iPXE
Data Structures | Macros | Functions | Variables
des.c File Reference

DES algorithm. More...

#include <stdint.h>
#include <string.h>
#include <errno.h>
#include <byteswap.h>
#include <ipxe/rotate.h>
#include <ipxe/crypto.h>
#include <ipxe/ecb.h>
#include <ipxe/cbc.h>
#include <ipxe/init.h>
#include <ipxe/des.h>

Go to the source code of this file.

Data Structures

struct  des_generator
 A DES systematic permutation generator. More...

Macros

#define DES_SCHEDULE   0x0d556aab
 DES shift schedule.
#define SBYTE(x, y)
 Define an element pair in a DES S-box.
#define SBOX(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf, y0, y1, y2, y3, y4, y5, y6, y7, y8, y9, ya, yb, yc, yd, ye, yf)
 Define a row pair in a DES S-box.
#define DES_PC2(x)
 Define a bit index within permuted choice 2 (PC2)
#define DES_PC2R(r1, c3, c2, c1, c0, r0)
 Define six bits of permuted choice 2 (PC2)
#define DES_GENERATOR(PERMUTATION, OFFSET, INV5, BIT5, INV4, BIT4, INV3, BIT3, INV2, BIT2, INV1, BIT1, INV0, BIT0)
 Define a DES permutation generator.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
static void des_generate (struct des_generator *generator)
 Generate DES permutation.
static void des_init (void)
 Initialise permutations.
struct init_fn des_init_fn __init_fn (INIT_NORMAL)
 Initialisation function.
static void des_permute (const uint8_t *permutation, const uint8_t *in, uint8_t *out)
 Perform bit permutation.
static uint32_t des_sbox (uint32_t in, const union des_round_key *rkey)
 Perform DES S-box substitution.
static void des_round (union des_block *block, const union des_round_key *rkey)
 Perform a single DES round.
static void des_rounds (const union des_block *in, union des_block *out, const union des_round_key *rkey, ssize_t offset)
 Perform all DES rounds.
static uint32_t des_rol28 (uint32_t dword)
 Rotate 28-bit word.
static int des_setkey (void *ctx, const void *key, size_t keylen)
 Set key.
static void des_encrypt (void *ctx, const void *src, void *dst, size_t len)
 Encrypt data.
static void des_decrypt (void *ctx, const void *src, void *dst, size_t len)
 Decrypt data.
 ECB_CIPHER (des_ecb, des_ecb_algorithm, des_algorithm, struct des_context, DES_BLOCKSIZE)
 CBC_CIPHER (des_cbc, des_cbc_algorithm, des_algorithm, struct des_context, DES_BLOCKSIZE)

Variables

static const uint8_t des_s [8][32]
 DES S-boxes S1..S8.
static uint8_t des_pc1c [29]
 DES permuted choice 1 (PC1) "C" register.
static uint8_t des_pc1d [33]
 DES permuted choice 1 (PC1) "D" register.
static const uint8_t des_pc2 [65]
 DES permuted choice 2 (PC2)
static uint8_t des_ip [65]
 DES initial permutation (IP)
static const uint8_t des_p [33]
 DES data permutation (P)
static uint8_t des_fp [65]
 DES final / inverse initial permutation (FP / IP^-1)
static struct des_generator des_generators []
 DES permutation generators.
struct cipher_algorithm des_algorithm
 Basic DES algorithm.

Detailed Description

DES algorithm.

DES was not designed to be implemented in software, and therefore contains a large number of bit permutation operations that are essentially free in hardware (requiring only wires, no gates) but expensive in software.

Since DES is no longer used as a practical block cipher for large volumes of data, we optimise for code size, and do not attempt to obtain fast throughput.

The algorithm is specified in NIST SP 800-67, downloadable from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf

Definition in file des.c.

Macro Definition Documentation

◆ DES_SCHEDULE

#define DES_SCHEDULE   0x0d556aab

DES shift schedule.

The DES shift schedule (ordered from round 16 down to round 1) is {1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,1}. In binary, this may be represented as {1,10,10,10,10,10,10,1,10,10,10,10,10,10,1,1} and concatenated (without padding) to produce a single binary integer 1101010101010110101010101011 (equal to 0x0d556aab in hexadecimal).

This integer may then be consumed LSB-first, where a 1 bit indicates a shift and the generation of a round key, and a 0 bit indicates a shift without the generation of a round key.

Definition at line 68 of file des.c.

Referenced by des_setkey().

◆ SBYTE

#define SBYTE ( x,
y )
Value:
( ( (y) << 4 ) | (x) )
y
static unsigned int unsigned int y
Definition pixbuf.h:63
x
static unsigned int x
Definition pixbuf.h:63

Define an element pair in a DES S-box.

Parameters
xUpper element of element pair
yLower element of element pair

DES S-box elements are 4-bit values. We encode two values per byte, ordering the elements so that the six-bit input value may be used directly as a lookup index.

