1 /*
2  * Cryptographic API.
3  *
4  * DES & Triple DES EDE Cipher Algorithms.
5  *
6  * Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  */
14 
15 #include <asm/byteorder.h>
16 #include <linux/bitops.h>
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/errno.h>
20 #include <linux/crypto.h>
21 #include <linux/types.h>
22 
23 #include <crypto/des.h>
24 
25 #define ROL(x, r) ((x) = rol32((x), (r)))
26 #define ROR(x, r) ((x) = ror32((x), (r)))
27 
28 struct des_ctx {
29 	u32 expkey[DES_EXPKEY_WORDS];
30 };
31 
32 struct des3_ede_ctx {
33 	u32 expkey[DES3_EDE_EXPKEY_WORDS];
34 };
35 
36 /* Lookup tables for key expansion */
37 
38 static const u8 pc1[256] = {
39 	0x00, 0x00, 0x40, 0x04, 0x10, 0x10, 0x50, 0x14,
40 	0x04, 0x40, 0x44, 0x44, 0x14, 0x50, 0x54, 0x54,
41 	0x02, 0x02, 0x42, 0x06, 0x12, 0x12, 0x52, 0x16,
42 	0x06, 0x42, 0x46, 0x46, 0x16, 0x52, 0x56, 0x56,
43 	0x80, 0x08, 0xc0, 0x0c, 0x90, 0x18, 0xd0, 0x1c,
44 	0x84, 0x48, 0xc4, 0x4c, 0x94, 0x58, 0xd4, 0x5c,
45 	0x82, 0x0a, 0xc2, 0x0e, 0x92, 0x1a, 0xd2, 0x1e,
46 	0x86, 0x4a, 0xc6, 0x4e, 0x96, 0x5a, 0xd6, 0x5e,
47 	0x20, 0x20, 0x60, 0x24, 0x30, 0x30, 0x70, 0x34,
48 	0x24, 0x60, 0x64, 0x64, 0x34, 0x70, 0x74, 0x74,
49 	0x22, 0x22, 0x62, 0x26, 0x32, 0x32, 0x72, 0x36,
50 	0x26, 0x62, 0x66, 0x66, 0x36, 0x72, 0x76, 0x76,
51 	0xa0, 0x28, 0xe0, 0x2c, 0xb0, 0x38, 0xf0, 0x3c,
52 	0xa4, 0x68, 0xe4, 0x6c, 0xb4, 0x78, 0xf4, 0x7c,
53 	0xa2, 0x2a, 0xe2, 0x2e, 0xb2, 0x3a, 0xf2, 0x3e,
54 	0xa6, 0x6a, 0xe6, 0x6e, 0xb6, 0x7a, 0xf6, 0x7e,
55 	0x08, 0x80, 0x48, 0x84, 0x18, 0x90, 0x58, 0x94,
56 	0x0c, 0xc0, 0x4c, 0xc4, 0x1c, 0xd0, 0x5c, 0xd4,
57 	0x0a, 0x82, 0x4a, 0x86, 0x1a, 0x92, 0x5a, 0x96,
58 	0x0e, 0xc2, 0x4e, 0xc6, 0x1e, 0xd2, 0x5e, 0xd6,
59 	0x88, 0x88, 0xc8, 0x8c, 0x98, 0x98, 0xd8, 0x9c,
60 	0x8c, 0xc8, 0xcc, 0xcc, 0x9c, 0xd8, 0xdc, 0xdc,
61 	0x8a, 0x8a, 0xca, 0x8e, 0x9a, 0x9a, 0xda, 0x9e,
62 	0x8e, 0xca, 0xce, 0xce, 0x9e, 0xda, 0xde, 0xde,
63 	0x28, 0xa0, 0x68, 0xa4, 0x38, 0xb0, 0x78, 0xb4,
64 	0x2c, 0xe0, 0x6c, 0xe4, 0x3c, 0xf0, 0x7c, 0xf4,
65 	0x2a, 0xa2, 0x6a, 0xa6, 0x3a, 0xb2, 0x7a, 0xb6,
66 	0x2e, 0xe2, 0x6e, 0xe6, 0x3e, 0xf2, 0x7e, 0xf6,
67 	0xa8, 0xa8, 0xe8, 0xac, 0xb8, 0xb8, 0xf8, 0xbc,
68 	0xac, 0xe8, 0xec, 0xec, 0xbc, 0xf8, 0xfc, 0xfc,
69 	0xaa, 0xaa, 0xea, 0xae, 0xba, 0xba, 0xfa, 0xbe,
70 	0xae, 0xea, 0xee, 0xee, 0xbe, 0xfa, 0xfe, 0xfe
71 };
72 
73 static const u8 rs[256] = {
74 	0x00, 0x00, 0x80, 0x80, 0x02, 0x02, 0x82, 0x82,
75 	0x04, 0x04, 0x84, 0x84, 0x06, 0x06, 0x86, 0x86,
76 	0x08, 0x08, 0x88, 0x88, 0x0a, 0x0a, 0x8a, 0x8a,
77 	0x0c, 0x0c, 0x8c, 0x8c, 0x0e, 0x0e, 0x8e, 0x8e,
78 	0x10, 0x10, 0x90, 0x90, 0x12, 0x12, 0x92, 0x92,
79 	0x14, 0x14, 0x94, 0x94, 0x16, 0x16, 0x96, 0x96,
80 	0x18, 0x18, 0x98, 0x98, 0x1a, 0x1a, 0x9a, 0x9a,
81 	0x1c, 0x1c, 0x9c, 0x9c, 0x1e, 0x1e, 0x9e, 0x9e,
82 	0x20, 0x20, 0xa0, 0xa0, 0x22, 0x22, 0xa2, 0xa2,
83 	0x24, 0x24, 0xa4, 0xa4, 0x26, 0x26, 0xa6, 0xa6,
84 	0x28, 0x28, 0xa8, 0xa8, 0x2a, 0x2a, 0xaa, 0xaa,
85 	0x2c, 0x2c, 0xac, 0xac, 0x2e, 0x2e, 0xae, 0xae,
86 	0x30, 0x30, 0xb0, 0xb0, 0x32, 0x32, 0xb2, 0xb2,
87 	0x34, 0x34, 0xb4, 0xb4, 0x36, 0x36, 0xb6, 0xb6,
88 	0x38, 0x38, 0xb8, 0xb8, 0x3a, 0x3a, 0xba, 0xba,
89 	0x3c, 0x3c, 0xbc, 0xbc, 0x3e, 0x3e, 0xbe, 0xbe,
90 	0x40, 0x40, 0xc0, 0xc0, 0x42, 0x42, 0xc2, 0xc2,
91 	0x44, 0x44, 0xc4, 0xc4, 0x46, 0x46, 0xc6, 0xc6,
92 	0x48, 0x48, 0xc8, 0xc8, 0x4a, 0x4a, 0xca, 0xca,
93 	0x4c, 0x4c, 0xcc, 0xcc, 0x4e, 0x4e, 0xce, 0xce,
94 	0x50, 0x50, 0xd0, 0xd0, 0x52, 0x52, 0xd2, 0xd2,
95 	0x54, 0x54, 0xd4, 0xd4, 0x56, 0x56, 0xd6, 0xd6,
96 	0x58, 0x58, 0xd8, 0xd8, 0x5a, 0x5a, 0xda, 0xda,
97 	0x5c, 0x5c, 0xdc, 0xdc, 0x5e, 0x5e, 0xde, 0xde,
98 	0x60, 0x60, 0xe0, 0xe0, 0x62, 0x62, 0xe2, 0xe2,
99 	0x64, 0x64, 0xe4, 0xe4, 0x66, 0x66, 0xe6, 0xe6,
100 	0x68, 0x68, 0xe8, 0xe8, 0x6a, 0x6a, 0xea, 0xea,
101 	0x6c, 0x6c, 0xec, 0xec, 0x6e, 0x6e, 0xee, 0xee,
102 	0x70, 0x70, 0xf0, 0xf0, 0x72, 0x72, 0xf2, 0xf2,
103 	0x74, 0x74, 0xf4, 0xf4, 0x76, 0x76, 0xf6, 0xf6,
104 	0x78, 0x78, 0xf8, 0xf8, 0x7a, 0x7a, 0xfa, 0xfa,
105 	0x7c, 0x7c, 0xfc, 0xfc, 0x7e, 0x7e, 0xfe, 0xfe
106 };
107 
108 static const u32 pc2[1024] = {
109 	0x00000000, 0x00000000, 0x00000000, 0x00000000,
110 	0x00040000, 0x00000000, 0x04000000, 0x00100000,
111 	0x00400000, 0x00000008, 0x00000800, 0x40000000,
112 	0x00440000, 0x00000008, 0x04000800, 0x40100000,
113 	0x00000400, 0x00000020, 0x08000000, 0x00000100,
114 	0x00040400, 0x00000020, 0x0c000000, 0x00100100,
115 	0x00400400, 0x00000028, 0x08000800, 0x40000100,
