• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/des.h>
58 
59 #include <stdlib.h>
60 
61 #include "internal.h"
62 
63 
64 static const uint32_t des_skb[8][64] = {
65     {  // for C bits (numbered as per FIPS 46) 1 2 3 4 5 6
66      0x00000000, 0x00000010, 0x20000000, 0x20000010, 0x00010000,
67      0x00010010, 0x20010000, 0x20010010, 0x00000800, 0x00000810,
68      0x20000800, 0x20000810, 0x00010800, 0x00010810, 0x20010800,
69      0x20010810, 0x00000020, 0x00000030, 0x20000020, 0x20000030,
70      0x00010020, 0x00010030, 0x20010020, 0x20010030, 0x00000820,
71      0x00000830, 0x20000820, 0x20000830, 0x00010820, 0x00010830,
72      0x20010820, 0x20010830, 0x00080000, 0x00080010, 0x20080000,
73      0x20080010, 0x00090000, 0x00090010, 0x20090000, 0x20090010,
74      0x00080800, 0x00080810, 0x20080800, 0x20080810, 0x00090800,
75      0x00090810, 0x20090800, 0x20090810, 0x00080020, 0x00080030,
76      0x20080020, 0x20080030, 0x00090020, 0x00090030, 0x20090020,
77      0x20090030, 0x00080820, 0x00080830, 0x20080820, 0x20080830,
78      0x00090820, 0x00090830, 0x20090820, 0x20090830, },
79     {  // for C bits (numbered as per FIPS 46) 7 8 10 11 12 13
80      0x00000000, 0x02000000, 0x00002000, 0x02002000, 0x00200000,
81      0x02200000, 0x00202000, 0x02202000, 0x00000004, 0x02000004,
82      0x00002004, 0x02002004, 0x00200004, 0x02200004, 0x00202004,
83      0x02202004, 0x00000400, 0x02000400, 0x00002400, 0x02002400,
84      0x00200400, 0x02200400, 0x00202400, 0x02202400, 0x00000404,
85      0x02000404, 0x00002404, 0x02002404, 0x00200404, 0x02200404,
86      0x00202404, 0x02202404, 0x10000000, 0x12000000, 0x10002000,
87      0x12002000, 0x10200000, 0x12200000, 0x10202000, 0x12202000,
88      0x10000004, 0x12000004, 0x10002004, 0x12002004, 0x10200004,
89      0x12200004, 0x10202004, 0x12202004, 0x10000400, 0x12000400,
90      0x10002400, 0x12002400, 0x10200400, 0x12200400, 0x10202400,
91      0x12202400, 0x10000404, 0x12000404, 0x10002404, 0x12002404,
92      0x10200404, 0x12200404, 0x10202404, 0x12202404, },
93     {  // for C bits (numbered as per FIPS 46) 14 15 16 17 19 20
94      0x00000000, 0x00000001, 0x00040000, 0x00040001, 0x01000000,
95      0x01000001, 0x01040000, 0x01040001, 0x00000002, 0x00000003,
96      0x00040002, 0x00040003, 0x01000002, 0x01000003, 0x01040002,
97      0x01040003, 0x00000200, 0x00000201, 0x00040200, 0x00040201,
98      0x01000200, 0x01000201, 0x01040200, 0x01040201, 0x00000202,
99      0x00000203, 0x00040202, 0x00040203, 0x01000202, 0x01000203,
100      0x01040202, 0x01040203, 0x08000000, 0x08000001, 0x08040000,
101      0x08040001, 0x09000000, 0x09000001, 0x09040000, 0x09040001,
102      0x08000002, 0x08000003, 0x08040002, 0x08040003, 0x09000002,
103      0x09000003, 0x09040002, 0x09040003, 0x08000200, 0x08000201,
104      0x08040200, 0x08040201, 0x09000200, 0x09000201, 0x09040200,
105      0x09040201, 0x08000202, 0x08000203, 0x08040202, 0x08040203,
106      0x09000202, 0x09000203, 0x09040202, 0x09040203, },
107     {  // for C bits (numbered as per FIPS 46) 21 23 24 26 27 28
108      0x00000000, 0x00100000, 0x00000100, 0x00100100, 0x00000008,
109      0x00100008, 0x00000108, 0x00100108, 0x00001000, 0x00101000,
110      0x00001100, 0x00101100, 0x00001008, 0x00101008, 0x00001108,
111      0x00101108, 0x04000000, 0x04100000, 0x04000100, 0x04100100,
112      0x04000008, 0x04100008, 0x04000108, 0x04100108, 0x04001000,
113      0x04101000, 0x04001100, 0x04101100, 0x04001008, 0x04101008,
114      0x04001108, 0x04101108, 0x00020000, 0x00120000, 0x00020100,
115      0x00120100, 0x00020008, 0x00120008, 0x00020108, 0x00120108,
116      0x00021000, 0x00121000, 0x00021100, 0x00121100, 0x00021008,
117      0x00121008, 0x00021108, 0x00121108, 0x04020000, 0x04120000,
118      0x04020100, 0x04120100, 0x04020008, 0x04120008, 0x04020108,
119      0x04120108, 0x04021000, 0x04121000, 0x04021100, 0x04121100,