Specifically, if the input value is {r1,c3,c2,c1,c0,r0}, where {r1,r0} is the table row index and {c3,c2,c1,c0} is the table column index (as used in the DES specification), then:

  • {r1,c3,c2,c1,c0} is the byte index into the table
  • (4*r0) is the required bit shift to extract the 4-bit value

Definition at line 88 of file des.c.

◆ SBOX

#define SBOX ( x0,
x1,
x2,
x3,
x4,
x5,
x6,
x7,
x8,
x9,
xa,
xb,
xc,
xd,
xe,
xf,
y0,
y1,
y2,
y3,
y4,
y5,
y6,
y7,
y8,
y9,
ya,
yb,
yc,
yd,
ye,
yf )
Value:
SBYTE ( x0, y0 ), SBYTE ( x1, y1 ), SBYTE ( x2, y2 ), SBYTE ( x3, y3 ),\
SBYTE ( x4, y4 ), SBYTE ( x5, y5 ), SBYTE ( x6, y6 ), SBYTE ( x7, y7 ),\
SBYTE ( x8, y8 ), SBYTE ( x9, y9 ), SBYTE ( xa, ya ), SBYTE ( xb, yb ),\
SBYTE ( xc, yc ), SBYTE ( xd, yd ), SBYTE ( xe, ye ), SBYTE ( xf, yf )
SBYTE
#define SBYTE(x, y)
Define an element pair in a DES S-box.
Definition des.c:88

Define a row pair in a DES S-box.

Parameters
x0..xfUpper row of row pair
y0..yfLower row of row pair

Definition at line 96 of file des.c.

◆ DES_PC2

#define DES_PC2 ( x)
Value:
( (x) + ( ( (x) > 28 ) ? 4 : 0 ) )

Define a bit index within permuted choice 2 (PC2)

Parameters
bitBit index

Permuted choice 2 (PC2) is used to select bits from a concatenated pair of 28-bit registers ("C" and "D") as part of the key schedule. We store these as 32-bit registers and so must add 4 to indexes above 28.

Definition at line 164 of file des.c.

◆ DES_PC2R

#define DES_PC2R ( r1,
c3,
c2,
c1,
c0,
r0 )
Value:
DES_PC2 ( r0 ), /* LSB stored in sign bit */ \
DES_PC2 ( r0 ), /* Unused bit */ \
DES_PC2 ( r0 ), /* Unused bit */ \
DES_PC2 ( r1 ), /* Remaining 5 bits */ \
DES_PC2 ( c3 ), /* ... */ \
DES_PC2 ( c2 ), /* ... */ \
DES_PC2 ( c1 ), /* ... */ \
DES_PC2 ( c0 ) /* ... */
DES_PC2
#define DES_PC2(x)
Define a bit index within permuted choice 2 (PC2)
Definition des.c:164

Define six bits of permuted choice 2 (PC2)

Parameters
r1:r0Bits corresponding to S-box row index
c3:c0Bits corresponding to S-box column index

There are 8 steps within a DES round (one step per S-box). Each step requires six bits of the round key, corresponding to the S-box input value {r1,c3,c2,c1,c0,r0}, where {r1,r0} is the table row index and {c3,c2,c1,c0} is the table column index.

As an optimisation, we store the least significant of the 6 bits in the sign bit of a signed 8-bit value, and the remaining 5 bits in the least significant 5 bits of the 8-bit value. See the comments in des_sbox() for further details.

Definition at line 182 of file des.c.

182#define DES_PC2R( r1, c3, c2, c1, c0, r0 ) \
183 DES_PC2 ( r0 ), /* LSB stored in sign bit */ \
184 DES_PC2 ( r0 ), /* Unused bit */ \
185 DES_PC2 ( r0 ), /* Unused bit */ \
186 DES_PC2 ( r1 ), /* Remaining 5 bits */ \
187 DES_PC2 ( c3 ), /* ... */ \
188 DES_PC2 ( c2 ), /* ... */ \
189 DES_PC2 ( c1 ), /* ... */ \
190 DES_PC2 ( c0 ) /* ... */

◆ DES_GENERATOR

#define DES_GENERATOR ( PERMUTATION,
OFFSET,
INV5,
BIT5,
INV4,
BIT4,
INV3,
BIT3,
INV2,
BIT2,
INV1,
BIT1,
INV0,
BIT0 )
Value:
{ \
.permutation = (PERMUTATION), \
.seed = ( ( (INV0) << 31 ) | ( (BIT0) << 28 ) | \
( (INV1) << 27 ) | ( (BIT1) << 24 ) | \
( (INV2) << 23 ) | ( (BIT2) << 20 ) | \
( (INV3) << 19 ) | ( (BIT3) << 16 ) | \
( (INV4) << 15 ) | ( (BIT4) << 12 ) | \
( (INV5) << 11 ) | ( (BIT5) << 8 ) | \
( ( uint32_t ) sizeof (PERMUTATION) - 1 ) | \
(OFFSET) ), \
}
uint32_t
unsigned int uint32_t
Definition stdint.h:12
BIT1
#define BIT1
Definition wlan_compat.h:197
BIT3
#define BIT3
Definition wlan_compat.h:199
BIT2
#define BIT2
Definition wlan_compat.h:198
BIT4
#define BIT4
Definition wlan_compat.h:200
BIT0
#define BIT0
Definition wlan_compat.h:196
BIT5
#define BIT5
Definition wlan_compat.h:201

Define a DES permutation generator.

