Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / b8494591d1b1a143f3b192d845c238bbf3bc629d / . / src / crypto / des / des.c
blob: a5669a62b84c994e4ff8991eae9b43cc29f7d8ca [file] [log] [blame]
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57#include <openssl/des.h>
58
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]59#include <stdlib.h>
60
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]61#include "internal.h"
62
63
64static const uint32_t des_skb[8][64] = {
65 {/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
66 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 0x00010000L,
67 0x00010010L, 0x20010000L, 0x20010010L, 0x00000800L, 0x00000810L,
68 0x20000800L, 0x20000810L, 0x00010800L, 0x00010810L, 0x20010800L,
69 0x20010810L, 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
70 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 0x00000820L,
71 0x00000830L, 0x20000820L, 0x20000830L, 0x00010820L, 0x00010830L,
72 0x20010820L, 0x20010830L, 0x00080000L, 0x00080010L, 0x20080000L,
73 0x20080010L, 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
74 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 0x00090800L,
75 0x00090810L, 0x20090800L, 0x20090810L, 0x00080020L, 0x00080030L,
76 0x20080020L, 0x20080030L, 0x00090020L, 0x00090030L, 0x20090020L,
77 0x20090030L, 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
78 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, },
79 {/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
80 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 0x00200000L,
81 0x02200000L, 0x00202000L, 0x02202000L, 0x00000004L, 0x02000004L,
82 0x00002004L, 0x02002004L, 0x00200004L, 0x02200004L, 0x00202004L,
83 0x02202004L, 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
84 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 0x00000404L,
85 0x02000404L, 0x00002404L, 0x02002404L, 0x00200404L, 0x02200404L,
86 0x00202404L, 0x02202404L, 0x10000000L, 0x12000000L, 0x10002000L,
87 0x12002000L, 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
88 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 0x10200004L,
89 0x12200004L, 0x10202004L, 0x12202004L, 0x10000400L, 0x12000400L,
90 0x10002400L, 0x12002400L, 0x10200400L, 0x12200400L, 0x10202400L,
91 0x12202400L, 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
92 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, },
93 {/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
94 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 0x01000000L,
95 0x01000001L, 0x01040000L, 0x01040001L, 0x00000002L, 0x00000003L,
96 0x00040002L, 0x00040003L, 0x01000002L, 0x01000003L, 0x01040002L,
97 0x01040003L, 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
98 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 0x00000202L,
99 0x00000203L, 0x00040202L, 0x00040203L, 0x01000202L, 0x01000203L,
100 0x01040202L, 0x01040203L, 0x08000000L, 0x08000001L, 0x08040000L,
101 0x08040001L, 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
102 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 0x09000002L,
103 0x09000003L, 0x09040002L, 0x09040003L, 0x08000200L, 0x08000201L,
104 0x08040200L, 0x08040201L, 0x09000200L, 0x09000201L, 0x09040200L,
105 0x09040201L, 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
106 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, },
107 {/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
108 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 0x00000008L,
109 0x00100008L, 0x00000108L, 0x00100108L, 0x00001000L, 0x00101000L,
110 0x00001100L, 0x00101100L, 0x00001008L, 0x00101008L, 0x00001108L,
111 0x00101108L, 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
112 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 0x04001000L,
113 0x04101000L, 0x04001100L, 0x04101100L, 0x04001008L, 0x04101008L,
114 0x04001108L, 0x04101108L, 0x00020000L, 0x00120000L, 0x00020100L,
115 0x00120100L, 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
116 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 0x00021008L,
117 0x00121008L, 0x00021108L, 0x00121108L, 0x04020000L, 0x04120000L,
118 0x04020100L, 0x04120100L, 0x04020008L, 0x04120008L, 0x04020108L,
119 0x04120108L, 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
120 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, },
121 {/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
122 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 0x00000004L,
123 0x10000004L, 0x00010004L, 0x10010004L, 0x20000000L, 0x30000000L,
124 0x20010000L, 0x30010000L, 0x20000004L, 0x30000004L, 0x20010004L,
125 0x30010004L, 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
126 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 0x20100000L,