120      0x04021008, 0x04121008, 0x04021108, 0x04121108, },
121     {  // for D bits (numbered as per FIPS 46) 1 2 3 4 5 6
122      0x00000000, 0x10000000, 0x00010000, 0x10010000, 0x00000004,
123      0x10000004, 0x00010004, 0x10010004, 0x20000000, 0x30000000,
124      0x20010000, 0x30010000, 0x20000004, 0x30000004, 0x20010004,
125      0x30010004, 0x00100000, 0x10100000, 0x00110000, 0x10110000,
126      0x00100004, 0x10100004, 0x00110004, 0x10110004, 0x20100000,
127      0x30100000, 0x20110000, 0x30110000, 0x20100004, 0x30100004,
128      0x20110004, 0x30110004, 0x00001000, 0x10001000, 0x00011000,
129      0x10011000, 0x00001004, 0x10001004, 0x00011004, 0x10011004,
130      0x20001000, 0x30001000, 0x20011000, 0x30011000, 0x20001004,
131      0x30001004, 0x20011004, 0x30011004, 0x00101000, 0x10101000,
132      0x00111000, 0x10111000, 0x00101004, 0x10101004, 0x00111004,
133      0x10111004, 0x20101000, 0x30101000, 0x20111000, 0x30111000,
134      0x20101004, 0x30101004, 0x20111004, 0x30111004, },
135     {  // for D bits (numbered as per FIPS 46) 8 9 11 12 13 14
136      0x00000000, 0x08000000, 0x00000008, 0x08000008, 0x00000400,
137      0x08000400, 0x00000408, 0x08000408, 0x00020000, 0x08020000,
138      0x00020008, 0x08020008, 0x00020400, 0x08020400, 0x00020408,
139      0x08020408, 0x00000001, 0x08000001, 0x00000009, 0x08000009,
140      0x00000401, 0x08000401, 0x00000409, 0x08000409, 0x00020001,
141      0x08020001, 0x00020009, 0x08020009, 0x00020401, 0x08020401,
142      0x00020409, 0x08020409, 0x02000000, 0x0A000000, 0x02000008,
143      0x0A000008, 0x02000400, 0x0A000400, 0x02000408, 0x0A000408,
144      0x02020000, 0x0A020000, 0x02020008, 0x0A020008, 0x02020400,
145      0x0A020400, 0x02020408, 0x0A020408, 0x02000001, 0x0A000001,
146      0x02000009, 0x0A000009, 0x02000401, 0x0A000401, 0x02000409,
147      0x0A000409, 0x02020001, 0x0A020001, 0x02020009, 0x0A020009,
148      0x02020401, 0x0A020401, 0x02020409, 0x0A020409, },
149     {  // for D bits (numbered as per FIPS 46) 16 17 18 19 20 21
150      0x00000000, 0x00000100, 0x00080000, 0x00080100, 0x01000000,
151      0x01000100, 0x01080000, 0x01080100, 0x00000010, 0x00000110,
152      0x00080010, 0x00080110, 0x01000010, 0x01000110, 0x01080010,
153      0x01080110, 0x00200000, 0x00200100, 0x00280000, 0x00280100,
154      0x01200000, 0x01200100, 0x01280000, 0x01280100, 0x00200010,
155      0x00200110, 0x00280010, 0x00280110, 0x01200010, 0x01200110,
156      0x01280010, 0x01280110, 0x00000200, 0x00000300, 0x00080200,
157      0x00080300, 0x01000200, 0x01000300, 0x01080200, 0x01080300,
158      0x00000210, 0x00000310, 0x00080210, 0x00080310, 0x01000210,
159      0x01000310, 0x01080210, 0x01080310, 0x00200200, 0x00200300,
160      0x00280200, 0x00280300, 0x01200200, 0x01200300, 0x01280200,
161      0x01280300, 0x00200210, 0x00200310, 0x00280210, 0x00280310,
162      0x01200210, 0x01200310, 0x01280210, 0x01280310, },
163     {  // for D bits (numbered as per FIPS 46) 22 23 24 25 27 28
164      0x00000000, 0x04000000, 0x00040000, 0x04040000, 0x00000002,
165      0x04000002, 0x00040002, 0x04040002, 0x00002000, 0x04002000,
166      0x00042000, 0x04042000, 0x00002002, 0x04002002, 0x00042002,
167      0x04042002, 0x00000020, 0x04000020, 0x00040020, 0x04040020,
168      0x00000022, 0x04000022, 0x00040022, 0x04040022, 0x00002020,
169      0x04002020, 0x00042020, 0x04042020, 0x00002022, 0x04002022,
170      0x00042022, 0x04042022, 0x00000800, 0x04000800, 0x00040800,
171      0x04040800, 0x00000802, 0x04000802, 0x00040802, 0x04040802,
172      0x00002800, 0x04002800, 0x00042800, 0x04042800, 0x00002802,
173      0x04002802, 0x00042802, 0x04042802, 0x00000820, 0x04000820,
174      0x00040820, 0x04040820, 0x00000822, 0x04000822, 0x00040822,
175      0x04040822, 0x00002820, 0x04002820, 0x00042820, 0x04042820,
176      0x00002822, 0x04002822, 0x00042822, 0x04042822, }};
177 