Parameters
PERMUTATIONPermutation
OFFSETFixed input bit offset (0 or 1)
INV<n>Input bit index bit <n> should be inverted
BIT<n>Source bit for input bit index bit <n>
Return values
generatorPermutation generator

Definition at line 215 of file des.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ des_generate()

void des_generate ( struct des_generator * generator)
static

Generate DES permutation.

Parameters
generatorGenerator

Definition at line 307 of file des.c.

307 {
308 uint8_t *permutation = generator->permutation;
309 uint32_t seed = generator->seed;
310 unsigned int index = 0;
311 uint8_t accum;
312 uint8_t bit;
313
314 /* Generate permutations
315 *
316 * This loop is optimised for code size on a
317 * register-constrained architecture such as i386.
318 */
319 do {
320 /* Rotate seed to access MSB's bit descriptor */
321 seed = ror32 ( seed, 8 );
322
323 /* Initialise accumulator with six flag bits */
324 accum = 0xfc;
325
326 /* Accumulate bits until all six flag bits are cleared */
327 do {
328 /* Extract specified bit from index. Use a
329 * rotation instead of a shift, since this
330 * will allow the mask to be elided.
331 */
332 bit = ror8 ( index, ( seed & 0x07 ) );
333 seed = ror32 ( seed, 3 );
334
335 /* Toggle bit if applicable */
336 bit ^= seed;
337 seed = ror32 ( seed, 1 );
338
339 /* Add bit to accumulator and clear one flag bit */
340 accum <<= 1;
341 accum |= ( bit & 0x01 );
342
343 } while ( accum & 0x80 );
344
345 /* Add constant offset if applicable */
346 accum += ( seed & 0x01 );
347
348 /* Store permutation */
349 permutation[index] = accum;
350
351 /* Loop until reaching length (which is always even) */
352 } while ( ++index < ( seed & 0xfe ) );
353 DBGC2 ( permutation, "DES generated permutation %p:\n", permutation );
354 DBGC2_HDA ( permutation, 0, permutation,
355 ( ( seed & 0xfe ) + 1 /* zero terminator */ ) );
356}
uint8_t
unsigned char uint8_t
Definition stdint.h:10
index
long index
Definition bigint.h:65
DBGC2
#define DBGC2(...)
Definition compiler.h:522
DBGC2_HDA
#define DBGC2_HDA(...)
Definition compiler.h:523
bit
static unsigned int unsigned int bit
Definition bigint.h:392
des_generator::seed
uint32_t seed
Seed value.
Definition des.c:203
des_generator::permutation
uint8_t * permutation
Permutation.
Definition des.c:201
ror32
static u32 ror32(u32 v, int bits)
Rotate 32-bit value right.
Definition wpa_tkip.c:162

References bit, DBGC2, DBGC2_HDA, index, des_generator::permutation, ror32(), and des_generator::seed.

Referenced by des_init().

◆ des_init()

void des_init ( void )
static

Initialise permutations.

Definition at line 361 of file des.c.

361 {
362 unsigned int i;
363
364 /* Generate all generated permutations */
365 for ( i = 0 ; i < ( sizeof ( des_generators ) /
366 sizeof ( des_generators[0] ) ) ; i++ ) {
367 des_generate ( &des_generators[i] );
368 }
369}
des_generators
static struct des_generator des_generators[]
DES permutation generators.
Definition des.c:262
des_generate
static void des_generate(struct des_generator *generator)
Generate DES permutation.
Definition des.c:307

References des_generate(), and des_generators.

Referenced by __init_fn().

◆ __init_fn()

struct init_fn des_init_fn __init_fn ( INIT_NORMAL )

Initialisation function.

References __init_fn, des_init(), and INIT_NORMAL.

◆ des_permute()

void des_permute ( const uint8_t * permutation,
const uint8_t * in,
uint8_t * out )
static

Perform bit permutation.

Parameters
permutationBit permutation (zero-terminated)
inInput value
outOutput value

Definition at line 384 of file des.c.

385 {
386 uint8_t mask = 0x80;
387 uint8_t accum = 0;
388 unsigned int bit;
389
390 /* Extract individual input bits to construct output value */
391 while ( ( bit = *(permutation++) ) ) {
392 bit--;
393 if ( in[ bit / 8 ] & ( 0x80 >> ( bit % 8 ) ) )
394 accum |= mask;
395 *out = accum;
396 mask = ror8 ( mask, 1 );
397 if ( mask == 0x80 ) {
398 out++;
399 accum = 0;
400 }
401 }
402}
in
__be32 in[4]
Definition CIB_PRM.h:7
out
__be32 out[4]
Definition CIB_PRM.h:8

References bit, in, and out.