127 0x30100000L, 0x20110000L, 0x30110000L, 0x20100004L, 0x30100004L,
128 0x20110004L, 0x30110004L, 0x00001000L, 0x10001000L, 0x00011000L,
129 0x10011000L, 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
130 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 0x20001004L,
131 0x30001004L, 0x20011004L, 0x30011004L, 0x00101000L, 0x10101000L,
132 0x00111000L, 0x10111000L, 0x00101004L, 0x10101004L, 0x00111004L,
133 0x10111004L, 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
134 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, },
135 {/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
136 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 0x00000400L,
137 0x08000400L, 0x00000408L, 0x08000408L, 0x00020000L, 0x08020000L,
138 0x00020008L, 0x08020008L, 0x00020400L, 0x08020400L, 0x00020408L,
139 0x08020408L, 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
140 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 0x00020001L,
141 0x08020001L, 0x00020009L, 0x08020009L, 0x00020401L, 0x08020401L,
142 0x00020409L, 0x08020409L, 0x02000000L, 0x0A000000L, 0x02000008L,
143 0x0A000008L, 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
144 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 0x02020400L,
145 0x0A020400L, 0x02020408L, 0x0A020408L, 0x02000001L, 0x0A000001L,
146 0x02000009L, 0x0A000009L, 0x02000401L, 0x0A000401L, 0x02000409L,
147 0x0A000409L, 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
148 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, },
149 {/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
150 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 0x01000000L,
151 0x01000100L, 0x01080000L, 0x01080100L, 0x00000010L, 0x00000110L,
152 0x00080010L, 0x00080110L, 0x01000010L, 0x01000110L, 0x01080010L,
153 0x01080110L, 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
154 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 0x00200010L,
155 0x00200110L, 0x00280010L, 0x00280110L, 0x01200010L, 0x01200110L,
156 0x01280010L, 0x01280110L, 0x00000200L, 0x00000300L, 0x00080200L,
157 0x00080300L, 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
158 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 0x01000210L,
159 0x01000310L, 0x01080210L, 0x01080310L, 0x00200200L, 0x00200300L,
160 0x00280200L, 0x00280300L, 0x01200200L, 0x01200300L, 0x01280200L,
161 0x01280300L, 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
162 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, },
163 {/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
164 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 0x00000002L,
165 0x04000002L, 0x00040002L, 0x04040002L, 0x00002000L, 0x04002000L,
166 0x00042000L, 0x04042000L, 0x00002002L, 0x04002002L, 0x00042002L,
167 0x04042002L, 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
168 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 0x00002020L,
169 0x04002020L, 0x00042020L, 0x04042020L, 0x00002022L, 0x04002022L,
170 0x00042022L, 0x04042022L, 0x00000800L, 0x04000800L, 0x00040800L,
171 0x04040800L, 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
172 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 0x00002802L,
173 0x04002802L, 0x00042802L, 0x04042802L, 0x00000820L, 0x04000820L,
174 0x00040820L, 0x04040820L, 0x00000822L, 0x04000822L, 0x00040822L,
175 0x04040822L, 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
176 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, }};
177
178static const uint32_t DES_SPtrans[8][64] = {
179 {/* nibble 0 */
180 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L,
181 0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L,
182 0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L,
183 0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
184 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L,
185 0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L,
186 0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L,
187 0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
188 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L,
189 0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L,
190 0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L,
191 0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
192 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, },
193 {/* nibble 1 */
194 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L,
195 0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L,
196 0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L,
197 0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
198 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L,
199 0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L,
200 0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L,