178 static const uint32_t DES_SPtrans[8][64] = {
179     {  // nibble 0
180      0x02080800, 0x00080000, 0x02000002, 0x02080802, 0x02000000,
181      0x00080802, 0x00080002, 0x02000002, 0x00080802, 0x02080800,
182      0x02080000, 0x00000802, 0x02000802, 0x02000000, 0x00000000,
183      0x00080002, 0x00080000, 0x00000002, 0x02000800, 0x00080800,
184      0x02080802, 0x02080000, 0x00000802, 0x02000800, 0x00000002,
185      0x00000800, 0x00080800, 0x02080002, 0x00000800, 0x02000802,
186      0x02080002, 0x00000000, 0x00000000, 0x02080802, 0x02000800,
187      0x00080002, 0x02080800, 0x00080000, 0x00000802, 0x02000800,
188      0x02080002, 0x00000800, 0x00080800, 0x02000002, 0x00080802,
189      0x00000002, 0x02000002, 0x02080000, 0x02080802, 0x00080800,
190      0x02080000, 0x02000802, 0x02000000, 0x00000802, 0x00080002,
191      0x00000000, 0x00080000, 0x02000000, 0x02000802, 0x02080800,
192      0x00000002, 0x02080002, 0x00000800, 0x00080802, },
193     {  // nibble 1
194      0x40108010, 0x00000000, 0x00108000, 0x40100000, 0x40000010,
195      0x00008010, 0x40008000, 0x00108000, 0x00008000, 0x40100010,
196      0x00000010, 0x40008000, 0x00100010, 0x40108000, 0x40100000,
197      0x00000010, 0x00100000, 0x40008010, 0x40100010, 0x00008000,
198      0x00108010, 0x40000000, 0x00000000, 0x00100010, 0x40008010,
199      0x00108010, 0x40108000, 0x40000010, 0x40000000, 0x00100000,
200      0x00008010, 0x40108010, 0x00100010, 0x40108000, 0x40008000,
201      0x00108010, 0x40108010, 0x00100010, 0x40000010, 0x00000000,
202      0x40000000, 0x00008010, 0x00100000, 0x40100010, 0x00008000,
203      0x40000000, 0x00108010, 0x40008010, 0x40108000, 0x00008000,
204      0x00000000, 0x40000010, 0x00000010, 0x40108010, 0x00108000,
205      0x40100000, 0x40100010, 0x00100000, 0x00008010, 0x40008000,
206      0x40008010, 0x00000010, 0x40100000, 0x00108000, },
207     {  // nibble 2
208      0x04000001, 0x04040100, 0x00000100, 0x04000101, 0x00040001,
209      0x04000000, 0x04000101, 0x00040100, 0x04000100, 0x00040000,
210      0x04040000, 0x00000001, 0x04040101, 0x00000101, 0x00000001,
211      0x04040001, 0x00000000, 0x00040001, 0x04040100, 0x00000100,
212      0x00000101, 0x04040101, 0x00040000, 0x04000001, 0x04040001,
213      0x04000100, 0x00040101, 0x04040000, 0x00040100, 0x00000000,
214      0x04000000, 0x00040101, 0x04040100, 0x00000100, 0x00000001,
215      0x00040000, 0x00000101, 0x00040001, 0x04040000, 0x04000101,
216      0x00000000, 0x04040100, 0x00040100, 0x04040001, 0x00040001,
217      0x04000000, 0x04040101, 0x00000001, 0x00040101, 0x04000001,
218      0x04000000, 0x04040101, 0x00040000, 0x04000100, 0x04000101,
219      0x00040100, 0x04000100, 0x00000000, 0x04040001, 0x00000101,
220      0x04000001, 0x00040101, 0x00000100, 0x04040000, },
221     {  // nibble 3
222      0x00401008, 0x10001000, 0x00000008, 0x10401008, 0x00000000,
223      0x10400000, 0x10001008, 0x00400008, 0x10401000, 0x10000008,
224      0x10000000, 0x00001008, 0x10000008, 0x00401008, 0x00400000,
225      0x10000000, 0x10400008, 0x00401000, 0x00001000, 0x00000008,
226      0x00401000, 0x10001008, 0x10400000, 0x00001000, 0x00001008,
227      0x00000000, 0x00400008, 0x10401000, 0x10001000, 0x10400008,
228      0x10401008, 0x00400000, 0x10400008, 0x00001008, 0x00400000,
229      0x10000008, 0x00401000, 0x10001000, 0x00000008, 0x10400000,
230      0x10001008, 0x00000000, 0x00001000, 0x00400008, 0x00000000,
231      0x10400008, 0x10401000, 0x00001000, 0x10000000, 0x10401008,
232      0x00401008, 0x00400000, 0x10401008, 0x00000008, 0x10001000,
233      0x00401008, 0x00400008, 0x00401000, 0x10400000, 0x10001008,
234      0x00001008, 0x10000000, 0x10000008, 0x10401000, },
235     {  // nibble 4
236      0x08000000, 0x00010000, 0x00000400, 0x08010420, 0x08010020,
237      0x08000400, 0x00010420, 0x08010000, 0x00010000, 0x00000020,
238      0x08000020, 0x00010400, 0x08000420, 0x08010020, 0x08010400,