Referenced by des_round(), des_rounds(), and des_setkey().

◆ des_sbox()

uint32_t des_sbox ( uint32_t in,
const union des_round_key * rkey )
static

Perform DES S-box substitution.

Parameters
in32-bit input value (native endian)
rkey48-bit round key
Return values
out32-bit output value (native endian)

Definition at line 411 of file des.c.

411 {
412 uint32_t out = 0;
413 uint32_t lookup;
414 int32_t key;
415 uint8_t sub;
416 unsigned int i;
417
418 /* Perform input expansion, key addition, and S-box substitution */
419 for ( i = 0 ; i < 8 ; i++ ) {
420
421 /* Rotate input and output */
422 out = rol32 ( out, 4 );
423 in = rol32 ( in, 4 );
424
425 /* Extract step key from relevant 6 bits of round key
426 *
427 * The least significant of the 6 bits (corresponding
428 * to bit r0 in the S-box lookup index) is stored in
429 * the sign bit of the step key byte. It will
430 * therefore be propagated via sign extension to the
431 * MSB of the 32-bit step key.
432 *
433 * The remaining 5 of the 6 bits (corresponding to
434 * bits {r1,c3,c2,c1,c0} in the S-box lookup index)
435 * are stored in the least significant 5 bits of the
436 * step key byte and will end up in the least
437 * significant 5 bits of the 32-bit step key.
438 */
439 key = rkey->step[i];
440
441 /* Add step key to input to produce S-box lookup index
442 *
443 * We do not ever perform an explicit expansion of the
444 * input value from 32 to 48 bits. Instead, we rotate
445 * the 32-bit input value by 4 bits on each step, and
446 * extract the relevant 6 bits.
447 *
448 * The least significant of the 6 bits (corresponding
449 * to bit r0 in the S-box lookup index) is currently
450 * in the MSB of the 32-bit (rotated) input value.
451 *
452 * The remaining 5 of the 6 bits (corresponding to
453 * bits {r1,c3,c2,c1,c0} in the S-box lookup index)
454 * are currently in the least significant 5 bits of
455 * the 32-bit (rotated) input value.
456 *
457 * This aligns with the placement of the bits in the
458 * step key (see above), and we can therefore perform
459 * a single XOR to add the 6-bit step key to the
460 * relevant 6 bits of the input value.
461 */
462 lookup = ( in ^ key );
463
464 /* Look up S[i][in ^ key] from S-box
465 *
466 * We have bits {r1,c3,c2,c1,c0} in the least
467 * significant 5 bits of the lookup index, and so can
468 * use the masked lookup index directly as a byte
469 * index into the relevant S-box to extract the byte
470 * containing both {r1,c3,c2,c1,c0,'0'} and
471 * {r1,c3,c2,c1,c0,'1'}.
472 *
473 * We then use the MSB of the 32-bit lookup index to
474 * extract the relevant nibble for the full lookup
475 * index {r1,c3,c2,c1,c0,r0}.
476 */
477 sub = des_s[i][ lookup & 0x1f ];
478 sub >>= ( ( lookup >> 29 ) & 4 );
479 sub &= 0x0f;
480
481 /* Substitute S[i][input ^ key] into output */
482 out |= sub;
483 }
484
485 return out;
486}
key
union @162305117151260234136356364136041353210355154177 key
Sense key.
Definition scsi.h:3
int32_t
signed int int32_t
Definition stdint.h:17
des_s
static const uint8_t des_s[8][32]
DES S-boxes S1..S8.
Definition des.c:104
des_round_key::step
int8_t step[8]
6-bit step key byte
Definition des.h:73
rol32
static u32 rol32(u32 v, int bits)
Rotate 32-bit value left.
Definition wpa_tkip.c:174

References des_s, in, key, out, rol32(), and des_round_key::step.

Referenced by des_round().

◆ des_round()

void des_round ( union des_block * block,
const union des_round_key * rkey )
static

Perform a single DES round.

Parameters
blockDES block
rkey48-bit round key

Definition at line 494 of file des.c.

