1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/des.h>
58
59 #include <stdlib.h>
60
61 #include "internal.h"
62
63
64 static const uint32_t des_skb[8][64] = {
65 { // for C bits (numbered as per FIPS 46) 1 2 3 4 5 6
66 0x00000000, 0x00000010, 0x20000000, 0x20000010, 0x00010000,
67 0x00010010, 0x20010000, 0x20010010, 0x00000800, 0x00000810,
68 0x20000800, 0x20000810, 0x00010800, 0x00010810, 0x20010800,
69 0x20010810, 0x00000020, 0x00000030, 0x20000020, 0x20000030,
70 0x00010020, 0x00010030, 0x20010020, 0x20010030, 0x00000820,
71 0x00000830, 0x20000820, 0x20000830, 0x00010820, 0x00010830,
72 0x20010820, 0x20010830, 0x00080000, 0x00080010, 0x20080000,
73 0x20080010, 0x00090000, 0x00090010, 0x20090000, 0x20090010,
74 0x00080800, 0x00080810, 0x20080800, 0x20080810, 0x00090800,
75 0x00090810, 0x20090800, 0x20090810, 0x00080020, 0x00080030,
76 0x20080020, 0x20080030, 0x00090020, 0x00090030, 0x20090020,
77 0x20090030, 0x00080820, 0x00080830, 0x20080820, 0x20080830,
78 0x00090820, 0x00090830, 0x20090820, 0x20090830, },
79 { // for C bits (numbered as per FIPS 46) 7 8 10 11 12 13
80 0x00000000, 0x02000000, 0x00002000, 0x02002000, 0x00200000,
81 0x02200000, 0x00202000, 0x02202000, 0x00000004, 0x02000004,
82 0x00002004, 0x02002004, 0x00200004, 0x02200004, 0x00202004,
83 0x02202004, 0x00000400, 0x02000400, 0x00002400, 0x02002400,
84 0x00200400, 0x02200400, 0x00202400, 0x02202400, 0x00000404,
85 0x02000404, 0x00002404, 0x02002404, 0x00200404, 0x02200404,
86 0x00202404, 0x02202404, 0x10000000, 0x12000000, 0x10002000,
87 0x12002000, 0x10200000, 0x12200000, 0x10202000, 0x12202000,
88 0x10000004, 0x12000004, 0x10002004, 0x12002004, 0x10200004,
89 0x12200004, 0x10202004, 0x12202004, 0x10000400, 0x12000400,
90 0x10002400, 0x12002400, 0x10200400, 0x12200400, 0x10202400,
91 0x12202400, 0x10000404, 0x12000404, 0x10002404, 0x12002404,
92 0x10200404, 0x12200404, 0x10202404, 0x12202404, },
93 { // for C bits (numbered as per FIPS 46) 14 15 16 17 19 20
94 0x00000000, 0x00000001, 0x00040000, 0x00040001, 0x01000000,
95 0x01000001, 0x01040000, 0x01040001, 0x00000002, 0x00000003,
96 0x00040002, 0x00040003, 0x01000002, 0x01000003, 0x01040002,
97 0x01040003, 0x00000200, 0x00000201, 0x00040200, 0x00040201,
98 0x01000200, 0x01000201, 0x01040200, 0x01040201, 0x00000202,
99 0x00000203, 0x00040202, 0x00040203, 0x01000202, 0x01000203,
100 0x01040202, 0x01040203, 0x08000000, 0x08000001, 0x08040000,
101 0x08040001, 0x09000000, 0x09000001, 0x09040000, 0x09040001,
102 0x08000002, 0x08000003, 0x08040002, 0x08040003, 0x09000002,
103 0x09000003, 0x09040002, 0x09040003, 0x08000200, 0x08000201,
104 0x08040200, 0x08040201, 0x09000200, 0x09000201, 0x09040200,
105 0x09040201, 0x08000202, 0x08000203, 0x08040202, 0x08040203,
106 0x09000202, 0x09000203, 0x09040202, 0x09040203, },
107 { // for C bits (numbered as per FIPS 46) 21 23 24 26 27 28
108 0x00000000, 0x00100000, 0x00000100, 0x00100100, 0x00000008,
109 0x00100008, 0x00000108, 0x00100108, 0x00001000, 0x00101000,
110 0x00001100, 0x00101100, 0x00001008, 0x00101008, 0x00001108,
111 0x00101108, 0x04000000, 0x04100000, 0x04000100, 0x04100100,
112 0x04000008, 0x04100008, 0x04000108, 0x04100108, 0x04001000,
113 0x04101000, 0x04001100, 0x04101100, 0x04001008, 0x04101008,
114 0x04001108, 0x04101108, 0x00020000, 0x00120000, 0x00020100,
115 0x00120100, 0x00020008, 0x00120008, 0x00020108, 0x00120108,
116 0x00021000, 0x00121000, 0x00021100, 0x00121100, 0x00021008,
117 0x00121008, 0x00021108, 0x00121108, 0x04020000, 0x04120000,
118 0x04020100, 0x04120100, 0x04020008, 0x04120008, 0x04020108,