201 0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
202 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L,
203 0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L,
204 0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L,
205 0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
206 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, },
207 {/* nibble 2 */
208 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L,
209 0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L,
210 0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L,
211 0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
212 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L,
213 0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L,
214 0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L,
215 0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
216 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L,
217 0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L,
218 0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L,
219 0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
220 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, },
221 {/* nibble 3 */
222 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L,
223 0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L,
224 0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L,
225 0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
226 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L,
227 0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L,
228 0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L,
229 0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
230 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L,
231 0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L,
232 0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L,
233 0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
234 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, },
235 {/* nibble 4 */
236 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L,
237 0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L,
238 0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L,
239 0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
240 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L,
241 0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L,
242 0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L,
243 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
244 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L,
245 0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L,
246 0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L,
247 0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
248 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, },
249 {/* nibble 5 */
250 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L,
251 0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L,
252 0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L,
253 0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
254 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L,
255 0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L,
256 0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L,
257 0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
258 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L,
259 0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L,
260 0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L,
261 0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
262 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, },
263 {/* nibble 6 */
264 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L,
265 0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L,
266 0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L,
267 0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
268 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L,
269 0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L,
270 0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L,
271 0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
272 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L,
273 0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L,
274 0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L,
275 0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
276 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, },
277 {/* nibble 7 */
278 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L,
279 0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L,
280 0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L,
281 0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
282 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L,
283 0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L,