116 	0x00440400, 0x00000028, 0x0c000800, 0x40100100,
117 	0x80000000, 0x00000010, 0x00000000, 0x00800000,
118 	0x80040000, 0x00000010, 0x04000000, 0x00900000,
119 	0x80400000, 0x00000018, 0x00000800, 0x40800000,
120 	0x80440000, 0x00000018, 0x04000800, 0x40900000,
121 	0x80000400, 0x00000030, 0x08000000, 0x00800100,
122 	0x80040400, 0x00000030, 0x0c000000, 0x00900100,
123 	0x80400400, 0x00000038, 0x08000800, 0x40800100,
124 	0x80440400, 0x00000038, 0x0c000800, 0x40900100,
125 	0x10000000, 0x00000000, 0x00200000, 0x00001000,
126 	0x10040000, 0x00000000, 0x04200000, 0x00101000,
127 	0x10400000, 0x00000008, 0x00200800, 0x40001000,
128 	0x10440000, 0x00000008, 0x04200800, 0x40101000,
129 	0x10000400, 0x00000020, 0x08200000, 0x00001100,
130 	0x10040400, 0x00000020, 0x0c200000, 0x00101100,
131 	0x10400400, 0x00000028, 0x08200800, 0x40001100,
132 	0x10440400, 0x00000028, 0x0c200800, 0x40101100,
133 	0x90000000, 0x00000010, 0x00200000, 0x00801000,
134 	0x90040000, 0x00000010, 0x04200000, 0x00901000,
135 	0x90400000, 0x00000018, 0x00200800, 0x40801000,
136 	0x90440000, 0x00000018, 0x04200800, 0x40901000,
137 	0x90000400, 0x00000030, 0x08200000, 0x00801100,
138 	0x90040400, 0x00000030, 0x0c200000, 0x00901100,
139 	0x90400400, 0x00000038, 0x08200800, 0x40801100,
140 	0x90440400, 0x00000038, 0x0c200800, 0x40901100,
141 	0x00000200, 0x00080000, 0x00000000, 0x00000004,
142 	0x00040200, 0x00080000, 0x04000000, 0x00100004,
143 	0x00400200, 0x00080008, 0x00000800, 0x40000004,
144 	0x00440200, 0x00080008, 0x04000800, 0x40100004,
145 	0x00000600, 0x00080020, 0x08000000, 0x00000104,
146 	0x00040600, 0x00080020, 0x0c000000, 0x00100104,
147 	0x00400600, 0x00080028, 0x08000800, 0x40000104,
148 	0x00440600, 0x00080028, 0x0c000800, 0x40100104,
149 	0x80000200, 0x00080010, 0x00000000, 0x00800004,
150 	0x80040200, 0x00080010, 0x04000000, 0x00900004,
151 	0x80400200, 0x00080018, 0x00000800, 0x40800004,
152 	0x80440200, 0x00080018, 0x04000800, 0x40900004,
153 	0x80000600, 0x00080030, 0x08000000, 0x00800104,
154 	0x80040600, 0x00080030, 0x0c000000, 0x00900104,
155 	0x80400600, 0x00080038, 0x08000800, 0x40800104,
156 	0x80440600, 0x00080038, 0x0c000800, 0x40900104,
157 	0x10000200, 0x00080000, 0x00200000, 0x00001004,
158 	0x10040200, 0x00080000, 0x04200000, 0x00101004,
159 	0x10400200, 0x00080008, 0x00200800, 0x40001004,
160 	0x10440200, 0x00080008, 0x04200800, 0x40101004,
161 	0x10000600, 0x00080020, 0x08200000, 0x00001104,
162 	0x10040600, 0x00080020, 0x0c200000, 0x00101104,
163 	0x10400600, 0x00080028, 0x08200800, 0x40001104,
164 	0x10440600, 0x00080028, 0x0c200800, 0x40101104,
165 	0x90000200, 0x00080010, 0x00200000, 0x00801004,
166 	0x90040200, 0x00080010, 0x04200000, 0x00901004,
167 	0x90400200, 0x00080018, 0x00200800, 0x40801004,
168 	0x90440200, 0x00080018, 0x04200800, 0x40901004,
169 	0x90000600, 0x00080030, 0x08200000, 0x00801104,
170 	0x90040600, 0x00080030, 0x0c200000, 0x00901104,
171 	0x90400600, 0x00080038, 0x08200800, 0x40801104,
172 	0x90440600, 0x00080038, 0x0c200800, 0x40901104,
173 	0x00000002, 0x00002000, 0x20000000, 0x00000001,
174 	0x00040002, 0x00002000, 0x24000000, 0x00100001,
175 	0x00400002, 0x00002008, 0x20000800, 0x40000001,
176 	0x00440002, 0x00002008, 0x24000800, 0x40100001,
177 	0x00000402, 0x00002020, 0x28000000, 0x00000101,
178 	0x00040402, 0x00002020, 0x2c000000, 0x00100101,
179 	0x00400402, 0x00002028, 0x28000800, 0x40000101,
180 	0x00440402, 0x00002028, 0x2c000800, 0x40100101,
181 	0x80000002, 0x00002010, 0x20000000, 0x00800001,
182 	0x80040002, 0x00002010, 0x24000000, 0x00900001,
183 	0x80400002, 0x00002018, 0x20000800, 0x40800001,
184 	0x80440002, 0x00002018, 0x24000800, 0x40900001,
185 	0x80000402, 0x00002030, 0x28000000, 0x00800101,
186 	0x80040402, 0x00002030, 0x2c000000, 0x00900101,
187 	0x80400402, 0x00002038, 0x28000800, 0x40800101,
188 	0x80440402, 0x00002038, 0x2c000800, 0x40900101,
189 	0x10000002, 0x00002000, 0x20200000, 0x00001001,
190 	0x10040002, 0x00002000, 0x24200000, 0x00101001,
191 	0x10400002, 0x00002008, 0x20200800, 0x40001001,
192 	0x10440002, 0x00002008, 0x24200800, 0x40101001,
193 	0x10000402, 0x00002020, 0x28200000, 0x00001101,
194 	0x10040402, 0x00002020, 0x2c200000, 0x00101101,
195 	0x10400402, 0x00002028, 0x28200800, 0x40001101,
196 	0x10440402, 0x00002028, 0x2c200800, 0x40101101,
197 	0x90000002, 0x00002010, 0x20200000, 0x00801001,
198 	0x90040002, 0x00002010, 0x24200000, 0x00901001,
199 	0x90400002, 0x00002018, 0x20200800, 0x40801001,