119 0x04120108, 0x04021000, 0x04121000, 0x04021100, 0x04121100,
120 0x04021008, 0x04121008, 0x04021108, 0x04121108, },
121 { // for D bits (numbered as per FIPS 46) 1 2 3 4 5 6
122 0x00000000, 0x10000000, 0x00010000, 0x10010000, 0x00000004,
123 0x10000004, 0x00010004, 0x10010004, 0x20000000, 0x30000000,
124 0x20010000, 0x30010000, 0x20000004, 0x30000004, 0x20010004,
125 0x30010004, 0x00100000, 0x10100000, 0x00110000, 0x10110000,
126 0x00100004, 0x10100004, 0x00110004, 0x10110004, 0x20100000,
127 0x30100000, 0x20110000, 0x30110000, 0x20100004, 0x30100004,
128 0x20110004, 0x30110004, 0x00001000, 0x10001000, 0x00011000,
129 0x10011000, 0x00001004, 0x10001004, 0x00011004, 0x10011004,
130 0x20001000, 0x30001000, 0x20011000, 0x30011000, 0x20001004,
131 0x30001004, 0x20011004, 0x30011004, 0x00101000, 0x10101000,
132 0x00111000, 0x10111000, 0x00101004, 0x10101004, 0x00111004,
133 0x10111004, 0x20101000, 0x30101000, 0x20111000, 0x30111000,
134 0x20101004, 0x30101004, 0x20111004, 0x30111004, },
135 { // for D bits (numbered as per FIPS 46) 8 9 11 12 13 14
136 0x00000000, 0x08000000, 0x00000008, 0x08000008, 0x00000400,
137 0x08000400, 0x00000408, 0x08000408, 0x00020000, 0x08020000,
138 0x00020008, 0x08020008, 0x00020400, 0x08020400, 0x00020408,
139 0x08020408, 0x00000001, 0x08000001, 0x00000009, 0x08000009,
140 0x00000401, 0x08000401, 0x00000409, 0x08000409, 0x00020001,
141 0x08020001, 0x00020009, 0x08020009, 0x00020401, 0x08020401,
142 0x00020409, 0x08020409, 0x02000000, 0x0A000000, 0x02000008,
143 0x0A000008, 0x02000400, 0x0A000400, 0x02000408, 0x0A000408,
144 0x02020000, 0x0A020000, 0x02020008, 0x0A020008, 0x02020400,
145 0x0A020400, 0x02020408, 0x0A020408, 0x02000001, 0x0A000001,
146 0x02000009, 0x0A000009, 0x02000401, 0x0A000401, 0x02000409,
147 0x0A000409, 0x02020001, 0x0A020001, 0x02020009, 0x0A020009,
148 0x02020401, 0x0A020401, 0x02020409, 0x0A020409, },
149 { // for D bits (numbered as per FIPS 46) 16 17 18 19 20 21
150 0x00000000, 0x00000100, 0x00080000, 0x00080100, 0x01000000,
151 0x01000100, 0x01080000, 0x01080100, 0x00000010, 0x00000110,
152 0x00080010, 0x00080110, 0x01000010, 0x01000110, 0x01080010,
153 0x01080110, 0x00200000, 0x00200100, 0x00280000, 0x00280100,
154 0x01200000, 0x01200100, 0x01280000, 0x01280100, 0x00200010,
155 0x00200110, 0x00280010, 0x00280110, 0x01200010, 0x01200110,
156 0x01280010, 0x01280110, 0x00000200, 0x00000300, 0x00080200,
157 0x00080300, 0x01000200, 0x01000300, 0x01080200, 0x01080300,
158 0x00000210, 0x00000310, 0x00080210, 0x00080310, 0x01000210,
159 0x01000310, 0x01080210, 0x01080310, 0x00200200, 0x00200300,
160 0x00280200, 0x00280300, 0x01200200, 0x01200300, 0x01280200,
161 0x01280300, 0x00200210, 0x00200310, 0x00280210, 0x00280310,
162 0x01200210, 0x01200310, 0x01280210, 0x01280310, },
163 { // for D bits (numbered as per FIPS 46) 22 23 24 25 27 28
164 0x00000000, 0x04000000, 0x00040000, 0x04040000, 0x00000002,
165 0x04000002, 0x00040002, 0x04040002, 0x00002000, 0x04002000,
166 0x00042000, 0x04042000, 0x00002002, 0x04002002, 0x00042002,
167 0x04042002, 0x00000020, 0x04000020, 0x00040020, 0x04040020,
168 0x00000022, 0x04000022, 0x00040022, 0x04040022, 0x00002020,
169 0x04002020, 0x00042020, 0x04042020, 0x00002022, 0x04002022,
170 0x00042022, 0x04042022, 0x00000800, 0x04000800, 0x00040800,
171 0x04040800, 0x00000802, 0x04000802, 0x00040802, 0x04040802,
172 0x00002800, 0x04002800, 0x00042800, 0x04042800, 0x00002802,
173 0x04002802, 0x00042802, 0x04042802, 0x00000820, 0x04000820,
174 0x00040820, 0x04040820, 0x00000822, 0x04000822, 0x00040822,
175 0x04040822, 0x00002820, 0x04002820, 0x00042820, 0x04042820,