284 0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L,
285 0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
286 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L,
287 0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L,
288 0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L,
289 0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
290 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }};
291
292#define HPERM_OP(a, t, n, m) \
293 ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
294 (a) = (a) ^ (t) ^ (t >> (16 - (n))))
295
296void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
297 static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
298 0, 1, 1, 1, 1, 1, 1, 0};
299 uint32_t c, d, t, s, t2;
300 const uint8_t *in;
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]301 int i;
302
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]303 in = key->bytes;
304
305 c2l(in, c);
306 c2l(in, d);
307
308 /* do PC1 in 47 simple operations :-)
309 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
310 * for the inspiration. :-) */
311 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
312 HPERM_OP(c, t, -2, 0xcccc0000L);
313 HPERM_OP(d, t, -2, 0xcccc0000L);
314 PERM_OP(d, c, t, 1, 0x55555555L);
315 PERM_OP(c, d, t, 8, 0x00ff00ffL);
316 PERM_OP(d, c, t, 1, 0x55555555L);
317 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
318 ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
319 c &= 0x0fffffffL;
320
321 for (i = 0; i < ITERATIONS; i++) {
322 if (shifts2[i]) {
323 c = ((c >> 2L) | (c << 26L));
324 d = ((d >> 2L) | (d << 26L));
325 } else {
326 c = ((c >> 1L) | (c << 27L));
327 d = ((d >> 1L) | (d << 27L));
328 }
329 c &= 0x0fffffffL;
330 d &= 0x0fffffffL;
331 /* could be a few less shifts but I am to lazy at this
332 * point in time to investigate */
333 s = des_skb[0][(c) & 0x3f] |
334 des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
335 des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
336 des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
337 ((c >> 22L) & 0x38)];
338 t = des_skb[4][(d) & 0x3f] |
339 des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
340 des_skb[6][(d >> 15L) & 0x3f] |
341 des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
342
343 /* table contained 0213 4657 */
344 t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]345 schedule->subkeys[i][0] = ROTATE(t2, 30) & 0xffffffffL;
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]346
347 t2 = ((s >> 16L) | (t & 0xffff0000L));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]348 schedule->subkeys[i][1] = ROTATE(t2, 26) & 0xffffffffL;
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]349 }
350}
351
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]352static const uint8_t kOddParity[256] = {
353 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14,
354 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28,
355 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44,
356 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59,
357 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74,
358 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
359 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104,
360 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118,
361 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134,
362 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148,
363 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164,
364 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179,
365 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194,
366 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208,
367 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224,
368 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
369 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
370 254
371};
372
373void DES_set_odd_parity(DES_cblock *key) {
374 unsigned i;
375
376 for (i = 0; i < DES_KEY_SZ; i++) {
377 key->bytes[i] = kOddParity[key->bytes[i]];
378 }
379}
380
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]381static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
382 uint32_t l, r, t, u;
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]383
384 r = data[0];
385 l = data[1];
386
387 IP(r, l);
388 /* Things have been modified so that the initial rotate is done outside
389 * the loop. This required the DES_SPtrans values in sp.h to be
390 * rotated 1 bit to the right. One perl script later and things have a
391 * 5% speed up on a sparc2. Thanks to Richard Outerbridge
392 * <71755.204@CompuServe.COM> for pointing this out. */
393 /* clear the top bits on machines with 8byte longs */
394 /* shift left by 2 */