239      0x00000000, 0x00010400, 0x08000000, 0x00010020, 0x00000420,
240      0x08000400, 0x00010420, 0x00000000, 0x08000020, 0x00000020,
241      0x08000420, 0x08010420, 0x00010020, 0x08010000, 0x00000400,
242      0x00000420, 0x08010400, 0x08010400, 0x08000420, 0x00010020,
243      0x08010000, 0x00010000, 0x00000020, 0x08000020, 0x08000400,
244      0x08000000, 0x00010400, 0x08010420, 0x00000000, 0x00010420,
245      0x08000000, 0x00000400, 0x00010020, 0x08000420, 0x00000400,
246      0x00000000, 0x08010420, 0x08010020, 0x08010400, 0x00000420,
247      0x00010000, 0x00010400, 0x08010020, 0x08000400, 0x00000420,
248      0x00000020, 0x00010420, 0x08010000, 0x08000020, },
249     {  // nibble 5
250      0x80000040, 0x00200040, 0x00000000, 0x80202000, 0x00200040,
251      0x00002000, 0x80002040, 0x00200000, 0x00002040, 0x80202040,
252      0x00202000, 0x80000000, 0x80002000, 0x80000040, 0x80200000,
253      0x00202040, 0x00200000, 0x80002040, 0x80200040, 0x00000000,
254      0x00002000, 0x00000040, 0x80202000, 0x80200040, 0x80202040,
255      0x80200000, 0x80000000, 0x00002040, 0x00000040, 0x00202000,
256      0x00202040, 0x80002000, 0x00002040, 0x80000000, 0x80002000,
257      0x00202040, 0x80202000, 0x00200040, 0x00000000, 0x80002000,
258      0x80000000, 0x00002000, 0x80200040, 0x00200000, 0x00200040,
259      0x80202040, 0x00202000, 0x00000040, 0x80202040, 0x00202000,
260      0x00200000, 0x80002040, 0x80000040, 0x80200000, 0x00202040,
261      0x00000000, 0x00002000, 0x80000040, 0x80002040, 0x80202000,
262      0x80200000, 0x00002040, 0x00000040, 0x80200040, },
263     {  // nibble 6
264      0x00004000, 0x00000200, 0x01000200, 0x01000004, 0x01004204,
265      0x00004004, 0x00004200, 0x00000000, 0x01000000, 0x01000204,
266      0x00000204, 0x01004000, 0x00000004, 0x01004200, 0x01004000,
267      0x00000204, 0x01000204, 0x00004000, 0x00004004, 0x01004204,
268      0x00000000, 0x01000200, 0x01000004, 0x00004200, 0x01004004,
269      0x00004204, 0x01004200, 0x00000004, 0x00004204, 0x01004004,
270      0x00000200, 0x01000000, 0x00004204, 0x01004000, 0x01004004,
271      0x00000204, 0x00004000, 0x00000200, 0x01000000, 0x01004004,
272      0x01000204, 0x00004204, 0x00004200, 0x00000000, 0x00000200,
273      0x01000004, 0x00000004, 0x01000200, 0x00000000, 0x01000204,
274      0x01000200, 0x00004200, 0x00000204, 0x00004000, 0x01004204,
275      0x01000000, 0x01004200, 0x00000004, 0x00004004, 0x01004204,
276      0x01000004, 0x01004200, 0x01004000, 0x00004004, },
277     {  // nibble 7
278      0x20800080, 0x20820000, 0x00020080, 0x00000000, 0x20020000,
279      0x00800080, 0x20800000, 0x20820080, 0x00000080, 0x20000000,
280      0x00820000, 0x00020080, 0x00820080, 0x20020080, 0x20000080,
281      0x20800000, 0x00020000, 0x00820080, 0x00800080, 0x20020000,
282      0x20820080, 0x20000080, 0x00000000, 0x00820000, 0x20000000,
283      0x00800000, 0x20020080, 0x20800080, 0x00800000, 0x00020000,
284      0x20820000, 0x00000080, 0x00800000, 0x00020000, 0x20000080,
285      0x20820080, 0x00020080, 0x20000000, 0x00000000, 0x00820000,
286      0x20800080, 0x20020080, 0x20020000, 0x00800080, 0x20820000,
287      0x00000080, 0x00800080, 0x20020000, 0x20820080, 0x00800000,
288      0x20800000, 0x20000080, 0x00820000, 0x00020080, 0x20020080,
289      0x20800000, 0x00000080, 0x20820000, 0x00820080, 0x00000000,
290      0x20000000, 0x20800080, 0x00020000, 0x00820080, }};
291 
292 #define HPERM_OP(a, t, n, m)                  \
293   ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
294    (a) = (a) ^ (t) ^ ((t) >> (16 - (n))))
295 
DES_set_key(const DES_cblock * key,DES_key_schedule * schedule)296 void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
297   static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
298                                   0, 1, 1, 1, 1, 1, 1, 0};
299   uint32_t c, d, t, s, t2;
300   const uint8_t *in;