176 0x00002822, 0x04002822, 0x00042822, 0x04042822, }};
177
178 static const uint32_t DES_SPtrans[8][64] = {
179 { // nibble 0
180 0x02080800, 0x00080000, 0x02000002, 0x02080802, 0x02000000,
181 0x00080802, 0x00080002, 0x02000002, 0x00080802, 0x02080800,
182 0x02080000, 0x00000802, 0x02000802, 0x02000000, 0x00000000,
183 0x00080002, 0x00080000, 0x00000002, 0x02000800, 0x00080800,
184 0x02080802, 0x02080000, 0x00000802, 0x02000800, 0x00000002,
185 0x00000800, 0x00080800, 0x02080002, 0x00000800, 0x02000802,
186 0x02080002, 0x00000000, 0x00000000, 0x02080802, 0x02000800,
187 0x00080002, 0x02080800, 0x00080000, 0x00000802, 0x02000800,
188 0x02080002, 0x00000800, 0x00080800, 0x02000002, 0x00080802,
189 0x00000002, 0x02000002, 0x02080000, 0x02080802, 0x00080800,
190 0x02080000, 0x02000802, 0x02000000, 0x00000802, 0x00080002,
191 0x00000000, 0x00080000, 0x02000000, 0x02000802, 0x02080800,
192 0x00000002, 0x02080002, 0x00000800, 0x00080802, },
193 { // nibble 1
194 0x40108010, 0x00000000, 0x00108000, 0x40100000, 0x40000010,
195 0x00008010, 0x40008000, 0x00108000, 0x00008000, 0x40100010,
196 0x00000010, 0x40008000, 0x00100010, 0x40108000, 0x40100000,
197 0x00000010, 0x00100000, 0x40008010, 0x40100010, 0x00008000,
198 0x00108010, 0x40000000, 0x00000000, 0x00100010, 0x40008010,
199 0x00108010, 0x40108000, 0x40000010, 0x40000000, 0x00100000,
200 0x00008010, 0x40108010, 0x00100010, 0x40108000, 0x40008000,
201 0x00108010, 0x40108010, 0x00100010, 0x40000010, 0x00000000,
202 0x40000000, 0x00008010, 0x00100000, 0x40100010, 0x00008000,
203 0x40000000, 0x00108010, 0x40008010, 0x40108000, 0x00008000,
204 0x00000000, 0x40000010, 0x00000010, 0x40108010, 0x00108000,
205 0x40100000, 0x40100010, 0x00100000, 0x00008010, 0x40008000,
206 0x40008010, 0x00000010, 0x40100000, 0x00108000, },
207 { // nibble 2
208 0x04000001, 0x04040100, 0x00000100, 0x04000101, 0x00040001,
209 0x04000000, 0x04000101, 0x00040100, 0x04000100, 0x00040000,
210 0x04040000, 0x00000001, 0x04040101, 0x00000101, 0x00000001,
211 0x04040001, 0x00000000, 0x00040001, 0x04040100, 0x00000100,
212 0x00000101, 0x04040101, 0x00040000, 0x04000001, 0x04040001,
213 0x04000100, 0x00040101, 0x04040000, 0x00040100, 0x00000000,
214 0x04000000, 0x00040101, 0x04040100, 0x00000100, 0x00000001,
215 0x00040000, 0x00000101, 0x00040001, 0x04040000, 0x04000101,
216 0x00000000, 0x04040100, 0x00040100, 0x04040001, 0x00040001,
217 0x04000000, 0x04040101, 0x00000001, 0x00040101, 0x04000001,
218 0x04000000, 0x04040101, 0x00040000, 0x04000100, 0x04000101,
219 0x00040100, 0x04000100, 0x00000000, 0x04040001, 0x00000101,
220 0x04000001, 0x00040101, 0x00000100, 0x04040000, },
221 { // nibble 3
222 0x00401008, 0x10001000, 0x00000008, 0x10401008, 0x00000000,
223 0x10400000, 0x10001008, 0x00400008, 0x10401000, 0x10000008,
224 0x10000000, 0x00001008, 0x10000008, 0x00401008, 0x00400000,
225 0x10000000, 0x10400008, 0x00401000, 0x00001000, 0x00000008,
226 0x00401000, 0x10001008, 0x10400000, 0x00001000, 0x00001008,
227 0x00000000, 0x00400008, 0x10401000, 0x10001000, 0x10400008,
228 0x10401008, 0x00400000, 0x10400008, 0x00001008, 0x00400000,
229 0x10000008, 0x00401000, 0x10001000, 0x00000008, 0x10400000,
230 0x10001008, 0x00000000, 0x00001000, 0x00400008, 0x00000000,
231 0x10400008, 0x10401000, 0x00001000, 0x10000000, 0x10401008,
232 0x00401008, 0x00400000, 0x10401008, 0x00000008, 0x10001000,
233 0x00401008, 0x00400008, 0x00401000, 0x10400000, 0x10001008,
234 0x00001008, 0x10000000, 0x10000008, 0x10401000, },
235 { // nibble 4
236 0x08000000, 0x00010000, 0x00000400, 0x08010420, 0x08010020,