395 r = ROTATE(r, 29) & 0xffffffffL;
396 l = ROTATE(l, 29) & 0xffffffffL;
397
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]398 /* I don't know if it is worth the effort of loop unrolling the
399 * inner loop */
400 if (enc) {
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]401 D_ENCRYPT(ks, l, r, 0);
402 D_ENCRYPT(ks, r, l, 1);
403 D_ENCRYPT(ks, l, r, 2);
404 D_ENCRYPT(ks, r, l, 3);
405 D_ENCRYPT(ks, l, r, 4);
406 D_ENCRYPT(ks, r, l, 5);
407 D_ENCRYPT(ks, l, r, 6);
408 D_ENCRYPT(ks, r, l, 7);
409 D_ENCRYPT(ks, l, r, 8);
410 D_ENCRYPT(ks, r, l, 9);
411 D_ENCRYPT(ks, l, r, 10);
412 D_ENCRYPT(ks, r, l, 11);
413 D_ENCRYPT(ks, l, r, 12);
414 D_ENCRYPT(ks, r, l, 13);
415 D_ENCRYPT(ks, l, r, 14);
416 D_ENCRYPT(ks, r, l, 15);
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]417 } else {
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]418 D_ENCRYPT(ks, l, r, 15);
419 D_ENCRYPT(ks, r, l, 14);
420 D_ENCRYPT(ks, l, r, 13);
421 D_ENCRYPT(ks, r, l, 12);
422 D_ENCRYPT(ks, l, r, 11);
423 D_ENCRYPT(ks, r, l, 10);
424 D_ENCRYPT(ks, l, r, 9);
425 D_ENCRYPT(ks, r, l, 8);
426 D_ENCRYPT(ks, l, r, 7);
427 D_ENCRYPT(ks, r, l, 6);
428 D_ENCRYPT(ks, l, r, 5);
429 D_ENCRYPT(ks, r, l, 4);
430 D_ENCRYPT(ks, l, r, 3);
431 D_ENCRYPT(ks, r, l, 2);
432 D_ENCRYPT(ks, l, r, 1);
433 D_ENCRYPT(ks, r, l, 0);
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]434 }
435
436 /* rotate and clear the top bits on machines with 8byte longs */
437 l = ROTATE(l, 3) & 0xffffffffL;
438 r = ROTATE(r, 3) & 0xffffffffL;
439
440 FP(r, l);
441 data[0] = l;
442 data[1] = r;
443}
444
445static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
446 uint32_t l, r, t, u;
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]447
448 r = data[0];
449 l = data[1];
450
451 /* Things have been modified so that the initial rotate is done outside the
452 * loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to
453 * the right. One perl script later and things have a 5% speed up on a
454 * sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
455 * pointing this out. */
456 /* clear the top bits on machines with 8byte longs */
457 r = ROTATE(r, 29) & 0xffffffffL;
458 l = ROTATE(l, 29) & 0xffffffffL;
459
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]460 /* I don't know if it is worth the effort of loop unrolling the
461 * inner loop */
462 if (enc) {
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]463 D_ENCRYPT(ks, l, r, 0);
464 D_ENCRYPT(ks, r, l, 1);
465 D_ENCRYPT(ks, l, r, 2);
466 D_ENCRYPT(ks, r, l, 3);
467 D_ENCRYPT(ks, l, r, 4);
468 D_ENCRYPT(ks, r, l, 5);
469 D_ENCRYPT(ks, l, r, 6);
470 D_ENCRYPT(ks, r, l, 7);
471 D_ENCRYPT(ks, l, r, 8);
472 D_ENCRYPT(ks, r, l, 9);
473 D_ENCRYPT(ks, l, r, 10);
474 D_ENCRYPT(ks, r, l, 11);
475 D_ENCRYPT(ks, l, r, 12);
476 D_ENCRYPT(ks, r, l, 13);
477 D_ENCRYPT(ks, l, r, 14);
478 D_ENCRYPT(ks, r, l, 15);
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]479 } else {
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]480 D_ENCRYPT(ks, l, r, 15);
481 D_ENCRYPT(ks, r, l, 14);
482 D_ENCRYPT(ks, l, r, 13);
483 D_ENCRYPT(ks, r, l, 12);
484 D_ENCRYPT(ks, l, r, 11);
485 D_ENCRYPT(ks, r, l, 10);
486 D_ENCRYPT(ks, l, r, 9);
487 D_ENCRYPT(ks, r, l, 8);
488 D_ENCRYPT(ks, l, r, 7);
489 D_ENCRYPT(ks, r, l, 6);
490 D_ENCRYPT(ks, l, r, 5);
491 D_ENCRYPT(ks, r, l, 4);
492 D_ENCRYPT(ks, l, r, 3);
493 D_ENCRYPT(ks, r, l, 2);
494 D_ENCRYPT(ks, l, r, 1);
495 D_ENCRYPT(ks, r, l, 0);
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]496 }
497 /* rotate and clear the top bits on machines with 8byte longs */
498 data[0] = ROTATE(l, 3) & 0xffffffffL;
499 data[1] = ROTATE(r, 3) & 0xffffffffL;
500}
501
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]502/* DES_encrypt3 is not static because it's used in decrepit. */
503void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
504 const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]505 uint32_t l, r;
506
507 l = data[0];
508 r = data[1];
509 IP(l, r);
510 data[0] = l;
511 data[1] = r;
512 DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
513 DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
514 DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
515 l = data[0];
516 r = data[1];
517 FP(r, l);
518 data[0] = l;
519 data[1] = r;
520}
521
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]522/* DES_decrypt3 is not static because it's used in decrepit. */
523void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
524 const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]525 uint32_t l, r;
526
527 l = data[0];
528 r = data[1];
529 IP(l, r);
530 data[0] = l;
531 data[1] = r;
532 DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
533 DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