200 	0x90440002, 0x00002018, 0x24200800, 0x40901001,
201 	0x90000402, 0x00002030, 0x28200000, 0x00801101,
202 	0x90040402, 0x00002030, 0x2c200000, 0x00901101,
203 	0x90400402, 0x00002038, 0x28200800, 0x40801101,
204 	0x90440402, 0x00002038, 0x2c200800, 0x40901101,
205 	0x00000202, 0x00082000, 0x20000000, 0x00000005,
206 	0x00040202, 0x00082000, 0x24000000, 0x00100005,
207 	0x00400202, 0x00082008, 0x20000800, 0x40000005,
208 	0x00440202, 0x00082008, 0x24000800, 0x40100005,
209 	0x00000602, 0x00082020, 0x28000000, 0x00000105,
210 	0x00040602, 0x00082020, 0x2c000000, 0x00100105,
211 	0x00400602, 0x00082028, 0x28000800, 0x40000105,
212 	0x00440602, 0x00082028, 0x2c000800, 0x40100105,
213 	0x80000202, 0x00082010, 0x20000000, 0x00800005,
214 	0x80040202, 0x00082010, 0x24000000, 0x00900005,
215 	0x80400202, 0x00082018, 0x20000800, 0x40800005,
216 	0x80440202, 0x00082018, 0x24000800, 0x40900005,
217 	0x80000602, 0x00082030, 0x28000000, 0x00800105,
218 	0x80040602, 0x00082030, 0x2c000000, 0x00900105,
219 	0x80400602, 0x00082038, 0x28000800, 0x40800105,
220 	0x80440602, 0x00082038, 0x2c000800, 0x40900105,
221 	0x10000202, 0x00082000, 0x20200000, 0x00001005,
222 	0x10040202, 0x00082000, 0x24200000, 0x00101005,
223 	0x10400202, 0x00082008, 0x20200800, 0x40001005,
224 	0x10440202, 0x00082008, 0x24200800, 0x40101005,
225 	0x10000602, 0x00082020, 0x28200000, 0x00001105,
226 	0x10040602, 0x00082020, 0x2c200000, 0x00101105,
227 	0x10400602, 0x00082028, 0x28200800, 0x40001105,
228 	0x10440602, 0x00082028, 0x2c200800, 0x40101105,
229 	0x90000202, 0x00082010, 0x20200000, 0x00801005,
230 	0x90040202, 0x00082010, 0x24200000, 0x00901005,
231 	0x90400202, 0x00082018, 0x20200800, 0x40801005,
232 	0x90440202, 0x00082018, 0x24200800, 0x40901005,
233 	0x90000602, 0x00082030, 0x28200000, 0x00801105,
234 	0x90040602, 0x00082030, 0x2c200000, 0x00901105,
235 	0x90400602, 0x00082038, 0x28200800, 0x40801105,
236 	0x90440602, 0x00082038, 0x2c200800, 0x40901105,
237 
238 	0x00000000, 0x00000000, 0x00000000, 0x00000000,
239 	0x00000000, 0x00000008, 0x00080000, 0x10000000,
240 	0x02000000, 0x00000000, 0x00000080, 0x00001000,
241 	0x02000000, 0x00000008, 0x00080080, 0x10001000,
242 	0x00004000, 0x00000000, 0x00000040, 0x00040000,
243 	0x00004000, 0x00000008, 0x00080040, 0x10040000,
244 	0x02004000, 0x00000000, 0x000000c0, 0x00041000,
245 	0x02004000, 0x00000008, 0x000800c0, 0x10041000,
246 	0x00020000, 0x00008000, 0x08000000, 0x00200000,
247 	0x00020000, 0x00008008, 0x08080000, 0x10200000,
248 	0x02020000, 0x00008000, 0x08000080, 0x00201000,
249 	0x02020000, 0x00008008, 0x08080080, 0x10201000,
250 	0x00024000, 0x00008000, 0x08000040, 0x00240000,
251 	0x00024000, 0x00008008, 0x08080040, 0x10240000,
252 	0x02024000, 0x00008000, 0x080000c0, 0x00241000,
253 	0x02024000, 0x00008008, 0x080800c0, 0x10241000,
254 	0x00000000, 0x01000000, 0x00002000, 0x00000020,
255 	0x00000000, 0x01000008, 0x00082000, 0x10000020,
256 	0x02000000, 0x01000000, 0x00002080, 0x00001020,
257 	0x02000000, 0x01000008, 0x00082080, 0x10001020,
258 	0x00004000, 0x01000000, 0x00002040, 0x00040020,
259 	0x00004000, 0x01000008, 0x00082040, 0x10040020,
260 	0x02004000, 0x01000000, 0x000020c0, 0x00041020,
261 	0x02004000, 0x01000008, 0x000820c0, 0x10041020,
262 	0x00020000, 0x01008000, 0x08002000, 0x00200020,
263 	0x00020000, 0x01008008, 0x08082000, 0x10200020,
264 	0x02020000, 0x01008000, 0x08002080, 0x00201020,
265 	0x02020000, 0x01008008, 0x08082080, 0x10201020,
266 	0x00024000, 0x01008000, 0x08002040, 0x00240020,
267 	0x00024000, 0x01008008, 0x08082040, 0x10240020,
268 	0x02024000, 0x01008000, 0x080020c0, 0x00241020,
269 	0x02024000, 0x01008008, 0x080820c0, 0x10241020,
270 	0x00000400, 0x04000000, 0x00100000, 0x00000004,
271 	0x00000400, 0x04000008, 0x00180000, 0x10000004,
272 	0x02000400, 0x04000000, 0x00100080, 0x00001004,
273 	0x02000400, 0x04000008, 0x00180080, 0x10001004,
274 	0x00004400, 0x04000000, 0x00100040, 0x00040004,
275 	0x00004400, 0x04000008, 0x00180040, 0x10040004,
276 	0x02004400, 0x04000000, 0x001000c0, 0x00041004,
277 	0x02004400, 0x04000008, 0x001800c0, 0x10041004,
278 	0x00020400, 0x04008000, 0x08100000, 0x00200004,
279 	0x00020400, 0x04008008, 0x08180000, 0x10200004,
280 	0x02020400, 0x04008000, 0x08100080, 0x00201004,
281 	0x02020400, 0x04008008, 0x08180080, 0x10201004,
282 	0x00024400, 0x04008000, 0x08100040, 0x00240004,
283 	0x00024400, 0x04008008, 0x08180040, 0x10240004,
284 	0x02024400, 0x04008000, 0x081000c0, 0x00241004,