237 0x08000400, 0x00010420, 0x08010000, 0x00010000, 0x00000020,
238 0x08000020, 0x00010400, 0x08000420, 0x08010020, 0x08010400,
239 0x00000000, 0x00010400, 0x08000000, 0x00010020, 0x00000420,
240 0x08000400, 0x00010420, 0x00000000, 0x08000020, 0x00000020,
241 0x08000420, 0x08010420, 0x00010020, 0x08010000, 0x00000400,
242 0x00000420, 0x08010400, 0x08010400, 0x08000420, 0x00010020,
243 0x08010000, 0x00010000, 0x00000020, 0x08000020, 0x08000400,
244 0x08000000, 0x00010400, 0x08010420, 0x00000000, 0x00010420,
245 0x08000000, 0x00000400, 0x00010020, 0x08000420, 0x00000400,
246 0x00000000, 0x08010420, 0x08010020, 0x08010400, 0x00000420,
247 0x00010000, 0x00010400, 0x08010020, 0x08000400, 0x00000420,
248 0x00000020, 0x00010420, 0x08010000, 0x08000020, },
249 { // nibble 5
250 0x80000040, 0x00200040, 0x00000000, 0x80202000, 0x00200040,
251 0x00002000, 0x80002040, 0x00200000, 0x00002040, 0x80202040,
252 0x00202000, 0x80000000, 0x80002000, 0x80000040, 0x80200000,
253 0x00202040, 0x00200000, 0x80002040, 0x80200040, 0x00000000,
254 0x00002000, 0x00000040, 0x80202000, 0x80200040, 0x80202040,
255 0x80200000, 0x80000000, 0x00002040, 0x00000040, 0x00202000,
256 0x00202040, 0x80002000, 0x00002040, 0x80000000, 0x80002000,
257 0x00202040, 0x80202000, 0x00200040, 0x00000000, 0x80002000,
258 0x80000000, 0x00002000, 0x80200040, 0x00200000, 0x00200040,
259 0x80202040, 0x00202000, 0x00000040, 0x80202040, 0x00202000,
260 0x00200000, 0x80002040, 0x80000040, 0x80200000, 0x00202040,
261 0x00000000, 0x00002000, 0x80000040, 0x80002040, 0x80202000,
262 0x80200000, 0x00002040, 0x00000040, 0x80200040, },
263 { // nibble 6
264 0x00004000, 0x00000200, 0x01000200, 0x01000004, 0x01004204,
265 0x00004004, 0x00004200, 0x00000000, 0x01000000, 0x01000204,
266 0x00000204, 0x01004000, 0x00000004, 0x01004200, 0x01004000,
267 0x00000204, 0x01000204, 0x00004000, 0x00004004, 0x01004204,
268 0x00000000, 0x01000200, 0x01000004, 0x00004200, 0x01004004,
269 0x00004204, 0x01004200, 0x00000004, 0x00004204, 0x01004004,
270 0x00000200, 0x01000000, 0x00004204, 0x01004000, 0x01004004,
271 0x00000204, 0x00004000, 0x00000200, 0x01000000, 0x01004004,
272 0x01000204, 0x00004204, 0x00004200, 0x00000000, 0x00000200,
273 0x01000004, 0x00000004, 0x01000200, 0x00000000, 0x01000204,
274 0x01000200, 0x00004200, 0x00000204, 0x00004000, 0x01004204,
275 0x01000000, 0x01004200, 0x00000004, 0x00004004, 0x01004204,
276 0x01000004, 0x01004200, 0x01004000, 0x00004004, },
277 { // nibble 7
278 0x20800080, 0x20820000, 0x00020080, 0x00000000, 0x20020000,
279 0x00800080, 0x20800000, 0x20820080, 0x00000080, 0x20000000,
280 0x00820000, 0x00020080, 0x00820080, 0x20020080, 0x20000080,
281 0x20800000, 0x00020000, 0x00820080, 0x00800080, 0x20020000,
282 0x20820080, 0x20000080, 0x00000000, 0x00820000, 0x20000000,
283 0x00800000, 0x20020080, 0x20800080, 0x00800000, 0x00020000,
284 0x20820000, 0x00000080, 0x00800000, 0x00020000, 0x20000080,
285 0x20820080, 0x00020080, 0x20000000, 0x00000000, 0x00820000,
286 0x20800080, 0x20020080, 0x20020000, 0x00800080, 0x20820000,
287 0x00000080, 0x00800080, 0x20020000, 0x20820080, 0x00800000,
288 0x20800000, 0x20000080, 0x00820000, 0x00020080, 0x20020080,
289 0x20800000, 0x00000080, 0x20820000, 0x00820080, 0x00000000,
290 0x20000000, 0x20800080, 0x00020000, 0x00820080, }};
291
292 #define HPERM_OP(a, t, n, m) \
293 ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
294 (a) = (a) ^ (t) ^ ((t) >> (16 - (n))))
295
DES_set_key(const DES_cblock * key,DES_key_schedule * schedule)296 void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