495 {
496 union des_dword sbox;
497 uint32_t left;
498 uint32_t right;
499
500 /* Extract left and right halves L[n-1] and R[n-1] */
501 left = block->left.dword;
502 right = block->right.dword;
503 DBGC2 ( block, "DES L=%08x R=%08x K=%08x%08x", be32_to_cpu ( left ),
504 be32_to_cpu ( right ), be32_to_cpu ( rkey->dword[0] ),
505 be32_to_cpu ( rkey->dword[1] ) );
506
507 /* L[n] = R[n-1] */
508 block->left.dword = right;
509
510 /* Calculate Feistel function f(R[n-1], K[n]) */
511 sbox.dword = cpu_to_be32 ( des_sbox ( be32_to_cpu ( right ), rkey ) );
512 des_permute ( des_p, sbox.byte, block->right.byte );
513
514 /* R[n] = L[n-1] + f(R[n-1], K[n]) */
515 block->right.dword ^= left;
516 DBGC2 ( block, " => L=%08x R=%08x\n",
517 be32_to_cpu ( block->left.dword ),
518 be32_to_cpu ( block->right.dword ) );
519}
des_sbox
static uint32_t des_sbox(uint32_t in, const union des_round_key *rkey)
Perform DES S-box substitution.
Definition des.c:411
des_permute
static void des_permute(const uint8_t *permutation, const uint8_t *in, uint8_t *out)
Perform bit permutation.
Definition des.c:384
des_p
static const uint8_t des_p[33]
DES data permutation (P)
Definition des.c:252
be32_to_cpu
#define be32_to_cpu(value)
Definition byteswap.h:117
cpu_to_be32
#define cpu_to_be32(value)
Definition byteswap.h:111
block
uint8_t block[3][8]
DES-encrypted blocks.
Definition mschapv2.h:1
des_dword
A DES 32-bit dword value.
Definition des.h:20
des_round_key::dword
uint32_t dword[2]
32-bit big-endian dwords
Definition des.h:61

References be32_to_cpu, block, des_dword::byte, cpu_to_be32, DBGC2, des_p, des_permute(), des_sbox(), des_dword::dword, and des_round_key::dword.

Referenced by des_rounds().

◆ des_rounds()

void des_rounds ( const union des_block * in,
union des_block * out,
const union des_round_key * rkey,
ssize_t offset )
static

Perform all DES rounds.

Parameters
inInput DES block
outOutput DES block
rkeyStarting 48-bit round key
offsetByte offset between round keys

Definition at line 529 of file des.c.

531 {
532 union des_block tmp;
533 unsigned int i;
534
535 /* Apply initial permutation */
536 des_permute ( des_ip, in->byte, tmp.byte );
537
538 /* Perform all DES rounds, consuming keys in the specified order */
539 for ( i = 0 ; i < DES_ROUNDS ; i++ ) {
540 des_round ( &tmp, rkey );
541 rkey = ( ( ( void * ) rkey ) + offset );
542 }
543
544 /* Apply final permutation */
545 DBGC ( &tmp, "DES %scrypted %08x%08x => ",
546 ( ( offset > 0 ) ? "en" : "de" ), be32_to_cpu ( in->dword[0] ),
547 be32_to_cpu ( in->dword[1] ) );
548 des_permute ( des_fp, tmp.byte, out->byte );
549 DBGC ( &tmp, "%08x%08x\n", be32_to_cpu ( out->dword[0] ),
550 be32_to_cpu ( out->dword[1] ) );
551}
offset
uint16_t offset
Offset to command line.
Definition bzimage.h:3
des_round
static void des_round(union des_block *block, const union des_round_key *rkey)
Perform a single DES round.
Definition des.c:494
des_fp
static uint8_t des_fp[65]
DES final / inverse initial permutation (FP / IP^-1)
Definition des.c:259
des_ip
static uint8_t des_ip[65]
DES initial permutation (IP)
Definition des.c:249
DES_ROUNDS
#define DES_ROUNDS
Number of DES rounds.
Definition des.h:77
DBGC
#define DBGC(...)
Definition compiler.h:505
tmp
unsigned long tmp
Definition linux_pci.h:65
des_block
A DES 64-bit block.
Definition des.h:28

References be32_to_cpu, DBGC, des_fp, des_ip, des_permute(), des_round(), DES_ROUNDS, in, offset, out, and tmp.

Referenced by des_decrypt(), and des_encrypt().

◆ des_rol28()

uint32_t des_rol28 ( uint32_t dword)
static

Rotate 28-bit word.

Parameters
dword28-bit dword value
Return values
dwordRotated 28-bit dword value

Definition at line 559 of file des.c.

559 {
560 int32_t sdword;
561
562 /* Convert to native-endian */
563 sdword = be32_to_cpu ( dword );
564
565 /* Signed shift right by 4 places to copy bit 31 to bits 27:31 */
566 sdword >>= 4;
567
568 /* Rotate left */
569 sdword = rol32 ( sdword, 1 );
570
571 /* Shift left by 4 places to restore bit positions */
572 sdword <<= 4;
573
574 /* Convert back to big-endian */
575 dword = cpu_to_be32 ( sdword );
576
577 return dword;
578}
dword
unsigned long int dword
Definition smc9000.h:40

References be32_to_cpu, cpu_to_be32, and rol32().

Referenced by des_setkey().

◆ des_setkey()

int des_setkey ( void * ctx,
const void * key,
size_t keylen )
static

Set key.

Parameters
ctxContext
keyKey
keylenKey length
Return values
rcReturn status code

Definition at line 588 of file des.c.