285 	0x02024400, 0x04008008, 0x081800c0, 0x10241004,
286 	0x00000400, 0x05000000, 0x00102000, 0x00000024,
287 	0x00000400, 0x05000008, 0x00182000, 0x10000024,
288 	0x02000400, 0x05000000, 0x00102080, 0x00001024,
289 	0x02000400, 0x05000008, 0x00182080, 0x10001024,
290 	0x00004400, 0x05000000, 0x00102040, 0x00040024,
291 	0x00004400, 0x05000008, 0x00182040, 0x10040024,
292 	0x02004400, 0x05000000, 0x001020c0, 0x00041024,
293 	0x02004400, 0x05000008, 0x001820c0, 0x10041024,
294 	0x00020400, 0x05008000, 0x08102000, 0x00200024,
295 	0x00020400, 0x05008008, 0x08182000, 0x10200024,
296 	0x02020400, 0x05008000, 0x08102080, 0x00201024,
297 	0x02020400, 0x05008008, 0x08182080, 0x10201024,
298 	0x00024400, 0x05008000, 0x08102040, 0x00240024,
299 	0x00024400, 0x05008008, 0x08182040, 0x10240024,
300 	0x02024400, 0x05008000, 0x081020c0, 0x00241024,
301 	0x02024400, 0x05008008, 0x081820c0, 0x10241024,
302 	0x00000800, 0x00010000, 0x20000000, 0x00000010,
303 	0x00000800, 0x00010008, 0x20080000, 0x10000010,
304 	0x02000800, 0x00010000, 0x20000080, 0x00001010,
305 	0x02000800, 0x00010008, 0x20080080, 0x10001010,
306 	0x00004800, 0x00010000, 0x20000040, 0x00040010,
307 	0x00004800, 0x00010008, 0x20080040, 0x10040010,
308 	0x02004800, 0x00010000, 0x200000c0, 0x00041010,
309 	0x02004800, 0x00010008, 0x200800c0, 0x10041010,
310 	0x00020800, 0x00018000, 0x28000000, 0x00200010,
311 	0x00020800, 0x00018008, 0x28080000, 0x10200010,
312 	0x02020800, 0x00018000, 0x28000080, 0x00201010,
313 	0x02020800, 0x00018008, 0x28080080, 0x10201010,
314 	0x00024800, 0x00018000, 0x28000040, 0x00240010,
315 	0x00024800, 0x00018008, 0x28080040, 0x10240010,
316 	0x02024800, 0x00018000, 0x280000c0, 0x00241010,
317 	0x02024800, 0x00018008, 0x280800c0, 0x10241010,
318 	0x00000800, 0x01010000, 0x20002000, 0x00000030,
319 	0x00000800, 0x01010008, 0x20082000, 0x10000030,
320 	0x02000800, 0x01010000, 0x20002080, 0x00001030,
321 	0x02000800, 0x01010008, 0x20082080, 0x10001030,
322 	0x00004800, 0x01010000, 0x20002040, 0x00040030,
323 	0x00004800, 0x01010008, 0x20082040, 0x10040030,
324 	0x02004800, 0x01010000, 0x200020c0, 0x00041030,
325 	0x02004800, 0x01010008, 0x200820c0, 0x10041030,
326 	0x00020800, 0x01018000, 0x28002000, 0x00200030,
327 	0x00020800, 0x01018008, 0x28082000, 0x10200030,
328 	0x02020800, 0x01018000, 0x28002080, 0x00201030,
329 	0x02020800, 0x01018008, 0x28082080, 0x10201030,
330 	0x00024800, 0x01018000, 0x28002040, 0x00240030,
331 	0x00024800, 0x01018008, 0x28082040, 0x10240030,
332 	0x02024800, 0x01018000, 0x280020c0, 0x00241030,
333 	0x02024800, 0x01018008, 0x280820c0, 0x10241030,
334 	0x00000c00, 0x04010000, 0x20100000, 0x00000014,
335 	0x00000c00, 0x04010008, 0x20180000, 0x10000014,
336 	0x02000c00, 0x04010000, 0x20100080, 0x00001014,
337 	0x02000c00, 0x04010008, 0x20180080, 0x10001014,
338 	0x00004c00, 0x04010000, 0x20100040, 0x00040014,
339 	0x00004c00, 0x04010008, 0x20180040, 0x10040014,
340 	0x02004c00, 0x04010000, 0x201000c0, 0x00041014,
341 	0x02004c00, 0x04010008, 0x201800c0, 0x10041014,
342 	0x00020c00, 0x04018000, 0x28100000, 0x00200014,
343 	0x00020c00, 0x04018008, 0x28180000, 0x10200014,
344 	0x02020c00, 0x04018000, 0x28100080, 0x00201014,
345 	0x02020c00, 0x04018008, 0x28180080, 0x10201014,
346 	0x00024c00, 0x04018000, 0x28100040, 0x00240014,
347 	0x00024c00, 0x04018008, 0x28180040, 0x10240014,
348 	0x02024c00, 0x04018000, 0x281000c0, 0x00241014,
349 	0x02024c00, 0x04018008, 0x281800c0, 0x10241014,
350 	0x00000c00, 0x05010000, 0x20102000, 0x00000034,
351 	0x00000c00, 0x05010008, 0x20182000, 0x10000034,
352 	0x02000c00, 0x05010000, 0x20102080, 0x00001034,
353 	0x02000c00, 0x05010008, 0x20182080, 0x10001034,
354 	0x00004c00, 0x05010000, 0x20102040, 0x00040034,
355 	0x00004c00, 0x05010008, 0x20182040, 0x10040034,
356 	0x02004c00, 0x05010000, 0x201020c0, 0x00041034,
357 	0x02004c00, 0x05010008, 0x201820c0, 0x10041034,
358 	0x00020c00, 0x05018000, 0x28102000, 0x00200034,
359 	0x00020c00, 0x05018008, 0x28182000, 0x10200034,
360 	0x02020c00, 0x05018000, 0x28102080, 0x00201034,
361 	0x02020c00, 0x05018008, 0x28182080, 0x10201034,
362 	0x00024c00, 0x05018000, 0x28102040, 0x00240034,
363 	0x00024c00, 0x05018008, 0x28182040, 0x10240034,
364 	0x02024c00, 0x05018000, 0x281020c0, 0x00241034,
365 	0x02024c00, 0x05018008, 0x281820c0, 0x10241034
366 };
367 
368 /* S-box lookup tables */
369 
370 static const u32 S1[64] = {
371 	0x01010400, 0x00000000, 0x00010000, 0x01010404,
372 	0x01010004, 0x00010404, 0x00000004, 0x00010000,