297 static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
298 0, 1, 1, 1, 1, 1, 1, 0};
299 uint32_t c, d, t, s, t2;
300 const uint8_t *in;
301 int i;
302
303 in = key->bytes;
304
305 c2l(in, c);
306 c2l(in, d);
307
308 // do PC1 in 47 simple operations :-)
309 // Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
310 // for the inspiration. :-)
311 PERM_OP(d, c, t, 4, 0x0f0f0f0f);
312 HPERM_OP(c, t, -2, 0xcccc0000);
313 HPERM_OP(d, t, -2, 0xcccc0000);
314 PERM_OP(d, c, t, 1, 0x55555555);
315 PERM_OP(c, d, t, 8, 0x00ff00ff);
316 PERM_OP(d, c, t, 1, 0x55555555);
317 d = (((d & 0x000000ff) << 16) | (d & 0x0000ff00) |
318 ((d & 0x00ff0000) >> 16) | ((c & 0xf0000000) >> 4));
319 c &= 0x0fffffff;
320
321 for (i = 0; i < ITERATIONS; i++) {
322 if (shifts2[i]) {
323 c = ((c >> 2) | (c << 26));
324 d = ((d >> 2) | (d << 26));
325 } else {
326 c = ((c >> 1) | (c << 27));
327 d = ((d >> 1) | (d << 27));
328 }
329 c &= 0x0fffffff;
330 d &= 0x0fffffff;
331 // could be a few less shifts but I am to lazy at this
332 // point in time to investigate
333 s = des_skb[0][(c) & 0x3f] |
334 des_skb[1][((c >> 6) & 0x03) | ((c >> 7) & 0x3c)] |
335 des_skb[2][((c >> 13) & 0x0f) | ((c >> 14) & 0x30)] |
336 des_skb[3][((c >> 20) & 0x01) | ((c >> 21) & 0x06) |
337 ((c >> 22) & 0x38)];
338 t = des_skb[4][(d) & 0x3f] |
339 des_skb[5][((d >> 7) & 0x03) | ((d >> 8) & 0x3c)] |
340 des_skb[6][(d >> 15) & 0x3f] |
341 des_skb[7][((d >> 21) & 0x0f) | ((d >> 22) & 0x30)];
342
343 // table contained 0213 4657
344 t2 = ((t << 16) | (s & 0x0000ffff)) & 0xffffffff;
345 schedule->subkeys[i][0] = CRYPTO_rotr_u32(t2, 30);
346
347 t2 = ((s >> 16) | (t & 0xffff0000));
348 schedule->subkeys[i][1] = CRYPTO_rotr_u32(t2, 26);
349 }
350 }
351
352 static const uint8_t kOddParity[256] = {
353 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14,
354 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28,
355 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44,
356 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59,
357 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74,
358 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
359 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104,
360 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118,
361 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134,
362 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148,
363 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164,
364 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179,
365 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194,
366 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208,
367 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224,
368 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
369 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
370 254
371 };
372
DES_set_odd_parity(DES_cblock * key)373 void DES_set_odd_parity(DES_cblock *key) {
374 unsigned i;
375
376 for (i = 0; i < DES_KEY_SZ; i++) {
377 key->bytes[i] = kOddParity[key->bytes[i]];
378 }
379 }
380
DES_encrypt1(uint32_t * data,const DES_key_schedule * ks,int enc)381 static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
382 uint32_t l, r, t, u;
383
384 r = data[0];
385 l = data[1];
386
387 IP(r, l);
388 // Things have been modified so that the initial rotate is done outside
389 // the loop. This required the DES_SPtrans values in sp.h to be
390 // rotated 1 bit to the right. One perl script later and things have a
391 // 5% speed up on a sparc2. Thanks to Richard Outerbridge
392 // <71755.204@CompuServe.COM> for pointing this out.