301   int i;
302 
303   in = key->bytes;
304 
305   c2l(in, c);
306   c2l(in, d);
307 
308   // do PC1 in 47 simple operations :-)
309   // Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
310   // for the inspiration. :-)
311   PERM_OP(d, c, t, 4, 0x0f0f0f0f);
312   HPERM_OP(c, t, -2, 0xcccc0000);
313   HPERM_OP(d, t, -2, 0xcccc0000);
314   PERM_OP(d, c, t, 1, 0x55555555);
315   PERM_OP(c, d, t, 8, 0x00ff00ff);
316   PERM_OP(d, c, t, 1, 0x55555555);
317   d = (((d & 0x000000ff) << 16) | (d & 0x0000ff00) |
318        ((d & 0x00ff0000) >> 16) | ((c & 0xf0000000) >> 4));
319   c &= 0x0fffffff;
320 
321   for (i = 0; i < ITERATIONS; i++) {
322     if (shifts2[i]) {
323       c = ((c >> 2) | (c << 26));
324       d = ((d >> 2) | (d << 26));
325     } else {
326       c = ((c >> 1) | (c << 27));
327       d = ((d >> 1) | (d << 27));
328     }
329     c &= 0x0fffffff;
330     d &= 0x0fffffff;
331     // could be a few less shifts but I am to lazy at this
332     // point in time to investigate
333     s = des_skb[0][(c) & 0x3f] |
334         des_skb[1][((c >> 6) & 0x03) | ((c >> 7) & 0x3c)] |
335         des_skb[2][((c >> 13) & 0x0f) | ((c >> 14) & 0x30)] |
336         des_skb[3][((c >> 20) & 0x01) | ((c >> 21) & 0x06) |
337                    ((c >> 22) & 0x38)];
338     t = des_skb[4][(d) & 0x3f] |
339         des_skb[5][((d >> 7) & 0x03) | ((d >> 8) & 0x3c)] |
340         des_skb[6][(d >> 15) & 0x3f] |
341         des_skb[7][((d >> 21) & 0x0f) | ((d >> 22) & 0x30)];
342 
343     // table contained 0213 4657
344     t2 = ((t << 16) | (s & 0x0000ffff)) & 0xffffffff;
345     schedule->subkeys[i][0] = CRYPTO_rotr_u32(t2, 30);
346 
347     t2 = ((s >> 16) | (t & 0xffff0000));
348     schedule->subkeys[i][1] = CRYPTO_rotr_u32(t2, 26);
349   }
350 }
351 
352 static const uint8_t kOddParity[256] = {
353     1,   1,   2,   2,   4,   4,   7,   7,   8,   8,   11,  11,  13,  13,  14,
354     14,  16,  16,  19,  19,  21,  21,  22,  22,  25,  25,  26,  26,  28,  28,
355     31,  31,  32,  32,  35,  35,  37,  37,  38,  38,  41,  41,  42,  42,  44,
356     44,  47,  47,  49,  49,  50,  50,  52,  52,  55,  55,  56,  56,  59,  59,
357     61,  61,  62,  62,  64,  64,  67,  67,  69,  69,  70,  70,  73,  73,  74,
358     74,  76,  76,  79,  79,  81,  81,  82,  82,  84,  84,  87,  87,  88,  88,
359     91,  91,  93,  93,  94,  94,  97,  97,  98,  98,  100, 100, 103, 103, 104,
360     104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118,
361     121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134,
362     134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148,
363     151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164,
364     164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179,
365     181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194,
366     194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208,
367     211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224,
368     224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
369     241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
370     254
371 };
372 
DES_set_odd_parity(DES_cblock * key)373 void DES_set_odd_parity(DES_cblock *key) {
374   unsigned i;
375 
376   for (i = 0; i < DES_KEY_SZ; i++) {
377     key->bytes[i] = kOddParity[key->bytes[i]];
378   }
379 }
380 
DES_encrypt1(uint32_t * data,const DES_key_schedule * ks,int enc)381 static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
382   uint32_t l, r, t, u;
383 
384   r = data[0];
385   l = data[1];
386 
387   IP(r, l);
388   // Things have been modified so that the initial rotate is done outside
389   // the loop.  This required the DES_SPtrans values in sp.h to be
390   // rotated 1 bit to the right. One perl script later and things have a
391   // 5% speed up on a sparc2. Thanks to Richard Outerbridge
392   // <71755.204@CompuServe.COM> for pointing this out.
