core/des.js

   1 /*
   2  * Ported from Flashlight VNC ActionScript implementation:
   3  *     http://www.wizhelp.com/flashlight-vnc/
   4  *
   5  * Full attribution follows:
   6  *
   7  * -------------------------------------------------------------------------
   8  *
   9  * This DES class has been extracted from package Acme.Crypto for use in VNC.
  10  * The unnecessary odd parity code has been removed.
  11  *
  12  * These changes are:
  13  *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
  14  *
  15  * This software is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  18  *
  19
  20  * DesCipher - the DES encryption method
  21  *
  22  * The meat of this code is by Dave Zimmerman <dzimm@widget.com>, and is:
  23  *
  24  * Copyright (c) 1996 Widget Workshop, Inc. All Rights Reserved.
  25  *
  26  * Permission to use, copy, modify, and distribute this software
  27  * and its documentation for NON-COMMERCIAL or COMMERCIAL purposes and
  28  * without fee is hereby granted, provided that this copyright notice is kept
  29  * intact.
  30  *
  31  * WIDGET WORKSHOP MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY
  32  * OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
  33  * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
  34  * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WIDGET WORKSHOP SHALL NOT BE LIABLE
  35  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
  36  * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
  37  *
  38  * THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE
  39  * CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE
  40  * PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT
  41  * NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE
  42  * SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
  43  * SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE
  44  * PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES").  WIDGET WORKSHOP
  45  * SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR
  46  * HIGH RISK ACTIVITIES.
  47  *
  48  *
  49  * The rest is:
  50  *
  51  * Copyright (C) 1996 by Jef Poskanzer <jef@acme.com>.  All rights reserved.
  52  *
  53  * Redistribution and use in source and binary forms, with or without
  54  * modification, are permitted provided that the following conditions
  55  * are met:
  56  * 1. Redistributions of source code must retain the above copyright
  57  *    notice, this list of conditions and the following disclaimer.
  58  * 2. Redistributions in binary form must reproduce the above copyright
  59  *    notice, this list of conditions and the following disclaimer in the
  60  *    documentation and/or other materials provided with the distribution.
  61  *