373 	0x00000400, 0x01010400, 0x01010404, 0x00000400,
374 	0x01000404, 0x01010004, 0x01000000, 0x00000004,
375 	0x00000404, 0x01000400, 0x01000400, 0x00010400,
376 	0x00010400, 0x01010000, 0x01010000, 0x01000404,
377 	0x00010004, 0x01000004, 0x01000004, 0x00010004,
378 	0x00000000, 0x00000404, 0x00010404, 0x01000000,
379 	0x00010000, 0x01010404, 0x00000004, 0x01010000,
380 	0x01010400, 0x01000000, 0x01000000, 0x00000400,
381 	0x01010004, 0x00010000, 0x00010400, 0x01000004,
382 	0x00000400, 0x00000004, 0x01000404, 0x00010404,
383 	0x01010404, 0x00010004, 0x01010000, 0x01000404,
384 	0x01000004, 0x00000404, 0x00010404, 0x01010400,
385 	0x00000404, 0x01000400, 0x01000400, 0x00000000,
386 	0x00010004, 0x00010400, 0x00000000, 0x01010004
387 };
388 
389 static const u32 S2[64] = {
390 	0x80108020, 0x80008000, 0x00008000, 0x00108020,
391 	0x00100000, 0x00000020, 0x80100020, 0x80008020,
392 	0x80000020, 0x80108020, 0x80108000, 0x80000000,
393 	0x80008000, 0x00100000, 0x00000020, 0x80100020,
394 	0x00108000, 0x00100020, 0x80008020, 0x00000000,
395 	0x80000000, 0x00008000, 0x00108020, 0x80100000,
396 	0x00100020, 0x80000020, 0x00000000, 0x00108000,
397 	0x00008020, 0x80108000, 0x80100000, 0x00008020,
398 	0x00000000, 0x00108020, 0x80100020, 0x00100000,
399 	0x80008020, 0x80100000, 0x80108000, 0x00008000,
400 	0x80100000, 0x80008000, 0x00000020, 0x80108020,
401 	0x00108020, 0x00000020, 0x00008000, 0x80000000,
402 	0x00008020, 0x80108000, 0x00100000, 0x80000020,
403 	0x00100020, 0x80008020, 0x80000020, 0x00100020,
404 	0x00108000, 0x00000000, 0x80008000, 0x00008020,
405 	0x80000000, 0x80100020, 0x80108020, 0x00108000
406 };
407 
408 static const u32 S3[64] = {
409 	0x00000208, 0x08020200, 0x00000000, 0x08020008,
410 	0x08000200, 0x00000000, 0x00020208, 0x08000200,
411 	0x00020008, 0x08000008, 0x08000008, 0x00020000,
412 	0x08020208, 0x00020008, 0x08020000, 0x00000208,
413 	0x08000000, 0x00000008, 0x08020200, 0x00000200,
414 	0x00020200, 0x08020000, 0x08020008, 0x00020208,
415 	0x08000208, 0x00020200, 0x00020000, 0x08000208,
416 	0x00000008, 0x08020208, 0x00000200, 0x08000000,
417 	0x08020200, 0x08000000, 0x00020008, 0x00000208,
418 	0x00020000, 0x08020200, 0x08000200, 0x00000000,
419 	0x00000200, 0x00020008, 0x08020208, 0x08000200,
420 	0x08000008, 0x00000200, 0x00000000, 0x08020008,
421 	0x08000208, 0x00020000, 0x08000000, 0x08020208,
422 	0x00000008, 0x00020208, 0x00020200, 0x08000008,
423 	0x08020000, 0x08000208, 0x00000208, 0x08020000,
424 	0x00020208, 0x00000008, 0x08020008, 0x00020200
425 };
426 
427 static const u32 S4[64] = {
428 	0x00802001, 0x00002081, 0x00002081, 0x00000080,
429 	0x00802080, 0x00800081, 0x00800001, 0x00002001,
430 	0x00000000, 0x00802000, 0x00802000, 0x00802081,
431 	0x00000081, 0x00000000, 0x00800080, 0x00800001,
432 	0x00000001, 0x00002000, 0x00800000, 0x00802001,
433 	0x00000080, 0x00800000, 0x00002001, 0x00002080,
434 	0x00800081, 0x00000001, 0x00002080, 0x00800080,
435 	0x00002000, 0x00802080, 0x00802081, 0x00000081,
436 	0x00800080, 0x00800001, 0x00802000, 0x00802081,
437 	0x00000081, 0x00000000, 0x00000000, 0x00802000,
438 	0x00002080, 0x00800080, 0x00800081, 0x00000001,
439 	0x00802001, 0x00002081, 0x00002081, 0x00000080,
440 	0x00802081, 0x00000081, 0x00000001, 0x00002000,
441 	0x00800001, 0x00002001, 0x00802080, 0x00800081,
442 	0x00002001, 0x00002080, 0x00800000, 0x00802001,
443 	0x00000080, 0x00800000, 0x00002000, 0x00802080
444 };
445 
446 static const u32 S5[64] = {
447 	0x00000100, 0x02080100, 0x02080000, 0x42000100,
448 	0x00080000, 0x00000100, 0x40000000, 0x02080000,
449 	0x40080100, 0x00080000, 0x02000100, 0x40080100,
450 	0x42000100, 0x42080000, 0x00080100, 0x40000000,
451 	0x02000000, 0x40080000, 0x40080000, 0x00000000,
452 	0x40000100, 0x42080100, 0x42080100, 0x02000100,
453 	0x42080000, 0x40000100, 0x00000000, 0x42000000,
454 	0x02080100, 0x02000000, 0x42000000, 0x00080100,
455 	0x00080000, 0x42000100, 0x00000100, 0x02000000,
456 	0x40000000, 0x02080000, 0x42000100, 0x40080100,
457 	0x02000100, 0x40000000, 0x42080000, 0x02080100,
458 	0x40080100, 0x00000100, 0x02000000, 0x42080000,
459 	0x42080100, 0x00080100, 0x42000000, 0x42080100,
460 	0x02080000, 0x00000000, 0x40080000, 0x42000000,
461 	0x00080100, 0x02000100, 0x40000100, 0x00080000,
462 	0x00000000, 0x40080000, 0x02080100, 0x40000100
463 };
464 
465 static const u32 S6[64] = {
466 	0x20000010, 0x20400000, 0x00004000, 0x20404010,
467 	0x20400000, 0x00000010, 0x20404010, 0x00400000,
468 	0x20004000, 0x00404010, 0x00400000, 0x20000010,