393   // clear the top bits on machines with 8byte longs
394   // shift left by 2
395   r = CRYPTO_rotr_u32(r, 29);
396   l = CRYPTO_rotr_u32(l, 29);
397 
398   // I don't know if it is worth the effort of loop unrolling the
399   // inner loop
400   if (enc) {
401     D_ENCRYPT(ks, l, r, 0);
402     D_ENCRYPT(ks, r, l, 1);
403     D_ENCRYPT(ks, l, r, 2);
404     D_ENCRYPT(ks, r, l, 3);
405     D_ENCRYPT(ks, l, r, 4);
406     D_ENCRYPT(ks, r, l, 5);
407     D_ENCRYPT(ks, l, r, 6);
408     D_ENCRYPT(ks, r, l, 7);
409     D_ENCRYPT(ks, l, r, 8);
410     D_ENCRYPT(ks, r, l, 9);
411     D_ENCRYPT(ks, l, r, 10);
412     D_ENCRYPT(ks, r, l, 11);
413     D_ENCRYPT(ks, l, r, 12);
414     D_ENCRYPT(ks, r, l, 13);
415     D_ENCRYPT(ks, l, r, 14);
416     D_ENCRYPT(ks, r, l, 15);
417   } else {
418     D_ENCRYPT(ks, l, r, 15);
419     D_ENCRYPT(ks, r, l, 14);
420     D_ENCRYPT(ks, l, r, 13);
421     D_ENCRYPT(ks, r, l, 12);
422     D_ENCRYPT(ks, l, r, 11);
423     D_ENCRYPT(ks, r, l, 10);
424     D_ENCRYPT(ks, l, r, 9);
425     D_ENCRYPT(ks, r, l, 8);
426     D_ENCRYPT(ks, l, r, 7);
427     D_ENCRYPT(ks, r, l, 6);
428     D_ENCRYPT(ks, l, r, 5);
429     D_ENCRYPT(ks, r, l, 4);
430     D_ENCRYPT(ks, l, r, 3);
431     D_ENCRYPT(ks, r, l, 2);
432     D_ENCRYPT(ks, l, r, 1);
433     D_ENCRYPT(ks, r, l, 0);
434   }
435 
436   // rotate and clear the top bits on machines with 8byte longs
437   l = CRYPTO_rotr_u32(l, 3);
438   r = CRYPTO_rotr_u32(r, 3);
439 
440   FP(r, l);
441   data[0] = l;
442   data[1] = r;
443 }
444 
DES_encrypt2(uint32_t * data,const DES_key_schedule * ks,int enc)445 static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
446   uint32_t l, r, t, u;
447 
448   r = data[0];
449   l = data[1];
450 
451   // Things have been modified so that the initial rotate is done outside the
452   // loop.  This required the DES_SPtrans values in sp.h to be rotated 1 bit to
453   // the right. One perl script later and things have a 5% speed up on a
454   // sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
455   // pointing this out.