393 // clear the top bits on machines with 8byte longs
394 // shift left by 2
395 r = CRYPTO_rotr_u32(r, 29);
396 l = CRYPTO_rotr_u32(l, 29);
397
398 // I don't know if it is worth the effort of loop unrolling the
399 // inner loop
400 if (enc) {
401 D_ENCRYPT(ks, l, r, 0);
402 D_ENCRYPT(ks, r, l, 1);
403 D_ENCRYPT(ks, l, r, 2);
404 D_ENCRYPT(ks, r, l, 3);
405 D_ENCRYPT(ks, l, r, 4);
406 D_ENCRYPT(ks, r, l, 5);
407 D_ENCRYPT(ks, l, r, 6);
408 D_ENCRYPT(ks, r, l, 7);
409 D_ENCRYPT(ks, l, r, 8);
410 D_ENCRYPT(ks, r, l, 9);
411 D_ENCRYPT(ks, l, r, 10);
412 D_ENCRYPT(ks, r, l, 11);
413 D_ENCRYPT(ks, l, r, 12);
414 D_ENCRYPT(ks, r, l, 13);
415 D_ENCRYPT(ks, l, r, 14);
416 D_ENCRYPT(ks, r, l, 15);
417 } else {
418 D_ENCRYPT(ks, l, r, 15);
419 D_ENCRYPT(ks, r, l, 14);
420 D_ENCRYPT(ks, l, r, 13);
421 D_ENCRYPT(ks, r, l, 12);
422 D_ENCRYPT(ks, l, r, 11);
423 D_ENCRYPT(ks, r, l, 10);
424 D_ENCRYPT(ks, l, r, 9);
425 D_ENCRYPT(ks, r, l, 8);
426 D_ENCRYPT(ks, l, r, 7);
427 D_ENCRYPT(ks, r, l, 6);
428 D_ENCRYPT(ks, l, r, 5);
429 D_ENCRYPT(ks, r, l, 4);
430 D_ENCRYPT(ks, l, r, 3);
431 D_ENCRYPT(ks, r, l, 2);
432 D_ENCRYPT(ks, l, r, 1);
433 D_ENCRYPT(ks, r, l, 0);
434 }
435
436 // rotate and clear the top bits on machines with 8byte longs
437 l = CRYPTO_rotr_u32(l, 3);
438 r = CRYPTO_rotr_u32(r, 3);
439
440 FP(r, l);
441 data[0] = l;
442 data[1] = r;
443 }
444
DES_encrypt2(uint32_t * data,const DES_key_schedule * ks,int enc)445 static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
446 uint32_t l, r, t, u;
447
448 r = data[0];
449 l = data[1];
450
451 // Things have been modified so that the initial rotate is done outside the
452 // loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to
453 // the right. One perl script later and things have a 5% speed up on a
454 // sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
455 // pointing this out.
