Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
4349 | Serge | 1 | /* |
2 | * DES encryption/decryption |
||
3 | * Copyright (c) 2007 Reimar Doeffinger |
||
4 | * |
||
5 | * This file is part of FFmpeg. |
||
6 | * |
||
7 | * FFmpeg is free software; you can redistribute it and/or |
||
8 | * modify it under the terms of the GNU Lesser General Public |
||
9 | * License as published by the Free Software Foundation; either |
||
10 | * version 2.1 of the License, or (at your option) any later version. |
||
11 | * |
||
12 | * FFmpeg is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||
15 | * Lesser General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU Lesser General Public |
||
18 | * License along with FFmpeg; if not, write to the Free Software |
||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
||
20 | */ |
||
21 | #include |
||
22 | #include "avutil.h" |
||
23 | #include "common.h" |
||
24 | #include "intreadwrite.h" |
||
25 | #include "des.h" |
||
26 | |||
27 | typedef struct AVDES AVDES; |
||
28 | |||
29 | #define T(a, b, c, d, e, f, g, h) 64-a,64-b,64-c,64-d,64-e,64-f,64-g,64-h |
||
30 | static const uint8_t IP_shuffle[] = { |
||
31 | T(58, 50, 42, 34, 26, 18, 10, 2), |
||
32 | T(60, 52, 44, 36, 28, 20, 12, 4), |
||
33 | T(62, 54, 46, 38, 30, 22, 14, 6), |
||
34 | T(64, 56, 48, 40, 32, 24, 16, 8), |
||
35 | T(57, 49, 41, 33, 25, 17, 9, 1), |
||
36 | T(59, 51, 43, 35, 27, 19, 11, 3), |
||
37 | T(61, 53, 45, 37, 29, 21, 13, 5), |
||
38 | T(63, 55, 47, 39, 31, 23, 15, 7) |
||
39 | }; |
||
40 | #undef T |
||
41 | |||
42 | #if CONFIG_SMALL || defined(GENTABLES) |
||
43 | #define T(a, b, c, d) 32-a,32-b,32-c,32-d |
||
44 | static const uint8_t P_shuffle[] = { |
||
45 | T(16, 7, 20, 21), |
||
46 | T(29, 12, 28, 17), |
||
47 | T( 1, 15, 23, 26), |
||
48 | T( 5, 18, 31, 10), |
||
49 | T( 2, 8, 24, 14), |
||
50 | T(32, 27, 3, 9), |
||
51 | T(19, 13, 30, 6), |
||
52 | T(22, 11, 4, 25) |
||
53 | }; |
||
54 | #undef T |
||
55 | #endif |
||
56 | |||
57 | #define T(a, b, c, d, e, f, g) 64-a,64-b,64-c,64-d,64-e,64-f,64-g |
||
58 | static const uint8_t PC1_shuffle[] = { |
||
59 | T(57, 49, 41, 33, 25, 17, 9), |
||
60 | T( 1, 58, 50, 42, 34, 26, 18), |
||
61 | T(10, 2, 59, 51, 43, 35, 27), |
||
62 | T(19, 11, 3, 60, 52, 44, 36), |
||
63 | T(63, 55, 47, 39, 31, 23, 15), |
||
64 | T( 7, 62, 54, 46, 38, 30, 22), |
||
65 | T(14, 6, 61, 53, 45, 37, 29), |
||
66 | T(21, 13, 5, 28, 20, 12, 4) |
||
67 | }; |
||
68 | #undef T |
||
69 | |||
70 | #define T(a, b, c, d, e, f) 56-a,56-b,56-c,56-d,56-e,56-f |
||
71 | static const uint8_t PC2_shuffle[] = { |
||
72 | T(14, 17, 11, 24, 1, 5), |
||
73 | T( 3, 28, 15, 6, 21, 10), |
||
74 | T(23, 19, 12, 4, 26, 8), |
||
75 | T(16, 7, 27, 20, 13, 2), |
||
76 | T(41, 52, 31, 37, 47, 55), |
||
77 | T(30, 40, 51, 45, 33, 48), |
||
78 | T(44, 49, 39, 56, 34, 53), |
||
79 | T(46, 42, 50, 36, 29, 32) |
||
80 | }; |
||
81 | #undef T |
||
82 | |||
83 | #if CONFIG_SMALL |
||
84 | static const uint8_t S_boxes[8][32] = { |
||
85 | { |
||
86 | 0x0e, 0xf4, 0x7d, 0x41, 0xe2, 0x2f, 0xdb, 0x18, 0xa3, 0x6a, 0xc6, 0xbc, 0x95, 0x59, 0x30, 0x87, |
||
87 | 0xf4, 0xc1, 0x8e, 0x28, 0x4d, 0x96, 0x12, 0x7b, 0x5f, 0xbc, 0x39, 0xe7, 0xa3, 0x0a, 0x65, 0xd0, |
||
88 | }, { |
||
89 | 0x3f, 0xd1, 0x48, 0x7e, 0xf6, 0x2b, 0x83, 0xe4, 0xc9, 0x07, 0x12, 0xad, 0x6c, 0x90, 0xb5, 0x5a, |
||
90 | 0xd0, 0x8e, 0xa7, 0x1b, 0x3a, 0xf4, 0x4d, 0x21, 0xb5, 0x68, 0x7c, 0xc6, 0x09, 0x53, 0xe2, 0x9f, |
||
91 | }, { |
||
92 | 0xda, 0x70, 0x09, 0x9e, 0x36, 0x43, 0x6f, 0xa5, 0x21, 0x8d, 0x5c, 0xe7, 0xcb, 0xb4, 0xf2, 0x18, |
||
93 | 0x1d, 0xa6, 0xd4, 0x09, 0x68, 0x9f, 0x83, 0x70, 0x4b, 0xf1, 0xe2, 0x3c, 0xb5, 0x5a, 0x2e, 0xc7, |
||
94 | }, { |
||
95 | 0xd7, 0x8d, 0xbe, 0x53, 0x60, 0xf6, 0x09, 0x3a, 0x41, 0x72, 0x28, 0xc5, 0x1b, 0xac, 0xe4, 0x9f, |
||
96 | 0x3a, 0xf6, 0x09, 0x60, 0xac, 0x1b, 0xd7, 0x8d, 0x9f, 0x41, 0x53, 0xbe, 0xc5, 0x72, 0x28, 0xe4, |
||
97 | }, { |
||
98 | 0xe2, 0xbc, 0x24, 0xc1, 0x47, 0x7a, 0xdb, 0x16, 0x58, 0x05, 0xf3, 0xaf, 0x3d, 0x90, 0x8e, 0x69, |
||
99 | 0xb4, 0x82, 0xc1, 0x7b, 0x1a, 0xed, 0x27, 0xd8, 0x6f, 0xf9, 0x0c, 0x95, 0xa6, 0x43, 0x50, 0x3e, |
||
100 | }, { |
||
101 | 0xac, 0xf1, 0x4a, 0x2f, 0x79, 0xc2, 0x96, 0x58, 0x60, 0x1d, 0xd3, 0xe4, 0x0e, 0xb7, 0x35, 0x8b, |
||
102 | 0x49, 0x3e, 0x2f, 0xc5, 0x92, 0x58, 0xfc, 0xa3, 0xb7, 0xe0, 0x14, 0x7a, 0x61, 0x0d, 0x8b, 0xd6, |
||
103 | }, { |
||
104 | 0xd4, 0x0b, 0xb2, 0x7e, 0x4f, 0x90, 0x18, 0xad, 0xe3, 0x3c, 0x59, 0xc7, 0x25, 0xfa, 0x86, 0x61, |
||
105 | 0x61, 0xb4, 0xdb, 0x8d, 0x1c, 0x43, 0xa7, 0x7e, 0x9a, 0x5f, 0x06, 0xf8, 0xe0, 0x25, 0x39, 0xc2, |
||
106 | }, { |
||
107 | 0x1d, 0xf2, 0xd8, 0x84, 0xa6, 0x3f, 0x7b, 0x41, 0xca, 0x59, 0x63, 0xbe, 0x05, 0xe0, 0x9c, 0x27, |
||
108 | 0x27, 0x1b, 0xe4, 0x71, 0x49, 0xac, 0x8e, 0xd2, 0xf0, 0xc6, 0x9a, 0x0d, 0x3f, 0x53, 0x65, 0xb8, |
||
109 | } |
||
110 | }; |
||
111 | #else |
||
112 | /** |
||
113 | * This table contains the results of applying both the S-box and P-shuffle. |
||
114 | * It can be regenerated by compiling this file with -DCONFIG_SMALL -DTEST -DGENTABLES |
||
115 | */ |
||
116 | static const uint32_t S_boxes_P_shuffle[8][64] = { |
||
117 | { |
||
118 | 0x00808200, 0x00000000, 0x00008000, 0x00808202, 0x00808002, 0x00008202, 0x00000002, 0x00008000, |
||
119 | 0x00000200, 0x00808200, 0x00808202, 0x00000200, 0x00800202, 0x00808002, 0x00800000, 0x00000002, |
||
120 | 0x00000202, 0x00800200, 0x00800200, 0x00008200, 0x00008200, 0x00808000, 0x00808000, 0x00800202, |
||
121 | 0x00008002, 0x00800002, 0x00800002, 0x00008002, 0x00000000, 0x00000202, 0x00008202, 0x00800000, |
||
122 | 0x00008000, 0x00808202, 0x00000002, 0x00808000, 0x00808200, 0x00800000, 0x00800000, 0x00000200, |
||
123 | 0x00808002, 0x00008000, 0x00008200, 0x00800002, 0x00000200, 0x00000002, 0x00800202, 0x00008202, |
||
124 | 0x00808202, 0x00008002, 0x00808000, 0x00800202, 0x00800002, 0x00000202, 0x00008202, 0x00808200, |
||
125 | 0x00000202, 0x00800200, 0x00800200, 0x00000000, 0x00008002, 0x00008200, 0x00000000, 0x00808002, |
||
126 | }, |
||
127 | { |
||
128 | 0x40084010, 0x40004000, 0x00004000, 0x00084010, 0x00080000, 0x00000010, 0x40080010, 0x40004010, |
||
129 | 0x40000010, 0x40084010, 0x40084000, 0x40000000, 0x40004000, 0x00080000, 0x00000010, 0x40080010, |
||
130 | 0x00084000, 0x00080010, 0x40004010, 0x00000000, 0x40000000, 0x00004000, 0x00084010, 0x40080000, |
||
131 | 0x00080010, 0x40000010, 0x00000000, 0x00084000, 0x00004010, 0x40084000, 0x40080000, 0x00004010, |
||
132 | 0x00000000, 0x00084010, 0x40080010, 0x00080000, 0x40004010, 0x40080000, 0x40084000, 0x00004000, |
||
133 | 0x40080000, 0x40004000, 0x00000010, 0x40084010, 0x00084010, 0x00000010, 0x00004000, 0x40000000, |
||
134 | 0x00004010, 0x40084000, 0x00080000, 0x40000010, 0x00080010, 0x40004010, 0x40000010, 0x00080010, |
||
135 | 0x00084000, 0x00000000, 0x40004000, 0x00004010, 0x40000000, 0x40080010, 0x40084010, 0x00084000, |
||
136 | }, |
||
137 | { |
||
138 | 0x00000104, 0x04010100, 0x00000000, 0x04010004, 0x04000100, 0x00000000, 0x00010104, 0x04000100, |
||
139 | 0x00010004, 0x04000004, 0x04000004, 0x00010000, 0x04010104, 0x00010004, 0x04010000, 0x00000104, |
||
140 | 0x04000000, 0x00000004, 0x04010100, 0x00000100, 0x00010100, 0x04010000, 0x04010004, 0x00010104, |
||
141 | 0x04000104, 0x00010100, 0x00010000, 0x04000104, 0x00000004, 0x04010104, 0x00000100, 0x04000000, |
||
142 | 0x04010100, 0x04000000, 0x00010004, 0x00000104, 0x00010000, 0x04010100, 0x04000100, 0x00000000, |
||
143 | 0x00000100, 0x00010004, 0x04010104, 0x04000100, 0x04000004, 0x00000100, 0x00000000, 0x04010004, |
||
144 | 0x04000104, 0x00010000, 0x04000000, 0x04010104, 0x00000004, 0x00010104, 0x00010100, 0x04000004, |
||
145 | 0x04010000, 0x04000104, 0x00000104, 0x04010000, 0x00010104, 0x00000004, 0x04010004, 0x00010100, |
||
146 | }, |
||
147 | { |
||
148 | 0x80401000, 0x80001040, 0x80001040, 0x00000040, 0x00401040, 0x80400040, 0x80400000, 0x80001000, |
||
149 | 0x00000000, 0x00401000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00400040, 0x80400000, |
||
150 | 0x80000000, 0x00001000, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x80001000, 0x00001040, |
||
151 | 0x80400040, 0x80000000, 0x00001040, 0x00400040, 0x00001000, 0x00401040, 0x80401040, 0x80000040, |
||
152 | 0x00400040, 0x80400000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00000000, 0x00401000, |
||
153 | 0x00001040, 0x00400040, 0x80400040, 0x80000000, 0x80401000, 0x80001040, 0x80001040, 0x00000040, |
||
154 | 0x80401040, 0x80000040, 0x80000000, 0x00001000, 0x80400000, 0x80001000, 0x00401040, 0x80400040, |
||
155 | 0x80001000, 0x00001040, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x00001000, 0x00401040, |
||
156 | }, |
||
157 | { |
||
158 | 0x00000080, 0x01040080, 0x01040000, 0x21000080, 0x00040000, 0x00000080, 0x20000000, 0x01040000, |
||
159 | 0x20040080, 0x00040000, 0x01000080, 0x20040080, 0x21000080, 0x21040000, 0x00040080, 0x20000000, |
||
160 | 0x01000000, 0x20040000, 0x20040000, 0x00000000, 0x20000080, 0x21040080, 0x21040080, 0x01000080, |
||
161 | 0x21040000, 0x20000080, 0x00000000, 0x21000000, 0x01040080, 0x01000000, 0x21000000, 0x00040080, |
||
162 | 0x00040000, 0x21000080, 0x00000080, 0x01000000, 0x20000000, 0x01040000, 0x21000080, 0x20040080, |
||
163 | 0x01000080, 0x20000000, 0x21040000, 0x01040080, 0x20040080, 0x00000080, 0x01000000, 0x21040000, |
||
164 | 0x21040080, 0x00040080, 0x21000000, 0x21040080, 0x01040000, 0x00000000, 0x20040000, 0x21000000, |
||
165 | 0x00040080, 0x01000080, 0x20000080, 0x00040000, 0x00000000, 0x20040000, 0x01040080, 0x20000080, |
||
166 | }, |
||
167 | { |
||
168 | 0x10000008, 0x10200000, 0x00002000, 0x10202008, 0x10200000, 0x00000008, 0x10202008, 0x00200000, |
||
169 | 0x10002000, 0x00202008, 0x00200000, 0x10000008, 0x00200008, 0x10002000, 0x10000000, 0x00002008, |
||
170 | 0x00000000, 0x00200008, 0x10002008, 0x00002000, 0x00202000, 0x10002008, 0x00000008, 0x10200008, |
||
171 | 0x10200008, 0x00000000, 0x00202008, 0x10202000, 0x00002008, 0x00202000, 0x10202000, 0x10000000, |
||
172 | 0x10002000, 0x00000008, 0x10200008, 0x00202000, 0x10202008, 0x00200000, 0x00002008, 0x10000008, |
||
173 | 0x00200000, 0x10002000, 0x10000000, 0x00002008, 0x10000008, 0x10202008, 0x00202000, 0x10200000, |
||
174 | 0x00202008, 0x10202000, 0x00000000, 0x10200008, 0x00000008, 0x00002000, 0x10200000, 0x00202008, |
||
175 | 0x00002000, 0x00200008, 0x10002008, 0x00000000, 0x10202000, 0x10000000, 0x00200008, 0x10002008, |
||
176 | }, |
||
177 | { |
||
178 | 0x00100000, 0x02100001, 0x02000401, 0x00000000, 0x00000400, 0x02000401, 0x00100401, 0x02100400, |
||
179 | 0x02100401, 0x00100000, 0x00000000, 0x02000001, 0x00000001, 0x02000000, 0x02100001, 0x00000401, |
||
180 | 0x02000400, 0x00100401, 0x00100001, 0x02000400, 0x02000001, 0x02100000, 0x02100400, 0x00100001, |
||
181 | 0x02100000, 0x00000400, 0x00000401, 0x02100401, 0x00100400, 0x00000001, 0x02000000, 0x00100400, |
||
182 | 0x02000000, 0x00100400, 0x00100000, 0x02000401, 0x02000401, 0x02100001, 0x02100001, 0x00000001, |
||
183 | 0x00100001, 0x02000000, 0x02000400, 0x00100000, 0x02100400, 0x00000401, 0x00100401, 0x02100400, |
||
184 | 0x00000401, 0x02000001, 0x02100401, 0x02100000, 0x00100400, 0x00000000, 0x00000001, 0x02100401, |
||
185 | 0x00000000, 0x00100401, 0x02100000, 0x00000400, 0x02000001, 0x02000400, 0x00000400, 0x00100001, |
||
186 | }, |
||
187 | { |
||
188 | 0x08000820, 0x00000800, 0x00020000, 0x08020820, 0x08000000, 0x08000820, 0x00000020, 0x08000000, |
||
189 | 0x00020020, 0x08020000, 0x08020820, 0x00020800, 0x08020800, 0x00020820, 0x00000800, 0x00000020, |
||
190 | 0x08020000, 0x08000020, 0x08000800, 0x00000820, 0x00020800, 0x00020020, 0x08020020, 0x08020800, |
||
191 | 0x00000820, 0x00000000, 0x00000000, 0x08020020, 0x08000020, 0x08000800, 0x00020820, 0x00020000, |
||
192 | 0x00020820, 0x00020000, 0x08020800, 0x00000800, 0x00000020, 0x08020020, 0x00000800, 0x00020820, |
||
193 | 0x08000800, 0x00000020, 0x08000020, 0x08020000, 0x08020020, 0x08000000, 0x00020000, 0x08000820, |
||
194 | 0x00000000, 0x08020820, 0x00020020, 0x08000020, 0x08020000, 0x08000800, 0x08000820, 0x00000000, |
||
195 | 0x08020820, 0x00020800, 0x00020800, 0x00000820, 0x00000820, 0x00020020, 0x08000000, 0x08020800, |
||
196 | }, |
||
197 | }; |
||
198 | #endif |
||
199 | |||
200 | static uint64_t shuffle(uint64_t in, const uint8_t *shuffle, int shuffle_len) { |
||
201 | int i; |
||
202 | uint64_t res = 0; |
||
203 | for (i = 0; i < shuffle_len; i++) |
||
204 | res += res + ((in >> *shuffle++) & 1); |
||
205 | return res; |
||
206 | } |
||
207 | |||
208 | static uint64_t shuffle_inv(uint64_t in, const uint8_t *shuffle, int shuffle_len) { |
||
209 | int i; |
||
210 | uint64_t res = 0; |
||
211 | shuffle += shuffle_len - 1; |
||
212 | for (i = 0; i < shuffle_len; i++) { |
||
213 | res |= (in & 1) << *shuffle--; |
||
214 | in >>= 1; |
||
215 | } |
||
216 | return res; |
||
217 | } |
||
218 | |||
219 | static uint32_t f_func(uint32_t r, uint64_t k) { |
||
220 | int i; |
||
221 | uint32_t out = 0; |
||
222 | // rotate to get first part of E-shuffle in the lowest 6 bits |
||
223 | r = (r << 1) | (r >> 31); |
||
224 | // apply S-boxes, those compress the data again from 8 * 6 to 8 * 4 bits |
||
225 | for (i = 7; i >= 0; i--) { |
||
226 | uint8_t tmp = (r ^ k) & 0x3f; |
||
227 | #if CONFIG_SMALL |
||
228 | uint8_t v = S_boxes[i][tmp >> 1]; |
||
229 | if (tmp & 1) v >>= 4; |
||
230 | out = (out >> 4) | (v << 28); |
||
231 | #else |
||
232 | out |= S_boxes_P_shuffle[i][tmp]; |
||
233 | #endif |
||
234 | // get next 6 bits of E-shuffle and round key k into the lowest bits |
||
235 | r = (r >> 4) | (r << 28); |
||
236 | k >>= 6; |
||
237 | } |
||
238 | #if CONFIG_SMALL |
||
239 | out = shuffle(out, P_shuffle, sizeof(P_shuffle)); |
||
240 | #endif |
||
241 | return out; |
||
242 | } |
||
243 | |||
244 | /** |
||
245 | * @brief rotate the two halves of the expanded 56 bit key each 1 bit left |
||
246 | * |
||
247 | * Note: the specification calls this "shift", so I kept it although |
||
248 | * it is confusing. |
||
249 | */ |
||
250 | static uint64_t key_shift_left(uint64_t CDn) { |
||
251 | uint64_t carries = (CDn >> 27) & 0x10000001; |
||
252 | CDn <<= 1; |
||
253 | CDn &= ~0x10000001; |
||
254 | CDn |= carries; |
||
255 | return CDn; |
||
256 | } |
||
257 | |||
258 | static void gen_roundkeys(uint64_t K[16], uint64_t key) { |
||
259 | int i; |
||
260 | // discard parity bits from key and shuffle it into C and D parts |
||
261 | uint64_t CDn = shuffle(key, PC1_shuffle, sizeof(PC1_shuffle)); |
||
262 | // generate round keys |
||
263 | for (i = 0; i < 16; i++) { |
||
264 | CDn = key_shift_left(CDn); |
||
265 | if (i > 1 && i != 8 && i != 15) |
||
266 | CDn = key_shift_left(CDn); |
||
267 | K[i] = shuffle(CDn, PC2_shuffle, sizeof(PC2_shuffle)); |
||
268 | } |
||
269 | } |
||
270 | |||
271 | static uint64_t des_encdec(uint64_t in, uint64_t K[16], int decrypt) { |
||
272 | int i; |
||
273 | // used to apply round keys in reverse order for decryption |
||
274 | decrypt = decrypt ? 15 : 0; |
||
275 | // shuffle irrelevant to security but to ease hardware implementations |
||
276 | in = shuffle(in, IP_shuffle, sizeof(IP_shuffle)); |
||
277 | for (i = 0; i < 16; i++) { |
||
278 | uint32_t f_res; |
||
279 | f_res = f_func(in, K[decrypt ^ i]); |
||
280 | in = (in << 32) | (in >> 32); |
||
281 | in ^= f_res; |
||
282 | } |
||
283 | in = (in << 32) | (in >> 32); |
||
284 | // reverse shuffle used to ease hardware implementations |
||
285 | in = shuffle_inv(in, IP_shuffle, sizeof(IP_shuffle)); |
||
286 | return in; |
||
287 | } |
||
288 | |||
289 | int av_des_init(AVDES *d, const uint8_t *key, int key_bits, av_unused int decrypt) { |
||
290 | if (key_bits != 64 && key_bits != 192) |
||
291 | return -1; |
||
292 | d->triple_des = key_bits > 64; |
||
293 | gen_roundkeys(d->round_keys[0], AV_RB64(key)); |
||
294 | if (d->triple_des) { |
||
295 | gen_roundkeys(d->round_keys[1], AV_RB64(key + 8)); |
||
296 | gen_roundkeys(d->round_keys[2], AV_RB64(key + 16)); |
||
297 | } |
||
298 | return 0; |
||
299 | } |
||
300 | |||
301 | static void av_des_crypt_mac(AVDES *d, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt, int mac) { |
||
302 | uint64_t iv_val = iv ? AV_RB64(iv) : 0; |
||
303 | while (count-- > 0) { |
||
304 | uint64_t dst_val; |
||
305 | uint64_t src_val = src ? AV_RB64(src) : 0; |
||
306 | if (decrypt) { |
||
307 | uint64_t tmp = src_val; |
||
308 | if (d->triple_des) { |
||
309 | src_val = des_encdec(src_val, d->round_keys[2], 1); |
||
310 | src_val = des_encdec(src_val, d->round_keys[1], 0); |
||
311 | } |
||
312 | dst_val = des_encdec(src_val, d->round_keys[0], 1) ^ iv_val; |
||
313 | iv_val = iv ? tmp : 0; |
||
314 | } else { |
||
315 | dst_val = des_encdec(src_val ^ iv_val, d->round_keys[0], 0); |
||
316 | if (d->triple_des) { |
||
317 | dst_val = des_encdec(dst_val, d->round_keys[1], 1); |
||
318 | dst_val = des_encdec(dst_val, d->round_keys[2], 0); |
||
319 | } |
||
320 | iv_val = iv ? dst_val : 0; |
||
321 | } |
||
322 | AV_WB64(dst, dst_val); |
||
323 | src += 8; |
||
324 | if (!mac) |
||
325 | dst += 8; |
||
326 | } |
||
327 | if (iv) |
||
328 | AV_WB64(iv, iv_val); |
||
329 | } |
||
330 | |||
331 | void av_des_crypt(AVDES *d, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt) { |
||
332 | av_des_crypt_mac(d, dst, src, count, iv, decrypt, 0); |
||
333 | } |
||
334 | |||
335 | void av_des_mac(AVDES *d, uint8_t *dst, const uint8_t *src, int count) { |
||
336 | av_des_crypt_mac(d, dst, src, count, (uint8_t[8]){0}, 0, 1); |
||
337 | } |
||
338 | |||
339 | #ifdef TEST |
||
340 | #include |
||
341 | #include |
||
342 | |||
343 | #include "time.h" |
||
344 | |||
345 | static uint64_t rand64(void) { |
||
346 | uint64_t r = rand(); |
||
347 | r = (r << 32) | rand(); |
||
348 | return r; |
||
349 | } |
||
350 | |||
351 | static const uint8_t test_key[] = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}; |
||
352 | static const DECLARE_ALIGNED(8, uint8_t, plain)[] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}; |
||
353 | static const DECLARE_ALIGNED(8, uint8_t, crypt)[] = {0x4a, 0xb6, 0x5b, 0x3d, 0x4b, 0x06, 0x15, 0x18}; |
||
354 | static DECLARE_ALIGNED(8, uint8_t, tmp)[8]; |
||
355 | static DECLARE_ALIGNED(8, uint8_t, large_buffer)[10002][8]; |
||
356 | static const uint8_t cbc_key[] = { |
||
357 | 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, |
||
358 | 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, |
||
359 | 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23 |
||
360 | }; |
||
361 | |||
362 | static int run_test(int cbc, int decrypt) { |
||
363 | AVDES d; |
||
364 | int delay = cbc && !decrypt ? 2 : 1; |
||
365 | uint64_t res; |
||
366 | AV_WB64(large_buffer[0], 0x4e6f772069732074ULL); |
||
367 | AV_WB64(large_buffer[1], 0x1234567890abcdefULL); |
||
368 | AV_WB64(tmp, 0x1234567890abcdefULL); |
||
369 | av_des_init(&d, cbc_key, 192, decrypt); |
||
370 | av_des_crypt(&d, large_buffer[delay], large_buffer[0], 10000, cbc ? tmp : NULL, decrypt); |
||
371 | res = AV_RB64(large_buffer[9999 + delay]); |
||
372 | if (cbc) { |
||
373 | if (decrypt) |
||
374 | return res == 0xc5cecf63ecec514cULL; |
||
375 | else |
||
376 | return res == 0xcb191f85d1ed8439ULL; |
||
377 | } else { |
||
378 | if (decrypt) |
||
379 | return res == 0x8325397644091a0aULL; |
||
380 | else |
||
381 | return res == 0xdd17e8b8b437d232ULL; |
||
382 | } |
||
383 | } |
||
384 | |||
385 | int main(void) { |
||
386 | AVDES d; |
||
387 | int i; |
||
388 | #ifdef GENTABLES |
||
389 | int j; |
||
390 | #endif |
||
391 | uint64_t key[3]; |
||
392 | uint64_t data; |
||
393 | uint64_t ct; |
||
394 | uint64_t roundkeys[16]; |
||
395 | srand(av_gettime()); |
||
396 | key[0] = AV_RB64(test_key); |
||
397 | data = AV_RB64(plain); |
||
398 | gen_roundkeys(roundkeys, key[0]); |
||
399 | if (des_encdec(data, roundkeys, 0) != AV_RB64(crypt)) { |
||
400 | printf("Test 1 failed\n"); |
||
401 | return 1; |
||
402 | } |
||
403 | av_des_init(&d, test_key, 64, 0); |
||
404 | av_des_crypt(&d, tmp, plain, 1, NULL, 0); |
||
405 | if (memcmp(tmp, crypt, sizeof(crypt))) { |
||
406 | printf("Public API decryption failed\n"); |
||
407 | return 1; |
||
408 | } |
||
409 | if (!run_test(0, 0) || !run_test(0, 1) || !run_test(1, 0) || !run_test(1, 1)) { |
||
410 | printf("Partial Monte-Carlo test failed\n"); |
||
411 | return 1; |
||
412 | } |
||
413 | for (i = 0; i < 1000; i++) { |
||
414 | key[0] = rand64(); key[1] = rand64(); key[2] = rand64(); |
||
415 | data = rand64(); |
||
416 | av_des_init(&d, (uint8_t*)key, 192, 0); |
||
417 | av_des_crypt(&d, (uint8_t*)&ct, (uint8_t*)&data, 1, NULL, 0); |
||
418 | av_des_init(&d, (uint8_t*)key, 192, 1); |
||
419 | av_des_crypt(&d, (uint8_t*)&ct, (uint8_t*)&ct, 1, NULL, 1); |
||
420 | if (ct != data) { |
||
421 | printf("Test 2 failed\n"); |
||
422 | return 1; |
||
423 | } |
||
424 | } |
||
425 | #ifdef GENTABLES |
||
426 | printf("static const uint32_t S_boxes_P_shuffle[8][64] = {\n"); |
||
427 | for (i = 0; i < 8; i++) { |
||
428 | printf(" {"); |
||
429 | for (j = 0; j < 64; j++) { |
||
430 | uint32_t v = S_boxes[i][j >> 1]; |
||
431 | v = j & 1 ? v >> 4 : v & 0xf; |
||
432 | v <<= 28 - 4 * i; |
||
433 | v = shuffle(v, P_shuffle, sizeof(P_shuffle)); |
||
434 | printf((j & 7) == 0 ? "\n " : " "); |
||
435 | printf("0x%08X,", v); |
||
436 | } |
||
437 | printf("\n },\n"); |
||
438 | } |
||
439 | printf("};\n"); |
||
440 | #endif |
||
441 | return 0; |
||
442 | } |
||
443 | #endif=><=>>>>><>><>><>>>=><=>><>><>><>><>>> |