456   // clear the top bits on machines with 8byte longs
457   r = CRYPTO_rotr_u32(r, 29);
458   l = CRYPTO_rotr_u32(l, 29);
459 
460   // I don't know if it is worth the effort of loop unrolling the
461   // inner loop
462   if (enc) {
463     D_ENCRYPT(ks, l, r, 0);
464     D_ENCRYPT(ks, r, l, 1);
465     D_ENCRYPT(ks, l, r, 2);
466     D_ENCRYPT(ks, r, l, 3);
467     D_ENCRYPT(ks, l, r, 4);
468     D_ENCRYPT(ks, r, l, 5);
469     D_ENCRYPT(ks, l, r, 6);
470     D_ENCRYPT(ks, r, l, 7);
471     D_ENCRYPT(ks, l, r, 8);
472     D_ENCRYPT(ks, r, l, 9);
473     D_ENCRYPT(ks, l, r, 10);
474     D_ENCRYPT(ks, r, l, 11);
475     D_ENCRYPT(ks, l, r, 12);
476     D_ENCRYPT(ks, r, l, 13);
477     D_ENCRYPT(ks, l, r, 14);
478     D_ENCRYPT(ks, r, l, 15);
479   } else {
480     D_ENCRYPT(ks, l, r, 15);
481     D_ENCRYPT(ks, r, l, 14);
482     D_ENCRYPT(ks, l, r, 13);
483     D_ENCRYPT(ks, r, l, 12);
484     D_ENCRYPT(ks, l, r, 11);
485     D_ENCRYPT(ks, r, l, 10);
486     D_ENCRYPT(ks, l, r, 9);
487     D_ENCRYPT(ks, r, l, 8);
488     D_ENCRYPT(ks, l, r, 7);
489     D_ENCRYPT(ks, r, l, 6);
490     D_ENCRYPT(ks, l, r, 5);
491     D_ENCRYPT(ks, r, l, 4);
492     D_ENCRYPT(ks, l, r, 3);
493     D_ENCRYPT(ks, r, l, 2);
494     D_ENCRYPT(ks, l, r, 1);
495     D_ENCRYPT(ks, r, l, 0);
496   }
497   // rotate and clear the top bits on machines with 8byte longs
498   data[0] = CRYPTO_rotr_u32(l, 3);
499   data[1] = CRYPTO_rotr_u32(r, 3);
500 }
501 
DES_encrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)502 void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
503                   const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
504   uint32_t l, r;
505 
506   l = data[0];
507   r = data[1];
508   IP(l, r);
509   data[0] = l;
510   data[1] = r;
511   DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
512   DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
513   DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
514   l = data[0];
515   r = data[1];
516   FP(r, l);
517   data[0] = l;
518   data[1] = r;
519 }
520 
DES_decrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)521 void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
522                   const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
523   uint32_t l, r;
524 
525   l = data[0];
526   r = data[1];
527   IP(l, r);
528   data[0] = l;
529   data[1] = r;
530   DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
531   DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
532   DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
533   l = data[0];
534   r = data[1];
535   FP(r, l);
536   data[0] = l;
537   data[1] = r;
538 }
539 
DES_ecb_encrypt(const DES_cblock * in_block,DES_cblock * out_block,const DES_key_schedule * schedule,int is_encrypt)540 void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
541                      const DES_key_schedule *schedule, int is_encrypt) {
542   uint32_t l;
543   uint32_t ll[2];
544   const uint8_t *in = in_block->bytes;
545   uint8_t *out = out_block->bytes;
546 
547   c2l(in, l);
548   ll[0] = l;
549   c2l(in, l);
550   ll[1] = l;
551   DES_encrypt1(ll, schedule, is_encrypt);
552   l = ll[0];
553   l2c(l, out);
554   l = ll[1];
555   l2c(l, out);
556   ll[0] = ll[1] = 0;
557 }
558 
DES_ncbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * schedule,DES_cblock * ivec,int enc)559 void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
560                       const DES_key_schedule *schedule, DES_cblock *ivec,
561                       int enc) {
562   uint32_t tin0, tin1;
563   uint32_t tout0, tout1, xor0, xor1;
564   uint32_t tin[2];
565   unsigned char *iv;
566 
567   iv = ivec->bytes;
568 
569   if (enc) {
570     c2l(iv, tout0);
571     c2l(iv, tout1);
572     for (; len >= 8; len -= 8) {
573       c2l(in, tin0);
574       c2l(in, tin1);
575       tin0 ^= tout0;
576       tin[0] = tin0;
577       tin1 ^= tout1;
578       tin[1] = tin1;
579       DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
580       tout0 = tin[0];
581       l2c(tout0, out);
582       tout1 = tin[1];
583       l2c(tout1, out);
584     }
585     if (len != 0) {
586       c2ln(in, tin0, tin1, len);
587       tin0 ^= tout0;
588       tin[0] = tin0;
589       tin1 ^= tout1;
590       tin[1] = tin1;
591       DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
592       tout0 = tin[0];
593       l2c(tout0, out);
594       tout1 = tin[1];
595       l2c(tout1, out);
596     }
597     iv = ivec->bytes;
598     l2c(tout0, iv);
599     l2c(tout1, iv);
600   } else {
601     c2l(iv, xor0);
602     c2l(iv, xor1);
603     for (; len >= 8; len -= 8) {
604       c2l(in, tin0);
605       tin[0] = tin0;
606       c2l(in, tin1);
607       tin[1] = tin1;
608       DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