456 // clear the top bits on machines with 8byte longs
457 r = CRYPTO_rotr_u32(r, 29);
458 l = CRYPTO_rotr_u32(l, 29);
459
460 // I don't know if it is worth the effort of loop unrolling the
461 // inner loop
462 if (enc) {
463 D_ENCRYPT(ks, l, r, 0);
464 D_ENCRYPT(ks, r, l, 1);
465 D_ENCRYPT(ks, l, r, 2);
466 D_ENCRYPT(ks, r, l, 3);
467 D_ENCRYPT(ks, l, r, 4);
468 D_ENCRYPT(ks, r, l, 5);
469 D_ENCRYPT(ks, l, r, 6);
470 D_ENCRYPT(ks, r, l, 7);
471 D_ENCRYPT(ks, l, r, 8);
472 D_ENCRYPT(ks, r, l, 9);
473 D_ENCRYPT(ks, l, r, 10);
474 D_ENCRYPT(ks, r, l, 11);
475 D_ENCRYPT(ks, l, r, 12);
476 D_ENCRYPT(ks, r, l, 13);
477 D_ENCRYPT(ks, l, r, 14);
478 D_ENCRYPT(ks, r, l, 15);
479 } else {
480 D_ENCRYPT(ks, l, r, 15);
481 D_ENCRYPT(ks, r, l, 14);
482 D_ENCRYPT(ks, l, r, 13);
483 D_ENCRYPT(ks, r, l, 12);
484 D_ENCRYPT(ks, l, r, 11);
485 D_ENCRYPT(ks, r, l, 10);
486 D_ENCRYPT(ks, l, r, 9);
487 D_ENCRYPT(ks, r, l, 8);
488 D_ENCRYPT(ks, l, r, 7);
489 D_ENCRYPT(ks, r, l, 6);
490 D_ENCRYPT(ks, l, r, 5);
491 D_ENCRYPT(ks, r, l, 4);
492 D_ENCRYPT(ks, l, r, 3);
493 D_ENCRYPT(ks, r, l, 2);
494 D_ENCRYPT(ks, l, r, 1);
495 D_ENCRYPT(ks, r, l, 0);
496 }
497 // rotate and clear the top bits on machines with 8byte longs
498 data[0] = CRYPTO_rotr_u32(l, 3);
499 data[1] = CRYPTO_rotr_u32(r, 3);
500 }
501
DES_encrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)502 void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
503 const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
504 uint32_t l, r;
505
506 l = data[0];
507 r = data[1];
508 IP(l, r);
509 data[0] = l;
510 data[1] = r;
511 DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
512 DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
513 DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
514 l = data[0];
515 r = data[1];
516 FP(r, l);
517 data[0] = l;
518 data[1] = r;
519 }
520
DES_decrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)521 void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
522 const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
523 uint32_t l, r;
524
525 l = data[0];
526 r = data[1];
527 IP(l, r);
528 data[0] = l;
529 data[1] = r;
530 DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
531 DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
532 DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
533 l = data[0];
534 r = data[1];
535 FP(r, l);
536 data[0] = l;
537 data[1] = r;
538 }
539
DES_ecb_encrypt(const DES_cblock * in_block,DES_cblock * out_block,const DES_key_schedule * schedule,int is_encrypt)540 void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
541 const DES_key_schedule *schedule, int is_encrypt) {
542 uint32_t l;
543 uint32_t ll[2];
544 const uint8_t *in = in_block->bytes;
545 uint8_t *out = out_block->bytes;
546
547 c2l(in, l);
548 ll[0] = l;
549 c2l(in, l);
550 ll[1] = l;
551 DES_encrypt1(ll, schedule, is_encrypt);
552 l = ll[0];
553 l2c(l, out);
554 l = ll[1];
555 l2c(l, out);
556 ll[0] = ll[1] = 0;
557 }
558
DES_ncbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * schedule,DES_cblock * ivec,int enc)559 void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
560 const DES_key_schedule *schedule, DES_cblock *ivec,
561 int enc) {
562 uint32_t tin0, tin1;
563 uint32_t tout0, tout1, xor0, xor1;
564 uint32_t tin[2];
565 unsigned char *iv;
566
567 iv = ivec->bytes;
568
569 if (enc) {
570 c2l(iv, tout0);
571 c2l(iv, tout1);
572 for (; len >= 8; len -= 8) {
573 c2l(in, tin0);
574 c2l(in, tin1);
575 tin0 ^= tout0;
576 tin[0] = tin0;
577 tin1 ^= tout1;
578 tin[1] = tin1;
579 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
580 tout0 = tin[0];
581 l2c(tout0, out);
582 tout1 = tin[1];
583 l2c(tout1, out);
584 }
585 if (len != 0) {
586 c2ln(in, tin0, tin1, len);
587 tin0 ^= tout0;
588 tin[0] = tin0;
589 tin1 ^= tout1;
590 tin[1] = tin1;
591 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
592 tout0 = tin[0];
593 l2c(tout0, out);
594 tout1 = tin[1];
595 l2c(tout1, out);
596 }
597 iv = ivec->bytes;
598 l2c(tout0, iv);
599 l2c(tout1, iv);
600 } else {
601 c2l(iv, xor0);
602 c2l(iv, xor1);
603 for (; len >= 8; len -= 8) {