  62  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  63  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  64  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  65  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  66  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  67  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  68  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  69  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  70  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  71  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  72  * SUCH DAMAGE.
  73  *
  74  * Visit the ACME Labs Java page for up-to-date versions of this and other
  75  * fine Java utilities: http://www.acme.com/java/
  76  */
  77
  78 /* eslint-disable comma-spacing */
  79
  80 // Tables, permutations, S-boxes, etc.
  81 const PC2 = [13,16,10,23, 0, 4, 2,27,14, 5,20, 9,22,18,11, 3,
  82              25, 7,15, 6,26,19,12, 1,40,51,30,36,46,54,29,39,
  83              50,44,32,47,43,48,38,55,33,52,45,41,49,35,28,31 ],
  84     totrot = [ 1, 2, 4, 6, 8,10,12,14,15,17,19,21,23,25,27,28];
  85
  86 const z = 0x0;
  87 let a,b,c,d,e,f;
  88 a=1<<16; b=1<<24; c=a|b; d=1<<2; e=1<<10; f=d|e;
  89 const SP1 = [c|e,z|z,a|z,c|f,c|d,a|f,z|d,a|z,z|e,c|e,c|f,z|e,b|f,c|d,b|z,z|d,
  90              z|f,b|e,b|e,a|e,a|e,c|z,c|z,b|f,a|d,b|d,b|d,a|d,z|z,z|f,a|f,b|z,
  91              a|z,c|f,z|d,c|z,c|e,b|z,b|z,z|e,c|d,a|z,a|e,b|d,z|e,z|d,b|f,a|f,
  92              c|f,a|d,c|z,b|f,b|d,z|f,a|f,c|e,z|f,b|e,b|e,z|z,a|d,a|e,z|z,c|d];
  93 a=1<<20; b=1<<31; c=a|b; d=1<<5; e=1<<15; f=d|e;
  94 const SP2 = [c|f,b|e,z|e,a|f,a|z,z|d,c|d,b|f,b|d,c|f,c|e,b|z,b|e,a|z,z|d,c|d,
  95              a|e,a|d,b|f,z|z,b|z,z|e,a|f,c|z,a|d,b|d,z|z,a|e,z|f,c|e,c|z,z|f,
  96              z|z,a|f,c|d,a|z,b|f,c|z,c|e,z|e,c|z,b|e,z|d,c|f,a|f,z|d,z|e,b|z,
  97              z|f,c|e,a|z,b|d,a|d,b|f,b|d,a|d,a|e,z|z,b|e,z|f,b|z,c|d,c|f,a|e];
  98 a=1<<17; b=1<<27; c=a|b; d=1<<3; e=1<<9; f=d|e;
  99 const SP3 = [z|f,c|e,z|z,c|d,b|e,z|z,a|f,b|e,a|d,b|d,b|d,a|z,c|f,a|d,c|z,z|f,
 100              b|z,z|d,c|e,z|e,a|e,c|z,c|d,a|f,b|f,a|e,a|z,b|f,z|d,c|f,z|e,b|z,
 101              c|e,b|z,a|d,z|f,a|z,c|e,b|e,z|z,z|e,a|d,c|f,b|e,b|d,z|e,z|z,c|d,
 102              b|f,a|z,b|z,c|f,z|d,a|f,a|e,b|d,c|z,b|f,z|f,c|z,a|f,z|d,c|d,a|e];
 103 a=1<<13; b=1<<23; c=a|b; d=1<<0; e=1<<7; f=d|e;
 104 const SP4 = [c|d,a|f,a|f,z|e,c|e,b|f,b|d,a|d,z|z,c|z,c|z,c|f,z|f,z|z,b|e,b|d,
 105              z|d,a|z,b|z,c|d,z|e,b|z,a|d,a|e,b|f,z|d,a|e,b|e,a|z,c|e,c|f,z|f,
 106              b|e,b|d,c|z,c|f,z|f,z|z,z|z,c|z,a|e,b|e,b|f,z|d,c|d,a|f,a|f,z|e,
 107              c|f,z|f,z|d,a|z,b|d,a|d,c|e,b|f,a|d,a|e,b|z,c|d,z|e,b|z,a|z,c|e];
 108 a=1<<25; b=1<<30; c=a|b; d=1<<8; e=1<<19; f=d|e;
 109 const SP5 = [z|d,a|f,a|e,c|d,z|e,z|d,b|z,a|e,b|f,z|e,a|d,b|f,c|d,c|e,z|f,b|z,
 110              a|z,b|e,b|e,z|z,b|d,c|f,c|f,a|d,c|e,b|d,z|z,c|z,a|f,a|z,c|z,z|f,
 111              z|e,c|d,z|d,a|z,b|z,a|e,c|d,b|f,a|d,b|z,c|e,a|f,b|f,z|d,a|z,c|e,
 112              c|f,z|f,c|z,c|f,a|e,z|z,b|e,c|z,z|f,a|d,b|d,z|e,z|z,b|e,a|f,b|d];
 113 a=1<<22; b=1<<29; c=a|b; d=1<<4; e=1<<14; f=d|e;
 114 const SP6 = [b|d,c|z,z|e,c|f,c|z,z|d,c|f,a|z,b|e,a|f,a|z,b|d,a|d,b|e,b|z,z|f,