588 {
589 struct des_context *des = ctx;
590 union des_round_key *rkey = des->rkey;
591 union des_block reg;
592 uint32_t schedule;
593
594 /* Validate key length */
595 if ( keylen != DES_BLOCKSIZE )
596 return -EINVAL;
597 DBGC ( des, "DES %p new key:\n", des );
598 DBGC_HDA ( des, 0, key, keylen );
599
600 /* Apply permuted choice 1 */
601 des_permute ( des_pc1c, key, reg.c.byte );
602 des_permute ( des_pc1d, key, reg.d.byte );
603 reg.d.byte[3] <<= 4; /* see comment for @c des_pc1d */
604 DBGC2 ( des, "DES %p C[ 0]=%07x D[ 0]=%07x\n",
605 des, ( be32_to_cpu ( reg.c.dword ) >> 4 ),
606 ( be32_to_cpu ( reg.d.dword ) >> 4 ) );
607
608 /* Generate round keys */
609 for ( schedule = DES_SCHEDULE ; schedule ; schedule >>= 1 ) {
610
611 /* Shift 28-bit words */
612 reg.c.dword = des_rol28 ( reg.c.dword );
613 reg.d.dword = des_rol28 ( reg.d.dword );
614
615 /* Skip rounds according to shift schedule */
616 if ( ! ( schedule & 1 ) )
617 continue;
618
619 /* Apply permuted choice 2 */
620 des_permute ( des_pc2, reg.byte, rkey->byte );
621 DBGC2 ( des, "DES %p C[%2zd]=%07x D[%2zd]=%07x K[%2zd]="
622 "%08x%08x\n", des, ( ( rkey - des->rkey ) + 1 ),
623 ( be32_to_cpu ( reg.c.dword ) >> 4 ),
624 ( ( rkey - des->rkey ) + 1 ),
625 ( be32_to_cpu ( reg.d.dword ) >> 4 ),
626 ( ( rkey - des->rkey ) + 1 ),
627 be32_to_cpu ( rkey->dword[0] ),
628 be32_to_cpu ( rkey->dword[1] ) );
629
630 /* Move to next key */
631 rkey++;
632 }
633
634 /* Sanity check */
635 assert ( rkey == &des->rkey[DES_ROUNDS] );
636
637 return 0;
638}
ctx
struct golan_eq_context ctx
Definition CIB_PRM.h:0
assert
#define assert(condition)
Assert a condition at run-time.
Definition assert.h:50
des_rol28
static uint32_t des_rol28(uint32_t dword)
Rotate 28-bit word.
Definition des.c:559
des_pc1c
static uint8_t des_pc1c[29]
DES permuted choice 1 (PC1) "C" register.
Definition des.c:230
DES_SCHEDULE
#define DES_SCHEDULE
DES shift schedule.
Definition des.c:68
des_pc1d
static uint8_t des_pc1d[33]
DES permuted choice 1 (PC1) "D" register.
Definition des.c:233
des_pc2
static const uint8_t des_pc2[65]
DES permuted choice 2 (PC2)
Definition des.c:236
DES_BLOCKSIZE
#define DES_BLOCKSIZE
DES blocksize.
Definition des.h:50
DBGC_HDA
#define DBGC_HDA(...)
Definition compiler.h:506
EINVAL
#define EINVAL
Invalid argument.
Definition errno.h:429
reg
static unsigned int unsigned int reg
Definition myson.h:162
des_context
DES context.
Definition des.h:80
des_context::rkey
union des_round_key rkey[DES_ROUNDS]
Round keys.
Definition des.h:82
des_round_key
A DES round key.
Definition des.h:57
des_round_key::byte
uint8_t byte[8]
Raw bytes.
Definition des.h:59

References assert, be32_to_cpu, des_round_key::byte, ctx, DBGC, DBGC2, DBGC_HDA, DES_BLOCKSIZE, des_pc1c, des_pc1d, des_pc2, des_permute(), des_rol28(), DES_ROUNDS, DES_SCHEDULE, des_round_key::dword, EINVAL, key, reg, and des_context::rkey.

◆ des_encrypt()

void des_encrypt ( void * ctx,
const void * src,
void * dst,
size_t len )
static

Encrypt data.

Parameters
ctxContext
srcData to encrypt
dstBuffer for encrypted data
lenLength of data

Definition at line 648 of file des.c.

648 {
649 struct des_context *des = ctx;
650
651 /* Sanity check */
652 assert ( len == DES_BLOCKSIZE );
653
654 /* Cipher using keys in forward direction */
655 des_rounds ( src, dst, &des->rkey[0], sizeof ( des->rkey[0] ) );
656}
src
static const void * src
Definition string.h:48
des_rounds
static void des_rounds(const union des_block *in, union des_block *out, const union des_round_key *rkey, ssize_t offset)
Perform all DES rounds.
Definition des.c:529
len
ring len
Length.
Definition dwmac.h:226

References assert, ctx, DES_BLOCKSIZE, des_rounds(), len, des_context::rkey, and src.

◆ des_decrypt()

void des_decrypt ( void * ctx,
const void * src,
void * dst,
size_t len )
static

Decrypt data.

Parameters
ctxContext
srcData to decrypt
dstBuffer for decrypted data
lenLength of data

Definition at line 666 of file des.c.