609       tout0 = tin[0] ^ xor0;
610       tout1 = tin[1] ^ xor1;
611       l2c(tout0, out);
612       l2c(tout1, out);
613       xor0 = tin0;
614       xor1 = tin1;
615     }
616     if (len != 0) {
617       c2l(in, tin0);
618       tin[0] = tin0;
619       c2l(in, tin1);
620       tin[1] = tin1;
621       DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
622       tout0 = tin[0] ^ xor0;
623       tout1 = tin[1] ^ xor1;
624       l2cn(tout0, tout1, out, len);
625       xor0 = tin0;
626       xor1 = tin1;
627     }
628     iv = ivec->bytes;
629     l2c(xor0, iv);
630     l2c(xor1, iv);
631   }
632   tin[0] = tin[1] = 0;
633 }
634 
DES_ecb3_encrypt(const DES_cblock * input,DES_cblock * output,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,int enc)635 void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
636                       const DES_key_schedule *ks1, const DES_key_schedule *ks2,
637                       const DES_key_schedule *ks3, int enc) {
638   uint32_t l0, l1;
639   uint32_t ll[2];
640   const uint8_t *in = input->bytes;
641   uint8_t *out = output->bytes;
642 
643   c2l(in, l0);
644   c2l(in, l1);
645   ll[0] = l0;
646   ll[1] = l1;
647   if (enc) {
648     DES_encrypt3(ll, ks1, ks2, ks3);
649   } else {
650     DES_decrypt3(ll, ks1, ks2, ks3);
651   }
652   l0 = ll[0];
653   l1 = ll[1];
654   l2c(l0, out);
655   l2c(l1, out);
656 }
657 
DES_ede3_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,DES_cblock * ivec,int enc)658 void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
659                           const DES_key_schedule *ks1,
660                           const DES_key_schedule *ks2,
661                           const DES_key_schedule *ks3, DES_cblock *ivec,
662                           int enc) {
663   uint32_t tin0, tin1;
664   uint32_t tout0, tout1, xor0, xor1;
665   uint32_t tin[2];
666   uint8_t *iv;
667 
668   iv = ivec->bytes;
669 
670   if (enc) {
671     c2l(iv, tout0);
672     c2l(iv, tout1);
673     for (; len >= 8; len -= 8) {
674       c2l(in, tin0);
675       c2l(in, tin1);
676       tin0 ^= tout0;
677       tin1 ^= tout1;
678 
679       tin[0] = tin0;
680       tin[1] = tin1;
681       DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
682       tout0 = tin[0];
683       tout1 = tin[1];
684 
685       l2c(tout0, out);
686       l2c(tout1, out);
687     }
688     if (len != 0) {
689       c2ln(in, tin0, tin1, len);
690       tin0 ^= tout0;
691       tin1 ^= tout1;
692 
693       tin[0] = tin0;
694       tin[1] = tin1;
695       DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
696       tout0 = tin[0];
697       tout1 = tin[1];
698 
699       l2c(tout0, out);
700       l2c(tout1, out);
701     }
702     iv = ivec->bytes;
703     l2c(tout0, iv);
704     l2c(tout1, iv);
705   } else {
706     uint32_t t0, t1;
707 
708     c2l(iv, xor0);
709     c2l(iv, xor1);
710     for (; len >= 8; len -= 8) {
711       c2l(in, tin0);
712       c2l(in, tin1);
713 
714       t0 = tin0;
715       t1 = tin1;
716 
717       tin[0] = tin0;
718       tin[1] = tin1;
719       DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
720       tout0 = tin[0];
721       tout1 = tin[1];
722 
723       tout0 ^= xor0;
724       tout1 ^= xor1;
725       l2c(tout0, out);
726       l2c(tout1, out);
727       xor0 = t0;
728       xor1 = t1;
729     }
730     if (len != 0) {
731       c2l(in, tin0);
732       c2l(in, tin1);
733 
734       t0 = tin0;
735       t1 = tin1;
736 
737       tin[0] = tin0;
738       tin[1] = tin1;
739       DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
740       tout0 = tin[0];
741       tout1 = tin[1];
742 
743       tout0 ^= xor0;
744       tout1 ^= xor1;
745       l2cn(tout0, tout1, out, len);
746       xor0 = t0;
747       xor1 = t1;
748     }
749 
750     iv = ivec->bytes;
751     l2c(xor0, iv);
752     l2c(xor1, iv);
753   }
754 
755   tin[0] = tin[1] = 0;
756 }
757 
DES_ede2_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,DES_cblock * ivec,int enc)758 void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
759                           const DES_key_schedule *ks1,
760                           const DES_key_schedule *ks2,
761                           DES_cblock *ivec,
762                           int enc) {
763   DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc);
764 }
765 
766 
767 // Deprecated functions.
768 
DES_set_key_unchecked(const DES_cblock * key,DES_key_schedule * schedule)769 void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) {
770   DES_set_key(key, schedule);
771 }
772 
773 #undef HPERM_OP
774 #undef c2l
775 #undef l2c
776 #undef c2ln
777 #undef l2cn
778 #undef PERM_OP
779 #undef IP
780 #undef FP
781 #undef LOAD_DATA
782 #undef D_ENCRYPT
783 #undef ITERATIONS
784 #undef HALF_ITERATIONS
785