 115              z|z,a|d,b|f,z|e,a|e,b|f,z|d,c|d,c|d,z|z,a|f,c|e,z|f,a|e,c|e,b|z,
 116              b|e,z|d,c|d,a|e,c|f,a|z,z|f,b|d,a|z,b|e,b|z,z|f,b|d,c|f,a|e,c|z,
 117              a|f,c|e,z|z,c|d,z|d,z|e,c|z,a|f,z|e,a|d,b|f,z|z,c|e,b|z,a|d,b|f];
 118 a=1<<21; b=1<<26; c=a|b; d=1<<1; e=1<<11; f=d|e;
 119 const SP7 = [a|z,c|d,b|f,z|z,z|e,b|f,a|f,c|e,c|f,a|z,z|z,b|d,z|d,b|z,c|d,z|f,
 120              b|e,a|f,a|d,b|e,b|d,c|z,c|e,a|d,c|z,z|e,z|f,c|f,a|e,z|d,b|z,a|e,
 121              b|z,a|e,a|z,b|f,b|f,c|d,c|d,z|d,a|d,b|z,b|e,a|z,c|e,z|f,a|f,c|e,
 122              z|f,b|d,c|f,c|z,a|e,z|z,z|d,c|f,z|z,a|f,c|z,z|e,b|d,b|e,z|e,a|d];
 123 a=1<<18; b=1<<28; c=a|b; d=1<<6; e=1<<12; f=d|e;
 124 const SP8 = [b|f,z|e,a|z,c|f,b|z,b|f,z|d,b|z,a|d,c|z,c|f,a|e,c|e,a|f,z|e,z|d,
 125              c|z,b|d,b|e,z|f,a|e,a|d,c|d,c|e,z|f,z|z,z|z,c|d,b|d,b|e,a|f,a|z,
 126              a|f,a|z,c|e,z|e,z|d,c|d,z|e,a|f,b|e,z|d,b|d,c|z,c|d,b|z,a|z,b|f,
 127              z|z,c|f,a|d,b|d,c|z,b|e,b|f,z|z,c|f,a|e,a|e,z|f,z|f,a|d,b|z,c|e];
 128
 129 /* eslint-enable comma-spacing */
 130
 131 export default class DES {
 132     constructor(password) {
 133         this.keys = [];
 134
 135         // Set the key.
 136         const pc1m = [], pcr = [], kn = [];
 137
 138         for (let j = 0, l = 56; j < 56; ++j, l -= 8) {
 139             l += l < -5 ? 65 : l < -3 ? 31 : l < -1 ? 63 : l === 27 ? 35 : 0; // PC1
 140             const m = l & 0x7;
 141             pc1m[j] = ((password[l >>> 3] & (1<<m)) !== 0) ? 1: 0;
 142         }
 143
 144         for (let i = 0; i < 16; ++i) {
 145             const m = i << 1;
 146             const n = m + 1;
 147             kn[m] = kn[n] = 0;
 148             for (let o = 28; o < 59; o += 28) {
 149                 for (let j = o - 28; j < o; ++j) {
 150                     const l = j + totrot[i];
 151                     pcr[j] = l < o ? pc1m[l] : pc1m[l - 28];
 152                 }
 153             }
 154             for (let j = 0; j < 24; ++j) {
 155                 if (pcr[PC2[j]] !== 0) {
 156                     kn[m] |= 1 << (23 - j);
 157                 }
 158                 if (pcr[PC2[j + 24]] !== 0) {
 159                     kn[n] |= 1 << (23 - j);
 160                 }
 161             }
 162         }
 163
 164         // cookey
 165         for (let i = 0, rawi = 0, KnLi = 0; i < 16; ++i) {
 166             const raw0 = kn[rawi++];
 167             const raw1 = kn[rawi++];
 168             this.keys[KnLi] = (raw0 & 0x00fc0000) << 6;
 169             this.keys[KnLi] |= (raw0 & 0x00000fc0) << 10;
 170             this.keys[KnLi] |= (raw1 & 0x00fc0000) >>> 10;
 171             this.keys[KnLi] |= (raw1 & 0x00000fc0) >>> 6;
 172             ++KnLi;
 173             this.keys[KnLi] = (raw0 & 0x0003f000) << 12;
 174             this.keys[KnLi] |= (raw0 & 0x0000003f) << 16;
 175             this.keys[KnLi] |= (raw1 & 0x0003f000) >>> 4;
 176             this.keys[KnLi] |= (raw1 & 0x0000003f);
 177             ++KnLi;
 178         }
 179     }
 180
 181     // Encrypt 8 bytes of text