469 	0x00400010, 0x20004000, 0x20000000, 0x00004010,
470 	0x00000000, 0x00400010, 0x20004010, 0x00004000,
471 	0x00404000, 0x20004010, 0x00000010, 0x20400010,
472 	0x20400010, 0x00000000, 0x00404010, 0x20404000,
473 	0x00004010, 0x00404000, 0x20404000, 0x20000000,
474 	0x20004000, 0x00000010, 0x20400010, 0x00404000,
475 	0x20404010, 0x00400000, 0x00004010, 0x20000010,
476 	0x00400000, 0x20004000, 0x20000000, 0x00004010,
477 	0x20000010, 0x20404010, 0x00404000, 0x20400000,
478 	0x00404010, 0x20404000, 0x00000000, 0x20400010,
479 	0x00000010, 0x00004000, 0x20400000, 0x00404010,
480 	0x00004000, 0x00400010, 0x20004010, 0x00000000,
481 	0x20404000, 0x20000000, 0x00400010, 0x20004010
482 };
483 
484 static const u32 S7[64] = {
485 	0x00200000, 0x04200002, 0x04000802, 0x00000000,
486 	0x00000800, 0x04000802, 0x00200802, 0x04200800,
487 	0x04200802, 0x00200000, 0x00000000, 0x04000002,
488 	0x00000002, 0x04000000, 0x04200002, 0x00000802,
489 	0x04000800, 0x00200802, 0x00200002, 0x04000800,
490 	0x04000002, 0x04200000, 0x04200800, 0x00200002,
491 	0x04200000, 0x00000800, 0x00000802, 0x04200802,
492 	0x00200800, 0x00000002, 0x04000000, 0x00200800,
493 	0x04000000, 0x00200800, 0x00200000, 0x04000802,
494 	0x04000802, 0x04200002, 0x04200002, 0x00000002,
495 	0x00200002, 0x04000000, 0x04000800, 0x00200000,
496 	0x04200800, 0x00000802, 0x00200802, 0x04200800,
497 	0x00000802, 0x04000002, 0x04200802, 0x04200000,
498 	0x00200800, 0x00000000, 0x00000002, 0x04200802,
499 	0x00000000, 0x00200802, 0x04200000, 0x00000800,
500 	0x04000002, 0x04000800, 0x00000800, 0x00200002
501 };
502 
503 static const u32 S8[64] = {
504 	0x10001040, 0x00001000, 0x00040000, 0x10041040,
505 	0x10000000, 0x10001040, 0x00000040, 0x10000000,
506 	0x00040040, 0x10040000, 0x10041040, 0x00041000,
507 	0x10041000, 0x00041040, 0x00001000, 0x00000040,
508 	0x10040000, 0x10000040, 0x10001000, 0x00001040,
509 	0x00041000, 0x00040040, 0x10040040, 0x10041000,
510 	0x00001040, 0x00000000, 0x00000000, 0x10040040,
511 	0x10000040, 0x10001000, 0x00041040, 0x00040000,
512 	0x00041040, 0x00040000, 0x10041000, 0x00001000,
513 	0x00000040, 0x10040040, 0x00001000, 0x00041040,
514 	0x10001000, 0x00000040, 0x10000040, 0x10040000,
515 	0x10040040, 0x10000000, 0x00040000, 0x10001040,
516 	0x00000000, 0x10041040, 0x00040040, 0x10000040,
517 	0x10040000, 0x10001000, 0x10001040, 0x00000000,
518 	0x10041040, 0x00041000, 0x00041000, 0x00001040,
519 	0x00001040, 0x00040040, 0x10000000, 0x10041000
520 };
521 
522 /* Encryption components: IP, FP, and round function */
523 
524 #define IP(L, R, T)		\
525 	ROL(R, 4);		\
526 	T  = L;			\
527 	L ^= R;			\
528 	L &= 0xf0f0f0f0;	\
529 	R ^= L;			\
530 	L ^= T;			\
531 	ROL(R, 12);		\
532 	T  = L;			\
533 	L ^= R;			\
534 	L &= 0xffff0000;	\
535 	R ^= L;			\
536 	L ^= T;			\
537 	ROR(R, 14);		\
538 	T  = L;			\
539 	L ^= R;			\
540 	L &= 0xcccccccc;	\
541 	R ^= L;			\
542 	L ^= T;			\
543 	ROL(R, 6);		\
544 	T  = L;			\
545 	L ^= R;			\
546 	L &= 0xff00ff00;	\
547 	R ^= L;			\
548 	L ^= T;			\
549 	ROR(R, 7);		\
550 	T  = L;			\
551 	L ^= R;			\
552 	L &= 0xaaaaaaaa;	\
553 	R ^= L;			\
554 	L ^= T;			\
555 	ROL(L, 1);
556 
557 #define FP(L, R, T)		\
558 	ROR(L, 1);		\
559 	T  = L;			\
560 	L ^= R;			\
561 	L &= 0xaaaaaaaa;	\
562 	R ^= L;			\
563 	L ^= T;			\
564 	ROL(R, 7);		\
565 	T  = L;			\
566 	L ^= R;			\
567 	L &= 0xff00ff00;	\
568 	R ^= L;			\
569 	L ^= T;			\
570 	ROR(R, 6);		\
571 	T  = L;			\
572 	L ^= R;			\
573 	L &= 0xcccccccc;	\
574 	R ^= L;			\
575 	L ^= T;			\
576 	ROL(R, 14);		\
577 	T  = L;			\
578 	L ^= R;			\
579 	L &= 0xffff0000;	\
580 	R ^= L;			\
581 	L ^= T;			\
582 	ROR(R, 12);		\
583 	T  = L;			\
584 	L ^= R;			\
585 	L &= 0xf0f0f0f0;	\
586 	R ^= L;			\
587 	L ^= T;			\
588 	ROR(R, 4);
589 
590 #define ROUND(L, R, A, B, K, d)					\
591 	B = K[0];			A = K[1];	K += d;	\
592 	B ^= R;				A ^= R;			\
593 	B &= 0x3f3f3f3f;		ROR(A, 4);		\
594 	L ^= S8[0xff & B];		A &= 0x3f3f3f3f;	\
595 	L ^= S6[0xff & (B >> 8)];	B >>= 16;		\
596 	L ^= S7[0xff & A];					\
597 	L ^= S5[0xff & (A >> 8)];	A >>= 16;		\
598 	L ^= S4[0xff & B];					\
599 	L ^= S2[0xff & (B >> 8)];				\
600 	L ^= S3[0xff & A];					\
601 	L ^= S1[0xff & (A >> 8)];
602 
603 /*
604  * PC2 lookup tables are organized as 2 consecutive sets of 4 interleaved
605  * tables of 128 elements.  One set is for C_i and the other for D_i, while
606  * the 4 interleaved tables correspond to four 7-bit subsets of C_i or D_i.