604 c2l(in, tin0);
605 tin[0] = tin0;
606 c2l(in, tin1);
607 tin[1] = tin1;
608 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
609 tout0 = tin[0] ^ xor0;
610 tout1 = tin[1] ^ xor1;
611 l2c(tout0, out);
612 l2c(tout1, out);
613 xor0 = tin0;
614 xor1 = tin1;
615 }
616 if (len != 0) {
617 c2l(in, tin0);
618 tin[0] = tin0;
619 c2l(in, tin1);
620 tin[1] = tin1;
621 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
622 tout0 = tin[0] ^ xor0;
623 tout1 = tin[1] ^ xor1;
624 l2cn(tout0, tout1, out, len);
625 xor0 = tin0;
626 xor1 = tin1;
627 }
628 iv = ivec->bytes;
629 l2c(xor0, iv);
630 l2c(xor1, iv);
631 }
632 tin[0] = tin[1] = 0;
633 }
634
DES_ecb3_encrypt(const DES_cblock * input,DES_cblock * output,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,int enc)635 void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
636 const DES_key_schedule *ks1, const DES_key_schedule *ks2,
637 const DES_key_schedule *ks3, int enc) {
638 uint32_t l0, l1;
639 uint32_t ll[2];
640 const uint8_t *in = input->bytes;
641 uint8_t *out = output->bytes;
642
643 c2l(in, l0);
644 c2l(in, l1);
645 ll[0] = l0;
646 ll[1] = l1;
647 if (enc) {
648 DES_encrypt3(ll, ks1, ks2, ks3);
649 } else {
650 DES_decrypt3(ll, ks1, ks2, ks3);
651 }
652 l0 = ll[0];
653 l1 = ll[1];
654 l2c(l0, out);
655 l2c(l1, out);
656 }
657
DES_ede3_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,DES_cblock * ivec,int enc)658 void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
659 const DES_key_schedule *ks1,
660 const DES_key_schedule *ks2,
661 const DES_key_schedule *ks3, DES_cblock *ivec,
662 int enc) {
663 uint32_t tin0, tin1;
664 uint32_t tout0, tout1, xor0, xor1;
665 uint32_t tin[2];
666 uint8_t *iv;
667
668 iv = ivec->bytes;
669
670 if (enc) {
671 c2l(iv, tout0);
672 c2l(iv, tout1);
673 for (; len >= 8; len -= 8) {
674 c2l(in, tin0);
675 c2l(in, tin1);
676 tin0 ^= tout0;
677 tin1 ^= tout1;
678
679 tin[0] = tin0;
680 tin[1] = tin1;
681 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
682 tout0 = tin[0];
683 tout1 = tin[1];
684
685 l2c(tout0, out);
686 l2c(tout1, out);
687 }
688 if (len != 0) {
689 c2ln(in, tin0, tin1, len);
690 tin0 ^= tout0;
691 tin1 ^= tout1;
692
693 tin[0] = tin0;
694 tin[1] = tin1;
695 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
696 tout0 = tin[0];
697 tout1 = tin[1];
698
699 l2c(tout0, out);
700 l2c(tout1, out);
701 }
702 iv = ivec->bytes;
703 l2c(tout0, iv);
704 l2c(tout1, iv);
705 } else {
706 uint32_t t0, t1;
707
708 c2l(iv, xor0);
709 c2l(iv, xor1);
710 for (; len >= 8; len -= 8) {
711 c2l(in, tin0);
712 c2l(in, tin1);
713
714 t0 = tin0;
715 t1 = tin1;
716
717 tin[0] = tin0;
718 tin[1] = tin1;
719 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
720 tout0 = tin[0];
721 tout1 = tin[1];
722
723 tout0 ^= xor0;
724 tout1 ^= xor1;
725 l2c(tout0, out);
726 l2c(tout1, out);
727 xor0 = t0;
728 xor1 = t1;
729 }
730 if (len != 0) {
731 c2l(in, tin0);
732 c2l(in, tin1);
733
734 t0 = tin0;
735 t1 = tin1;
736
737 tin[0] = tin0;
738 tin[1] = tin1;
739 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
740 tout0 = tin[0];
741 tout1 = tin[1];
742
743 tout0 ^= xor0;
744 tout1 ^= xor1;
745 l2cn(tout0, tout1, out, len);
746 xor0 = t0;
747 xor1 = t1;
748 }
749
750 iv = ivec->bytes;
751 l2c(xor0, iv);
752 l2c(xor1, iv);
753 }
754
755 tin[0] = tin[1] = 0;
756 }
757
DES_ede2_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,DES_cblock * ivec,int enc)758 void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
759 const DES_key_schedule *ks1,
760 const DES_key_schedule *ks2,
761 DES_cblock *ivec,
762 int enc) {
763 DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc);
764 }
765
766
767 // Deprecated functions.
768
DES_set_key_unchecked(const DES_cblock * key,DES_key_schedule * schedule)769 void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) {
770 DES_set_key(key, schedule);
771 }
772
773 #undef HPERM_OP
774 #undef c2l
775 #undef l2c
776 #undef c2ln
777 #undef l2cn
778 #undef PERM_OP
779 #undef IP
780 #undef FP
781 #undef LOAD_DATA
782 #undef D_ENCRYPT
783 #undef ITERATIONS
784 #undef HALF_ITERATIONS
785