666 {
667 struct des_context *des = ctx;
668
669 /* Sanity check */
670 assert ( len == DES_BLOCKSIZE );
671
672 /* Cipher using keys in reverse direction */
673 des_rounds ( src, dst, &des->rkey[ DES_ROUNDS - 1 ],
674 -sizeof ( des->rkey[0] ) );
675}

References assert, ctx, DES_BLOCKSIZE, DES_ROUNDS, des_rounds(), len, des_context::rkey, and src.

◆ ECB_CIPHER()

ECB_CIPHER ( des_ecb ,
des_ecb_algorithm ,
des_algorithm ,
struct des_context ,
DES_BLOCKSIZE  )

References des_algorithm, DES_BLOCKSIZE, and des_ecb_algorithm.

◆ CBC_CIPHER()

CBC_CIPHER ( des_cbc ,
des_cbc_algorithm ,
des_algorithm ,
struct des_context ,
DES_BLOCKSIZE  )

References des_algorithm, DES_BLOCKSIZE, and des_cbc_algorithm.

Variable Documentation

◆ des_s

const uint8_t des_s[8][32]
static

DES S-boxes S1..S8.

Definition at line 104 of file des.c.

104 { {
105 /* S1 */
106 SBOX ( 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
107 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 ),
108 SBOX ( 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
109 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 )
110}, {
111 /* S2 */
112 SBOX ( 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
113 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 ),
114 SBOX ( 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
115 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 )
116}, {
117 /* S3 */
118 SBOX ( 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
119 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 ),
120 SBOX ( 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
121 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 )
122}, {
123 /* S4 */
124 SBOX ( 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
125 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 ),
126 SBOX ( 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
127 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 )
128}, {
129 /* S5 */
130 SBOX ( 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
131 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 ),
132 SBOX ( 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
133 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 )
134}, {
135 /* S6 */
136 SBOX ( 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
137 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 ),
138 SBOX ( 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
139 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 )
140}, {
141 /* S7 */
142 SBOX ( 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
143 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 ),
144 SBOX ( 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
145 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 )
146}, {
147 /* S8 */
148 SBOX ( 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
149 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 ),
150 SBOX ( 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
151 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 )
152} };
SBOX
#define SBOX(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf, y0, y1, y2, y3, y4, y5, y6, y7, y8, y9, ya, yb, yc, yd, ye, yf)
Define a row pair in a DES S-box.
Definition des.c:96

Referenced by des_sbox().

◆ des_pc1c

uint8_t des_pc1c[29]
static

DES permuted choice 1 (PC1) "C" register.

Definition at line 230 of file des.c.

Referenced by des_setkey().

◆ des_pc1d

uint8_t des_pc1d[33]
static

DES permuted choice 1 (PC1) "D" register.

Definition at line 233 of file des.c.

Referenced by des_setkey().

◆ des_pc2

const uint8_t des_pc2[65]
static
Initial value:
= {
DES_PC2R ( 14, 17, 11, 24, 1, 5 ),
DES_PC2R ( 3, 28, 15, 6, 21, 10 ),
DES_PC2R ( 23, 19, 12, 4, 26, 8 ),
DES_PC2R ( 16, 7, 27, 20, 13, 2 ),
DES_PC2R ( 41, 52, 31, 37, 47, 55 ),
DES_PC2R ( 30, 40, 51, 45, 33, 48 ),
DES_PC2R ( 44, 49, 39, 56, 34, 53 ),
DES_PC2R ( 46, 42, 50, 36, 29, 32 ),
0
}
DES_PC2R
#define DES_PC2R(r1, c3, c2, c1, c0, r0)
Define six bits of permuted choice 2 (PC2)
Definition des.c:182

DES permuted choice 2 (PC2)

Definition at line 236 of file des.c.

236 {
237 DES_PC2R ( 14, 17, 11, 24, 1, 5 ),
238 DES_PC2R ( 3, 28, 15, 6, 21, 10 ),
239 DES_PC2R ( 23, 19, 12, 4, 26, 8 ),
240 DES_PC2R ( 16, 7, 27, 20, 13, 2 ),
241 DES_PC2R ( 41, 52, 31, 37, 47, 55 ),
242 DES_PC2R ( 30, 40, 51, 45, 33, 48 ),
243 DES_PC2R ( 44, 49, 39, 56, 34, 53 ),
244 DES_PC2R ( 46, 42, 50, 36, 29, 32 ),
245 0 /* terminator */
246};

Referenced by des_setkey().

◆ des_ip

uint8_t des_ip[65]
static

DES initial permutation (IP)

Definition at line 249 of file des.c.

Referenced by des_rounds().

◆ des_p

const uint8_t des_p[33]
static
Initial value:
= {
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
0
}

DES data permutation (P)

Definition at line 252 of file des.c.

252 {
253 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
254 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
255 0 /* terminator */
256};

Referenced by des_round().

◆ des_fp

uint8_t des_fp[65]
static

DES final / inverse initial permutation (FP / IP^-1)

Definition at line 259 of file des.c.

Referenced by des_rounds().