607  *
608  * After PC1 each of the variables a,b,c,d contains a 7 bit subset of C_i
609  * or D_i in bits 7-1 (bit 0 being the least significant).
610  */
611 
612 #define T1(x) pt[2 * (x) + 0]
613 #define T2(x) pt[2 * (x) + 1]
614 #define T3(x) pt[2 * (x) + 2]
615 #define T4(x) pt[2 * (x) + 3]
616 
617 #define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
618 
619 /*
620  * Encryption key expansion
621  *
622  * RFC2451: Weak key checks SHOULD be performed.
623  *
624  * FIPS 74:
625  *
626  *   Keys having duals are keys which produce all zeros, all ones, or
627  *   alternating zero-one patterns in the C and D registers after Permuted
628  *   Choice 1 has operated on the key.
629  *
630  */
des_ekey(u32 * pe,const u8 * k)631 unsigned long des_ekey(u32 *pe, const u8 *k)
632 {
633 	/* K&R: long is at least 32 bits */
634 	unsigned long a, b, c, d, w;
635 	const u32 *pt = pc2;
636 
637 	d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
638 	c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
639 	b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
640 	a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
641 
642 	pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
643 	pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
644 	pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
645 	pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
646 	pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
647 	pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
648 	pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
649 	pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
650 	pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
651 	pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
652 	pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
653 	pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
654 	pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
655 	pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
656 	pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
657 	pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
658 
659 	/* Check if first half is weak */
660 	w  = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
661 
662 	/* Skip to next table set */
663 	pt += 512;
664 
665 	d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
666 	c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
667 	b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
668 	a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
669 
670 	/* Check if second half is weak */
671 	w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
672 
673 	pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
674 	pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
675 	pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
676 	pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
677 	pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
678 	pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
679 	pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
680 	pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
681 	pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
682 	pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
683 	pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
684 	pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
685 	pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
686 	pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
687 	pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
688 	pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
689 
690 	/* Fixup: 2413 5768 -> 1357 2468 */
691 	for (d = 0; d < 16; ++d) {
692 		a = pe[2 * d];
693 		b = pe[2 * d + 1];
694 		c = a ^ b;
695 		c &= 0xffff0000;
696 		a ^= c;
697 		b ^= c;
698 		ROL(b, 18);
699 		pe[2 * d] = a;
700 		pe[2 * d + 1] = b;
701 	}
702 
703 	/* Zero if weak key */
704 	return w;
705 }
706 EXPORT_SYMBOL_GPL(des_ekey);
707 
708 /*
709  * Decryption key expansion
710  *
711  * No weak key checking is performed, as this is only used by triple DES
712  *
713  */
dkey(u32 * pe,const u8 * k)714 static void dkey(u32 *pe, const u8 *k)
715 {
716 	/* K&R: long is at least 32 bits */
717 	unsigned long a, b, c, d;
718 	const u32 *pt = pc2;
719 
720 	d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
721 	c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
722 	b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
723 	a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
724 
725 	pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
726 	pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
727 	pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
728 	pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
729 	pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
730 	pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
731 	pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
732 	pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
733 	pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
734 	pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
735 	pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
736 	pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
737 	pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
738 	pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
739 	pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
740 	pe[15 * 2] = DES_PC2(b, c, d, a);
741 
742 	/* Skip to next table set */
743 	pt += 512;
744 
745 	d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
746 	c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
747 	b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
748 	a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
749 
750 	pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
751 	pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
752 	pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
753 	pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
754 	pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
755 	pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
756 	pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
757 	pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
758 	pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
759 	pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
760 	pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
761 	pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
762 	pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
763 	pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
764 	pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
765 	pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
766 
767 	/* Fixup: 2413 5768 -> 1357 2468 */
768 	for (d = 0; d < 16; ++d) {
769 		a = pe[2 * d];
770 		b = pe[2 * d + 1];
771 		c = a ^ b;
772 		c &= 0xffff0000;
773 		a ^= c;
774 		b ^= c;
775 		ROL(b, 18);
776 		pe[2 * d] = a;
777 		pe[2 * d + 1] = b;
778 	}
779 }
780 
des_setkey(struct crypto_tfm * tfm,const u8 * key,unsigned int keylen)781 static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
782 		      unsigned int keylen)
783 {
784 	struct des_ctx *dctx = crypto_tfm_ctx(tfm);
785 	u32 *flags = &tfm->crt_flags;
786 	u32 tmp[DES_EXPKEY_WORDS];
787 	int ret;
788 
789 	/* Expand to tmp */
790 	ret = des_ekey(tmp, key);
791 
792 	if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
793 		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
794 		return -EINVAL;
795 	}
796 
797 	/* Copy to output */
798 	memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
799 
800 	return 0;
801 }
802 
des_encrypt(struct crypto_tfm * tfm,u8 * dst,const u8 * src)803 static void des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
804 {
805 	struct des_ctx *ctx = crypto_tfm_ctx(tfm);
806 	const u32 *K = ctx->expkey;
807 	const __le32 *s = (const __le32 *)src;
808 	__le32 *d = (__le32 *)dst;
809 	u32 L, R, A, B;
810 	int i;
811 
812 	L = le32_to_cpu(s[0]);
813 	R = le32_to_cpu(s[1]);
814 
815 	IP(L, R, A);
816 	for (i = 0; i < 8; i++) {
817 		ROUND(L, R, A, B, K, 2);
818 		ROUND(R, L, A, B, K, 2);
819 	}
820 	FP(R, L, A);
821 
822 	d[0] = cpu_to_le32(R);
823 	d[1] = cpu_to_le32(L);
824 }
825 
des_decrypt(struct crypto_tfm * tfm,u8 * dst,const u8 * src)826 static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
827 {
828 	struct des_ctx *ctx = crypto_tfm_ctx(tfm);
829 	const u32 *K = ctx->expkey + DES_EXPKEY_WORDS - 2;
830 	const __le32 *s = (const __le32 *)src;
831 	__le32 *d = (__le32 *)dst;
832 	u32 L, R, A, B;
833 	int i;
834 
835 	L = le32_to_cpu(s[0]);
836 	R = le32_to_cpu(s[1]);
837 
838 	IP(L, R, A);
839 	for (i = 0; i < 8; i++) {
840 		ROUND(L, R, A, B, K, -2);
841 		ROUND(R, L, A, B, K, -2);
842 	}
843 	FP(R, L, A);
844 
845 	d[0] = cpu_to_le32(R);
846 	d[1] = cpu_to_le32(L);
847 }
848 
849 /*
850  * RFC2451:
851  *
852  *   For DES-EDE3, there is no known need to reject weak or
853  *   complementation keys.  Any weakness is obviated by the use of
854  *   multiple keys.
