
1176 }
1177
1178 static void des_encrypt(void *ctx, u8 *dst, const u8 *src)
1179 {
1180 des_small_fips_encrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1181 }
1182
1183 static void des_decrypt(void *ctx, u8 *dst, const u8 *src)
1184 {
1185 des_small_fips_decrypt(((struct des_ctx *)ctx)->expkey, dst, src);
1186 }
1187
1188 /*
1189 * RFC2451:
1190 *
1191 * For DES-EDE3, there is no known need to reject weak or
1192 * complementation keys. Any weakness is obviated by the use of
1193 * multiple keys.
1194 *
1195 * However, if the first two or last two independent 64-bit keys are
1196 * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
1197 * same as DES. Implementers MUST reject keys that exhibit this
1198 * property.
1199 *
1200 */
1201 static int des3_ede_setkey(void *ctx, const u8 *key,
1202 unsigned int keylen, u32 *flags)
1203 {
1204 unsigned int i, off;
1205 struct des3_ede_ctx *dctx = ctx;
1206
1207 if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) &&
1208 memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2],
1209 DES_KEY_SIZE))) {
1210
1211 *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
1212 return -EINVAL;
1213 }
1214
1215 for (i = 0, off = 0; i < 3; i++, off += DES_EXPKEY_WORDS,
1216 key += DES_KEY_SIZE) {
1217 int ret = setkey(&dctx->expkey[off], key, DES_KEY_SIZE, flags);
1218 if (ret < 0)
1219 return ret;
1220 }
1221 return 0;
1222 }
1223
1224 static void des3_ede_encrypt(void *ctx, u8 *dst, const u8 *src)
1225 {
1226 struct des3_ede_ctx *dctx = ctx;
1227
1228 des_small_fips_encrypt(dctx->expkey, dst, src);
1229 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1230 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, dst);
1231 }
1232
1233 static void des3_ede_decrypt(void *ctx, u8 *dst, const u8 *src)
1234 {
1235 struct des3_ede_ctx *dctx = ctx;
1236
1237 des_small_fips_decrypt(&dctx->expkey[DES_EXPKEY_WORDS * 2], dst, src);
1238 des_small_fips_encrypt(&dctx->expkey[DES_EXPKEY_WORDS], dst, dst);
1239 des_small_fips_decrypt(dctx->expkey, dst, dst);
1240 }
1241
1242 static struct crypto_alg des_alg = {
1243 .cra_name = "des",
1244 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1245 .cra_blocksize = DES_BLOCK_SIZE,
1246 .cra_ctxsize = sizeof(struct des_ctx),
1247 .cra_module = THIS_MODULE,
1248 .cra_list = LIST_HEAD_INIT(des_alg.cra_list),
1249 .cra_u = { .cipher = {
1250 .cia_min_keysize = DES_KEY_SIZE,
1251 .cia_max_keysize = DES_KEY_SIZE,
1252 .cia_ivsize = DES_BLOCK_SIZE,
1253 .cia_setkey = des_setkey,
1254 .cia_encrypt = des_encrypt,
1255 .cia_decrypt = des_decrypt } }
1256 };
1257
1258 static struct crypto_alg des3_ede_alg = {
1259 .cra_name = "des3_ede",
1260 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1261 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1262 .cra_ctxsize = sizeof(struct des3_ede_ctx),
1263 .cra_module = THIS_MODULE,
1264 .cra_list = LIST_HEAD_INIT(des3_ede_alg.cra_list),
1265 .cra_u = { .cipher = {
1266 .cia_min_keysize = DES3_EDE_KEY_SIZE,
1267 .cia_max_keysize = DES3_EDE_KEY_SIZE,
1268 .cia_ivsize = DES3_EDE_BLOCK_SIZE,
1269 .cia_setkey = des3_ede_setkey,
1270 .cia_encrypt = des3_ede_encrypt,
1271 .cia_decrypt = des3_ede_decrypt } }
1272 };
1273
1274 static int __init init(void)
1275 {
1276 int ret = 0;
1277
1278 ret = crypto_register_alg(&des_alg);
1279 if (ret < 0)
1280 goto out;
1281
1282 ret = crypto_register_alg(&des3_ede_alg);
1283 if (ret < 0)
1284 crypto_unregister_alg(&des_alg);
1285 out:
1286 return ret;
1287 }
1288
1289 static void __exit fini(void)
1290 {
1291 crypto_unregister_alg(&des3_ede_alg);
1292 crypto_unregister_alg(&des_alg);
1293 }
1294
1295 module_init(init);
1296 module_exit(fini);
1297
1298 MODULE_LICENSE("GPL");
1299 MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
1300
--------------------------------------------------------------------------------
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~ [ freetext search ] ~ [ file search ] ~
--------------------------------------------------------------------------------
This page was automatically generated by the LXR engine.
Visit the LXR main site for more information. ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -