]>
Commit | Line | Data |
---|---|---|
8580b989 JM |
1 | //Paul Tero, July 2001 |
2 | //http://www.tero.co.uk/des/ | |
3 | // | |
4 | //Optimised for performance with large blocks by Michael Hayworth, November 2001 | |
5 | //http://www.netdealing.com | |
6 | // | |
7 | //THIS SOFTWARE IS PROVIDED "AS IS" AND | |
8 | //ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
9 | //IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
10 | //ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
11 | //FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
12 | //DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
13 | //OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
14 | //HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
15 | //LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
16 | //OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
17 | //SUCH DAMAGE. | |
18 | ||
19 | ||
20 | //des | |
21 | //this takes the key (byte array), the message (byte array), and whether to encrypt or decrypt | |
22 | function des (key, message, encrypt, mode, iv, padding) { | |
23 | //declaring this locally speeds things up a bit | |
24 | var spfunction1 = new Array (0x1010400,0,0x10000,0x1010404,0x1010004,0x10404,0x4,0x10000,0x400,0x1010400,0x1010404,0x400,0x1000404,0x1010004,0x1000000,0x4,0x404,0x1000400,0x1000400,0x10400,0x10400,0x1010000,0x1010000,0x1000404,0x10004,0x1000004,0x1000004,0x10004,0,0x404,0x10404,0x1000000,0x10000,0x1010404,0x4,0x1010000,0x1010400,0x1000000,0x1000000,0x400,0x1010004,0x10000,0x10400,0x1000004,0x400,0x4,0x1000404,0x10404,0x1010404,0x10004,0x1010000,0x1000404,0x1000004,0x404,0x10404,0x1010400,0x404,0x1000400,0x1000400,0,0x10004,0x10400,0,0x1010004); | |
25 | var spfunction2 = new Array (-0x7fef7fe0,-0x7fff8000,0x8000,0x108020,0x100000,0x20,-0x7fefffe0,-0x7fff7fe0,-0x7fffffe0,-0x7fef7fe0,-0x7fef8000,-0x80000000,-0x7fff8000,0x100000,0x20,-0x7fefffe0,0x108000,0x100020,-0x7fff7fe0,0,-0x80000000,0x8000,0x108020,-0x7ff00000,0x100020,-0x7fffffe0,0,0x108000,0x8020,-0x7fef8000,-0x7ff00000,0x8020,0,0x108020,-0x7fefffe0,0x100000,-0x7fff7fe0,-0x7ff00000,-0x7fef8000,0x8000,-0x7ff00000,-0x7fff8000,0x20,-0x7fef7fe0,0x108020,0x20,0x8000,-0x80000000,0x8020,-0x7fef8000,0x100000,-0x7fffffe0,0x100020,-0x7fff7fe0,-0x7fffffe0,0x100020,0x108000,0,-0x7fff8000,0x8020,-0x80000000,-0x7fefffe0,-0x7fef7fe0,0x108000); | |
26 | var spfunction3 = new Array (0x208,0x8020200,0,0x8020008,0x8000200,0,0x20208,0x8000200,0x20008,0x8000008,0x8000008,0x20000,0x8020208,0x20008,0x8020000,0x208,0x8000000,0x8,0x8020200,0x200,0x20200,0x8020000,0x8020008,0x20208,0x8000208,0x20200,0x20000,0x8000208,0x8,0x8020208,0x200,0x8000000,0x8020200,0x8000000,0x20008,0x208,0x20000,0x8020200,0x8000200,0,0x200,0x20008,0x8020208,0x8000200,0x8000008,0x200,0,0x8020008,0x8000208,0x20000,0x8000000,0x8020208,0x8,0x20208,0x20200,0x8000008,0x8020000,0x8000208,0x208,0x8020000,0x20208,0x8,0x8020008,0x20200); | |
27 | var spfunction4 = new Array (0x802001,0x2081,0x2081,0x80,0x802080,0x800081,0x800001,0x2001,0,0x802000,0x802000,0x802081,0x81,0,0x800080,0x800001,0x1,0x2000,0x800000,0x802001,0x80,0x800000,0x2001,0x2080,0x800081,0x1,0x2080,0x800080,0x2000,0x802080,0x802081,0x81,0x800080,0x800001,0x802000,0x802081,0x81,0,0,0x802000,0x2080,0x800080,0x800081,0x1,0x802001,0x2081,0x2081,0x80,0x802081,0x81,0x1,0x2000,0x800001,0x2001,0x802080,0x800081,0x2001,0x2080,0x800000,0x802001,0x80,0x800000,0x2000,0x802080); | |
28 | var spfunction5 = new Array (0x100,0x2080100,0x2080000,0x42000100,0x80000,0x100,0x40000000,0x2080000,0x40080100,0x80000,0x2000100,0x40080100,0x42000100,0x42080000,0x80100,0x40000000,0x2000000,0x40080000,0x40080000,0,0x40000100,0x42080100,0x42080100,0x2000100,0x42080000,0x40000100,0,0x42000000,0x2080100,0x2000000,0x42000000,0x80100,0x80000,0x42000100,0x100,0x2000000,0x40000000,0x2080000,0x42000100,0x40080100,0x2000100,0x40000000,0x42080000,0x2080100,0x40080100,0x100,0x2000000,0x42080000,0x42080100,0x80100,0x42000000,0x42080100,0x2080000,0,0x40080000,0x42000000,0x80100,0x2000100,0x40000100,0x80000,0,0x40080000,0x2080100,0x40000100); | |
29 | var spfunction6 = new Array (0x20000010,0x20400000,0x4000,0x20404010,0x20400000,0x10,0x20404010,0x400000,0x20004000,0x404010,0x400000,0x20000010,0x400010,0x20004000,0x20000000,0x4010,0,0x400010,0x20004010,0x4000,0x404000,0x20004010,0x10,0x20400010,0x20400010,0,0x404010,0x20404000,0x4010,0x404000,0x20404000,0x20000000,0x20004000,0x10,0x20400010,0x404000,0x20404010,0x400000,0x4010,0x20000010,0x400000,0x20004000,0x20000000,0x4010,0x20000010,0x20404010,0x404000,0x20400000,0x404010,0x20404000,0,0x20400010,0x10,0x4000,0x20400000,0x404010,0x4000,0x400010,0x20004010,0,0x20404000,0x20000000,0x400010,0x20004010); | |
30 | var spfunction7 = new Array (0x200000,0x4200002,0x4000802,0,0x800,0x4000802,0x200802,0x4200800,0x4200802,0x200000,0,0x4000002,0x2,0x4000000,0x4200002,0x802,0x4000800,0x200802,0x200002,0x4000800,0x4000002,0x4200000,0x4200800,0x200002,0x4200000,0x800,0x802,0x4200802,0x200800,0x2,0x4000000,0x200800,0x4000000,0x200800,0x200000,0x4000802,0x4000802,0x4200002,0x4200002,0x2,0x200002,0x4000000,0x4000800,0x200000,0x4200800,0x802,0x200802,0x4200800,0x802,0x4000002,0x4200802,0x4200000,0x200800,0,0x2,0x4200802,0,0x200802,0x4200000,0x800,0x4000002,0x4000800,0x800,0x200002); | |
31 | var spfunction8 = new Array (0x10001040,0x1000,0x40000,0x10041040,0x10000000,0x10001040,0x40,0x10000000,0x40040,0x10040000,0x10041040,0x41000,0x10041000,0x41040,0x1000,0x40,0x10040000,0x10000040,0x10001000,0x1040,0x41000,0x40040,0x10040040,0x10041000,0x1040,0,0,0x10040040,0x10000040,0x10001000,0x41040,0x40000,0x41040,0x40000,0x10041000,0x1000,0x40,0x10040040,0x1000,0x41040,0x10001000,0x40,0x10000040,0x10040000,0x10040040,0x10000000,0x40000,0x10001040,0,0x10041040,0x40040,0x10000040,0x10040000,0x10001000,0x10001040,0,0x10041040,0x41000,0x41000,0x1040,0x1040,0x40040,0x10000000,0x10041000); | |
32 | ||
33 | //create the 16 or 48 subkeys we will need | |
34 | var keys = des_createKeys (key); | |
35 | var m=0, i, j, temp, temp2, right1, right2, left, right, looping; | |
36 | var cbcleft, cbcleft2, cbcright, cbcright2 | |
37 | var endloop, loopinc; | |
38 | var len = message.length; | |
39 | var chunk = 0; | |
40 | //set up the loops for single and triple des | |
41 | var iterations = keys.length == 32 ? 3 : 9; //single or triple des | |
42 | if (iterations == 3) {looping = encrypt ? new Array (0, 32, 2) : new Array (30, -2, -2);} | |
43 | else {looping = encrypt ? new Array (0, 32, 2, 62, 30, -2, 64, 96, 2) : new Array (94, 62, -2, 32, 64, 2, 30, -2, -2);} | |
44 | ||
45 | //pad the message depending on the padding parameter | |
46 | if (padding == 2) { | |
47 | for (var i=0; i<8; i++) { message.push(" "); } //pad the message with spaces | |
48 | } else if (padding == 1) { | |
49 | temp = 8-(len%8); | |
50 | for (var i=0; i<8; i++) { message.push(temp); }; | |
51 | if (temp==8) len+=8; //PKCS7 padding | |
52 | } else if (!padding) { | |
53 | for (var i=0; i<8; i++) { message.push(0); } //pad the message out with null bytes | |
54 | } | |
55 | ||
56 | //store the result here | |
57 | result = []; | |
58 | tempresult = []; | |
59 | ||
60 | if (mode == 1) { //CBC mode | |
61 | cbcleft = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++); | |
62 | cbcright = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++); | |
63 | m=0; | |
64 | } | |
65 | ||
66 | //loop through each 64 bit chunk of the message | |
67 | while (m < len) { | |
68 | left = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; | |
69 | right = (message[m++] << 24) | (message[m++] << 16) | (message[m++] << 8) | message[m++]; | |
70 | ||
71 | //for Cipher Block Chaining mode, xor the message with the previous result | |
72 | if (mode == 1) {if (encrypt) {left ^= cbcleft; right ^= cbcright;} else {cbcleft2 = cbcleft; cbcright2 = cbcright; cbcleft = left; cbcright = right;}} | |
73 | ||
74 | //first each 64 but chunk of the message must be permuted according to IP | |
75 | temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); | |
76 | temp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= temp; left ^= (temp << 16); | |
77 | temp = ((right >>> 2) ^ left) & 0x33333333; left ^= temp; right ^= (temp << 2); | |
78 | temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); | |
79 | temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); | |
80 | ||
81 | left = ((left << 1) | (left >>> 31)); | |
82 | right = ((right << 1) | (right >>> 31)); | |
83 | ||
84 | //do this either 1 or 3 times for each chunk of the message | |
85 | for (j=0; j<iterations; j+=3) { | |
86 | endloop = looping[j+1]; | |
87 | loopinc = looping[j+2]; | |
88 | //now go through and perform the encryption or decryption | |
89 | for (i=looping[j]; i!=endloop; i+=loopinc) { //for efficiency | |
90 | right1 = right ^ keys[i]; | |
91 | right2 = ((right >>> 4) | (right << 28)) ^ keys[i+1]; | |
92 | //the result is attained by passing these bytes through the S selection functions | |
93 | temp = left; | |
94 | left = right; | |
95 | right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | |
96 | | spfunction6[(right1 >>> 8) & 0x3f] | spfunction8[right1 & 0x3f] | |
97 | | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & 0x3f] | |
98 | | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); | |
99 | } | |
100 | temp = left; left = right; right = temp; //unreverse left and right | |
101 | } //for either 1 or 3 iterations | |
102 | ||
103 | //move then each one bit to the right | |
104 | left = ((left >>> 1) | (left << 31)); | |
105 | right = ((right >>> 1) | (right << 31)); | |
106 | ||
107 | //now perform IP-1, which is IP in the opposite direction | |
108 | temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); | |
109 | temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); | |
110 | temp = ((right >>> 2) ^ left) & 0x33333333; left ^= temp; right ^= (temp << 2); | |
111 | temp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= temp; left ^= (temp << 16); | |
112 | temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); | |
113 | ||
114 | //for Cipher Block Chaining mode, xor the message with the previous result | |
115 | if (mode == 1) {if (encrypt) {cbcleft = left; cbcright = right;} else {left ^= cbcleft2; right ^= cbcright2;}} | |
116 | tempresult = tempresult.concat([(left>>>24), ((left>>>16) & 0xff), ((left>>>8) & 0xff), (left & 0xff), (right>>>24), ((right>>>16) & 0xff), ((right>>>8) & 0xff), (right & 0xff)]); | |
117 | ||
118 | chunk += 8; | |
119 | if (chunk == 512) {result = result.concat(tempresult); tempresult = []; chunk = 0;} | |
120 | } //for every 8 characters, or 64 bits in the message | |
121 | ||
122 | //return the result as an array | |
123 | return result.concat(tempresult); | |
124 | } //end of des | |
125 | ||
126 | ||
127 | ||
128 | //des_createKeys | |
129 | //this takes as input a 64 bit key (even though only 56 bits are used) | |
130 | //as an array of 2 integers, and returns 16 48 bit keys | |
131 | function des_createKeys (key) { | |
132 | //declaring this locally speeds things up a bit | |
133 | pc2bytes0 = new Array (0,0x4,0x20000000,0x20000004,0x10000,0x10004,0x20010000,0x20010004,0x200,0x204,0x20000200,0x20000204,0x10200,0x10204,0x20010200,0x20010204); | |
134 | pc2bytes1 = new Array (0,0x1,0x100000,0x100001,0x4000000,0x4000001,0x4100000,0x4100001,0x100,0x101,0x100100,0x100101,0x4000100,0x4000101,0x4100100,0x4100101); | |
135 | pc2bytes2 = new Array (0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808,0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808); | |
136 | pc2bytes3 = new Array (0,0x200000,0x8000000,0x8200000,0x2000,0x202000,0x8002000,0x8202000,0x20000,0x220000,0x8020000,0x8220000,0x22000,0x222000,0x8022000,0x8222000); | |
137 | pc2bytes4 = new Array (0,0x40000,0x10,0x40010,0,0x40000,0x10,0x40010,0x1000,0x41000,0x1010,0x41010,0x1000,0x41000,0x1010,0x41010); | |
138 | pc2bytes5 = new Array (0,0x400,0x20,0x420,0,0x400,0x20,0x420,0x2000000,0x2000400,0x2000020,0x2000420,0x2000000,0x2000400,0x2000020,0x2000420); | |
139 | pc2bytes6 = new Array (0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002,0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002); | |
140 | pc2bytes7 = new Array (0,0x10000,0x800,0x10800,0x20000000,0x20010000,0x20000800,0x20010800,0x20000,0x30000,0x20800,0x30800,0x20020000,0x20030000,0x20020800,0x20030800); | |
141 | pc2bytes8 = new Array (0,0x40000,0,0x40000,0x2,0x40002,0x2,0x40002,0x2000000,0x2040000,0x2000000,0x2040000,0x2000002,0x2040002,0x2000002,0x2040002); | |
142 | pc2bytes9 = new Array (0,0x10000000,0x8,0x10000008,0,0x10000000,0x8,0x10000008,0x400,0x10000400,0x408,0x10000408,0x400,0x10000400,0x408,0x10000408); | |
143 | pc2bytes10 = new Array (0,0x20,0,0x20,0x100000,0x100020,0x100000,0x100020,0x2000,0x2020,0x2000,0x2020,0x102000,0x102020,0x102000,0x102020); | |
144 | pc2bytes11 = new Array (0,0x1000000,0x200,0x1000200,0x200000,0x1200000,0x200200,0x1200200,0x4000000,0x5000000,0x4000200,0x5000200,0x4200000,0x5200000,0x4200200,0x5200200); | |
145 | pc2bytes12 = new Array (0,0x1000,0x8000000,0x8001000,0x80000,0x81000,0x8080000,0x8081000,0x10,0x1010,0x8000010,0x8001010,0x80010,0x81010,0x8080010,0x8081010); | |
146 | pc2bytes13 = new Array (0,0x4,0x100,0x104,0,0x4,0x100,0x104,0x1,0x5,0x101,0x105,0x1,0x5,0x101,0x105); | |
147 | ||
148 | //how many iterations (1 for des, 3 for triple des) | |
149 | var iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys | |
150 | //stores the return keys | |
151 | var keys = new Array (32 * iterations); | |
152 | //now define the left shifts which need to be done | |
153 | var shifts = new Array (0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0); | |
154 | //other variables | |
155 | var lefttemp, righttemp, m=0, n=0, temp; | |
156 | ||
157 | for (var j=0; j<iterations; j++) { //either 1 or 3 iterations | |
158 | left = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; | |
159 | right = (key[m++] << 24) | (key[m++] << 16) | (key[m++] << 8) | key[m++]; | |
160 | ||
161 | temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); | |
162 | temp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= temp; right ^= (temp << -16); | |
163 | temp = ((left >>> 2) ^ right) & 0x33333333; right ^= temp; left ^= (temp << 2); | |
164 | temp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= temp; right ^= (temp << -16); | |
165 | temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); | |
166 | temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); | |
167 | temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); | |
168 | ||
169 | //the right side needs to be shifted and to get the last four bits of the left side | |
170 | temp = (left << 8) | ((right >>> 20) & 0x000000f0); | |
171 | //left needs to be put upside down | |
172 | left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); | |
173 | right = temp; | |
174 | ||
175 | //now go through and perform these shifts on the left and right keys | |
176 | for (var i=0; i < shifts.length; i++) { | |
177 | //shift the keys either one or two bits to the left | |
178 | if (shifts[i]) {left = (left << 2) | (left >>> 26); right = (right << 2) | (right >>> 26);} | |
179 | else {left = (left << 1) | (left >>> 27); right = (right << 1) | (right >>> 27);} | |
180 | left &= -0xf; right &= -0xf; | |
181 | ||
182 | //now apply PC-2, in such a way that E is easier when encrypting or decrypting | |
183 | //this conversion will look like PC-2 except only the last 6 bits of each byte are used | |
184 | //rather than 48 consecutive bits and the order of lines will be according to | |
185 | //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 | |
186 | lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | |
187 | | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] | |
188 | | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | |
189 | | pc2bytes6[(left >>> 4) & 0xf]; | |
190 | righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | |
191 | | pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] | |
192 | | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | |
193 | | pc2bytes13[(right >>> 4) & 0xf]; | |
194 | temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; | |
195 | keys[n++] = lefttemp ^ temp; keys[n++] = righttemp ^ (temp << 16); | |
196 | } | |
197 | } //for each iterations | |
198 | //return the keys we've created | |
199 | return keys; | |
200 | } //end of des_createKeys | |
201 | ||
202 | ||
203 | ||
204 | ////////////////////////////// TEST ////////////////////////////// | |
205 | function stringToHex (s) { | |
206 | var r = "0x"; | |
207 | var hexes = new Array ("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f"); | |
208 | for (var i=0; i<s.length; i++) {r += hexes [s.charCodeAt(i) >> 4] + hexes [s.charCodeAt(i) & 0xf];} | |
209 | return r; | |
210 | } | |
211 | ||
212 | function hexToString (h) { | |
213 | var r = ""; | |
214 | for (var i= (h.substr(0, 2)=="0x")?2:0; i<h.length; i+=2) {r += String.fromCharCode (parseInt (h.substr (i, 2), 16));} | |
215 | return r; | |
216 | } | |
217 | ||
218 | /* | |
219 | var key = "this is a 24 byte key !!"; | |
220 | var message = "This is a test message"; | |
221 | var ciphertext = des (key, message, 1, 0); | |
222 | document.writeln ("DES Test: " + stringToHex (ciphertext)); | |
223 | */ |