 182     enc8(text) {
 183         const b = text.slice();
 184         let i = 0, l, r, x; // left, right, accumulator
 185
 186         // Squash 8 bytes to 2 ints
 187         l = b[i++]<<24 | b[i++]<<16 | b[i++]<<8 | b[i++];
 188         r = b[i++]<<24 | b[i++]<<16 | b[i++]<<8 | b[i++];
 189
 190         x = ((l >>> 4) ^ r) & 0x0f0f0f0f;
 191         r ^= x;
 192         l ^= (x << 4);
 193         x = ((l >>> 16) ^ r) & 0x0000ffff;
 194         r ^= x;
 195         l ^= (x << 16);
 196         x = ((r >>> 2) ^ l) & 0x33333333;
 197         l ^= x;
 198         r ^= (x << 2);
 199         x = ((r >>> 8) ^ l) & 0x00ff00ff;
 200         l ^= x;
 201         r ^= (x << 8);
 202         r = (r << 1) | ((r >>> 31) & 1);
 203         x = (l ^ r) & 0xaaaaaaaa;
 204         l ^= x;
 205         r ^= x;
 206         l = (l << 1) | ((l >>> 31) & 1);
 207
 208         for (let i = 0, keysi = 0; i < 8; ++i) {
 209             x = (r << 28) | (r >>> 4);
 210             x ^= this.keys[keysi++];
 211             let fval =  SP7[x & 0x3f];
 212             fval |= SP5[(x >>> 8) & 0x3f];
 213             fval |= SP3[(x >>> 16) & 0x3f];
 214             fval |= SP1[(x >>> 24) & 0x3f];
 215             x = r ^ this.keys[keysi++];
 216             fval |= SP8[x & 0x3f];
 217             fval |= SP6[(x >>> 8) & 0x3f];
 218             fval |= SP4[(x >>> 16) & 0x3f];
 219             fval |= SP2[(x >>> 24) & 0x3f];
 220             l ^= fval;
 221             x = (l << 28) | (l >>> 4);
 222             x ^= this.keys[keysi++];
 223             fval =  SP7[x & 0x3f];
 224             fval |= SP5[(x >>> 8) & 0x3f];
 225             fval |= SP3[(x >>> 16) & 0x3f];
 226             fval |= SP1[(x >>> 24) & 0x3f];
 227             x = l ^ this.keys[keysi++];
 228             fval |= SP8[x & 0x0000003f];
 229             fval |= SP6[(x >>> 8) & 0x3f];
 230             fval |= SP4[(x >>> 16) & 0x3f];
 231             fval |= SP2[(x >>> 24) & 0x3f];
 232             r ^= fval;
 233         }
 234
 235         r = (r << 31) | (r >>> 1);
 236         x = (l ^ r) & 0xaaaaaaaa;
 237         l ^= x;
 238         r ^= x;
 239         l = (l << 31) | (l >>> 1);
 240         x = ((l >>> 8) ^ r) & 0x00ff00ff;
 241         r ^= x;
 242         l ^= (x << 8);
 243         x = ((l >>> 2) ^ r) & 0x33333333;
 244         r ^= x;
 245         l ^= (x << 2);
 246         x = ((r >>> 16) ^ l) & 0x0000ffff;
 247         l ^= x;
 248         r ^= (x << 16);
 249         x = ((r >>> 4) ^ l) & 0x0f0f0f0f;
 250         l ^= x;
 251         r ^= (x << 4);
 252
 253         // Spread ints to bytes
 254         x = [r, l];
 255         for (i = 0; i < 8; i++) {
 256             b[i] = (x[i>>>2] >>> (8 * (3 - (i % 4)))) % 256;
 257             if (b[i] < 0) { b[i] += 256; } // unsigned
 258         }
 259         return b;
 260     }
 261
 262     // Encrypt 16 bytes of text using passwd as key
 263     encrypt(t) {
 264         return this.enc8(t.slice(0, 8)).concat(this.enc8(t.slice(8, 16)));
 265     }
 266 }