855  *
856  *   However, if the first two or last two independent 64-bit keys are
857  *   equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
858  *   same as DES.  Implementers MUST reject keys that exhibit this
859  *   property.
860  *
861  */
__des3_ede_setkey(u32 * expkey,u32 * flags,const u8 * key,unsigned int keylen)862 int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
863 		      unsigned int keylen)
864 {
865 	const u32 *K = (const u32 *)key;
866 
867 	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
868 		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
869 		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
870 		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
871 		return -EINVAL;
872 	}
873 
874 	des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
875 	dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
876 	des_ekey(expkey, key);
877 
878 	return 0;
879 }
880 EXPORT_SYMBOL_GPL(__des3_ede_setkey);
881 
des3_ede_setkey(struct crypto_tfm * tfm,const u8 * key,unsigned int keylen)882 static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
883 			   unsigned int keylen)
884 {
885 	struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
886 	u32 *flags = &tfm->crt_flags;
887 	u32 *expkey = dctx->expkey;
888 
889 	return __des3_ede_setkey(expkey, flags, key, keylen);
890 }
891 
des3_ede_encrypt(struct crypto_tfm * tfm,u8 * dst,const u8 * src)892 static void des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
893 {
894 	struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
895 	const u32 *K = dctx->expkey;
896 	const __le32 *s = (const __le32 *)src;
897 	__le32 *d = (__le32 *)dst;
898 	u32 L, R, A, B;
899 	int i;
900 
901 	L = le32_to_cpu(s[0]);
902 	R = le32_to_cpu(s[1]);
903 
904 	IP(L, R, A);
905 	for (i = 0; i < 8; i++) {
906 		ROUND(L, R, A, B, K, 2);
907 		ROUND(R, L, A, B, K, 2);
908 	}
909 	for (i = 0; i < 8; i++) {
910 		ROUND(R, L, A, B, K, 2);
911 		ROUND(L, R, A, B, K, 2);
912 	}
913 	for (i = 0; i < 8; i++) {
914 		ROUND(L, R, A, B, K, 2);
915 		ROUND(R, L, A, B, K, 2);
916 	}
917 	FP(R, L, A);
918 
919 	d[0] = cpu_to_le32(R);
920 	d[1] = cpu_to_le32(L);
921 }
922 
des3_ede_decrypt(struct crypto_tfm * tfm,u8 * dst,const u8 * src)923 static void des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
924 {
925 	struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
926 	const u32 *K = dctx->expkey + DES3_EDE_EXPKEY_WORDS - 2;
927 	const __le32 *s = (const __le32 *)src;
928 	__le32 *d = (__le32 *)dst;
929 	u32 L, R, A, B;
930 	int i;
931 
932 	L = le32_to_cpu(s[0]);
933 	R = le32_to_cpu(s[1]);
934 
935 	IP(L, R, A);
936 	for (i = 0; i < 8; i++) {
937 		ROUND(L, R, A, B, K, -2);
938 		ROUND(R, L, A, B, K, -2);
939 	}
940 	for (i = 0; i < 8; i++) {
941 		ROUND(R, L, A, B, K, -2);
942 		ROUND(L, R, A, B, K, -2);
943 	}
944 	for (i = 0; i < 8; i++) {
945 		ROUND(L, R, A, B, K, -2);
946 		ROUND(R, L, A, B, K, -2);
947 	}
948 	FP(R, L, A);
949 
950 	d[0] = cpu_to_le32(R);
951 	d[1] = cpu_to_le32(L);
952 }
953 
954 static struct crypto_alg des_algs[2] = { {
955 	.cra_name		=	"des",
956 	.cra_driver_name	=	"des-generic",
957 	.cra_priority		=	100,
958 	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
959 	.cra_blocksize		=	DES_BLOCK_SIZE,
960 	.cra_ctxsize		=	sizeof(struct des_ctx),
961 	.cra_module		=	THIS_MODULE,
962 	.cra_alignmask		=	3,
963 	.cra_u			=	{ .cipher = {
964 	.cia_min_keysize	=	DES_KEY_SIZE,
965 	.cia_max_keysize	=	DES_KEY_SIZE,
966 	.cia_setkey		=	des_setkey,
967 	.cia_encrypt		=	des_encrypt,
968 	.cia_decrypt		=	des_decrypt } }
969 }, {
970 	.cra_name		=	"des3_ede",
971 	.cra_driver_name	=	"des3_ede-generic",
972 	.cra_priority		=	100,
973 	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
974 	.cra_blocksize		=	DES3_EDE_BLOCK_SIZE,
975 	.cra_ctxsize		=	sizeof(struct des3_ede_ctx),
976 	.cra_module		=	THIS_MODULE,
977 	.cra_alignmask		=	3,
978 	.cra_u			=	{ .cipher = {
979 	.cia_min_keysize	=	DES3_EDE_KEY_SIZE,
980 	.cia_max_keysize	=	DES3_EDE_KEY_SIZE,
981 	.cia_setkey		=	des3_ede_setkey,
982 	.cia_encrypt		=	des3_ede_encrypt,
983 	.cia_decrypt		=	des3_ede_decrypt } }
984 } };
985 
des_generic_mod_init(void)986 static int __init des_generic_mod_init(void)
987 {
988 	return crypto_register_algs(des_algs, ARRAY_SIZE(des_algs));
989 }
990 
des_generic_mod_fini(void)991 static void __exit des_generic_mod_fini(void)
992 {
993 	crypto_unregister_algs(des_algs, ARRAY_SIZE(des_algs));
994 }
995 
996 module_init(des_generic_mod_init);
997 module_exit(des_generic_mod_fini);
998 
999 MODULE_LICENSE("GPL");
1000 MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
1001 MODULE_AUTHOR("Dag Arne Osvik <da@osvik.no>");
1002 MODULE_ALIAS_CRYPTO("des");
1003 MODULE_ALIAS_CRYPTO("des-generic");
1004 MODULE_ALIAS_CRYPTO("des3_ede");
1005 MODULE_ALIAS_CRYPTO("des3_ede-generic");
1006