◆ des_generators

struct des_generator des_generators[]
static
Initial value:
= {
DES_GENERATOR ( des_ip, 1, 1, 2, 1, 1, 1, 0, 0, 4, 0, 3, 1, 5 ),
DES_GENERATOR ( des_fp, 1, 0, 0, 0, 2, 0, 1, 1, 5, 1, 4, 1, 3 ),
DES_GENERATOR ( des_pc1c, 1, 1, 2, 1, 1, 1, 0, 0, 5, 0, 4, 0, 3 ),
DES_GENERATOR ( des_pc1d, 0, 1, 2, 1, 1, 1, 0, 1, 5, 1, 4, 1, 3 ),
}
DES_GENERATOR
#define DES_GENERATOR(PERMUTATION, OFFSET, INV5, BIT5, INV4, BIT4, INV3, BIT3, INV2, BIT2, INV1, BIT1, INV0, BIT0)
Define a DES permutation generator.
Definition des.c:215

DES permutation generators.

Definition at line 262 of file des.c.

262 {
263
264 /* The DES initial permutation transforms the bit index
265 * {x5,x4,x3,x2,x1,x0}+1 into {~x2,~x1,~x0,x4,x3,~x5}+1
266 */
267 DES_GENERATOR ( des_ip, 1, 1, 2, 1, 1, 1, 0, 0, 4, 0, 3, 1, 5 ),
268
269 /* The DES final permutation transforms the bit index
270 * {x5,x4,x3,x2,x1,x0}+1 into {~x0,x2,x1,~x5,~x4,~x3}+1
271 *
272 * There is an asymmetry in the DES block diagram for the last
273 * of the 16 rounds, which is functionally equivalent to
274 * performing 16 identical rounds and then swapping the left
275 * and right halves before applying the final permutation. We
276 * may therefore account for this asymmetry by inverting the
277 * MSB in each bit index, to point to the corresponding bit in
278 * the other half.
279 *
280 * This is equivalent to using a permutation that transforms
281 * {x5,x4,x3,x2,x1,x0}+1 into {x0,x2,x1,~x5,~x4,~x3}+1
282 */
283 DES_GENERATOR ( des_fp, 1, 0, 0, 0, 2, 0, 1, 1, 5, 1, 4, 1, 3 ),
284
285 /* The "C" half of DES permuted choice 1 (PC1) transforms the
286 * bit index {x5,x4,x3,x2,x1,x0}+1 into {~x2,~x1,~x0,x5,x4,x3}+1
287 */
288 DES_GENERATOR ( des_pc1c, 1, 1, 2, 1, 1, 1, 0, 0, 5, 0, 4, 0, 3 ),
289
290 /* The "D" half of DES permuted choice 1 (PC1) transforms the
291 * bit index {x5,x4,x3,x2,x1,x0}+1 into {~x2,~x1,~x0,~x5,~x4,~x3}+0
292 *
293 * Due to the idosyncratic design choice of using 28-bit
294 * registers in the DES key expansion schedule, the final four
295 * permutation values appear at indices [28:31] instead of
296 * [24:27]. This is adjusted for in @c des_setkey().
297 */
298 DES_GENERATOR ( des_pc1d, 0, 1, 2, 1, 1, 1, 0, 1, 5, 1, 4, 1, 3 ),
299};

Referenced by des_init().

◆ des_algorithm

struct cipher_algorithm des_algorithm
Initial value:
= {
.name = "des",
.ctxsize = sizeof ( struct des_context ),
.blocksize = DES_BLOCKSIZE,
.alignsize = 0,
.authsize = 0,
.setkey = des_setkey,
.setiv = cipher_null_setiv,
.encrypt = des_encrypt,
.decrypt = des_decrypt,
.auth = cipher_null_auth,
}
cipher_null_setiv
void cipher_null_setiv(void *ctx __unused, const void *iv __unused, size_t ivlen __unused)
Definition crypto_null.c:65
cipher_null_auth
void cipher_null_auth(void *ctx __unused, void *auth __unused)
Definition crypto_null.c:80
des_setkey
static int des_setkey(void *ctx, const void *key, size_t keylen)
Set key.
Definition des.c:588
des_decrypt
static void des_decrypt(void *ctx, const void *src, void *dst, size_t len)
Decrypt data.
Definition des.c:666
des_encrypt
static void des_encrypt(void *ctx, const void *src, void *dst, size_t len)
Encrypt data.
Definition des.c:648

Basic DES algorithm.

Definition at line 678 of file des.c.

678 {
679 .name = "des",
680 .ctxsize = sizeof ( struct des_context ),
681 .blocksize = DES_BLOCKSIZE,
682 .alignsize = 0,
683 .authsize = 0,
684 .setkey = des_setkey,
685 .setiv = cipher_null_setiv,
686 .encrypt = des_encrypt,
687 .decrypt = des_decrypt,
688 .auth = cipher_null_auth,
689};

Referenced by CBC_CIPHER(), ECB_CIPHER(), and mschapv2_challenge_response().

Generated by doxygen 1.14.0