534 DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
535 l = data[0];
536 r = data[1];
537 FP(r, l);
538 data[0] = l;
539 data[1] = r;
540}
541
542void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
543 const DES_key_schedule *schedule, int is_encrypt) {
544 uint32_t l;
545 uint32_t ll[2];
546 const uint8_t *in = in_block->bytes;
547 uint8_t *out = out_block->bytes;
548
549 c2l(in, l);
550 ll[0] = l;
551 c2l(in, l);
552 ll[1] = l;
553 DES_encrypt1(ll, schedule, is_encrypt);
554 l = ll[0];
555 l2c(l, out);
556 l = ll[1];
557 l2c(l, out);
558 ll[0] = ll[1] = 0;
559}
560
561void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
562 const DES_key_schedule *schedule, DES_cblock *ivec,
563 int enc) {
564 uint32_t tin0, tin1;
565 uint32_t tout0, tout1, xor0, xor1;
566 uint32_t tin[2];
567 unsigned char *iv;
568
569 iv = ivec->bytes;
570
571 if (enc) {
572 c2l(iv, tout0);
573 c2l(iv, tout1);
574 for (; len >= 8; len -= 8) {
575 c2l(in, tin0);
576 c2l(in, tin1);
577 tin0 ^= tout0;
578 tin[0] = tin0;
579 tin1 ^= tout1;
580 tin[1] = tin1;
581 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
582 tout0 = tin[0];
583 l2c(tout0, out);
584 tout1 = tin[1];
585 l2c(tout1, out);
586 }
587 if (len != 0) {
588 c2ln(in, tin0, tin1, len);
589 tin0 ^= tout0;
590 tin[0] = tin0;
591 tin1 ^= tout1;
592 tin[1] = tin1;
593 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
594 tout0 = tin[0];
595 l2c(tout0, out);
596 tout1 = tin[1];
597 l2c(tout1, out);
598 }
599 iv = ivec->bytes;
600 l2c(tout0, iv);
601 l2c(tout1, iv);
602 } else {
603 c2l(iv, xor0);
604 c2l(iv, xor1);
605 for (; len >= 8; len -= 8) {
606 c2l(in, tin0);
607 tin[0] = tin0;
608 c2l(in, tin1);
609 tin[1] = tin1;
610 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
611 tout0 = tin[0] ^ xor0;
612 tout1 = tin[1] ^ xor1;
613 l2c(tout0, out);
614 l2c(tout1, out);
615 xor0 = tin0;
616 xor1 = tin1;
617 }
618 if (len != 0) {
619 c2l(in, tin0);
620 tin[0] = tin0;
621 c2l(in, tin1);
622 tin[1] = tin1;
623 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
624 tout0 = tin[0] ^ xor0;
625 tout1 = tin[1] ^ xor1;
626 l2cn(tout0, tout1, out, len);
627 xor0 = tin0;
628 xor1 = tin1;
629 }
630 iv = ivec->bytes;
631 l2c(xor0, iv);
632 l2c(xor1, iv);
633 }
634 tin[0] = tin[1] = 0;
635}
636
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]637void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
638 const DES_key_schedule *ks1, const DES_key_schedule *ks2,
639 const DES_key_schedule *ks3, int enc) {
640 uint32_t l0, l1;
641 uint32_t ll[2];
642 const uint8_t *in = input->bytes;
643 uint8_t *out = output->bytes;
644
645 c2l(in, l0);
646 c2l(in, l1);
647 ll[0] = l0;
648 ll[1] = l1;
649 if (enc) {
650 DES_encrypt3(ll, ks1, ks2, ks3);
651 } else {
652 DES_decrypt3(ll, ks1, ks2, ks3);
653 }
654 l0 = ll[0];
655 l1 = ll[1];
656 l2c(l0, out);
657 l2c(l1, out);
658}
659
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]660void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
661 const DES_key_schedule *ks1,
662 const DES_key_schedule *ks2,
663 const DES_key_schedule *ks3, DES_cblock *ivec,
664 int enc) {
665 uint32_t tin0, tin1;
666 uint32_t tout0, tout1, xor0, xor1;
667 uint32_t tin[2];
668 uint8_t *iv;
669
670 iv = ivec->bytes;
671
672 if (enc) {
673 c2l(iv, tout0);
674 c2l(iv, tout1);
675 for (; len >= 8; len -= 8) {
676 c2l(in, tin0);
677 c2l(in, tin1);
678 tin0 ^= tout0;
679 tin1 ^= tout1;
680
681 tin[0] = tin0;
682 tin[1] = tin1;
683 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
684 tout0 = tin[0];
685 tout1 = tin[1];
686
687 l2c(tout0, out);
688 l2c(tout1, out);
689 }
690 if (len != 0) {
691 c2ln(in, tin0, tin1, len);
692 tin0 ^= tout0;
693 tin1 ^= tout1;
694
695 tin[0] = tin0;
696 tin[1] = tin1;
697 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
698 tout0 = tin[0];
699 tout1 = tin[1];
700
701 l2c(tout0, out);
702 l2c(tout1, out);
703 }
704 iv = ivec->bytes;
705 l2c(tout0, iv);
706 l2c(tout1, iv);
707 } else {
708 uint32_t t0, t1;
709
710 c2l(iv, xor0);
711 c2l(iv, xor1);
712 for (; len >= 8; len -= 8) {
713 c2l(in, tin0);
714 c2l(in, tin1);
715
716 t0 = tin0;
717 t1 = tin1;
718
719 tin[0] = tin0;
720 tin[1] = tin1;
721 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
722 tout0 = tin[0];
723 tout1 = tin[1];
724
725 tout0 ^= xor0;
726 tout1 ^= xor1;
727 l2c(tout0, out);
728 l2c(tout1, out);
729 xor0 = t0;
730 xor1 = t1;
731 }
732 if (len != 0) {
733 c2l(in, tin0);
734 c2l(in, tin1);
735
736 t0 = tin0;
737 t1 = tin1;
738
739 tin[0] = tin0;
740 tin[1] = tin1;
741 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
742 tout0 = tin[0];
743 tout1 = tin[1];
744
745 tout0 ^= xor0;
746 tout1 ^= xor1;
747 l2cn(tout0, tout1, out, len);
748 xor0 = t0;
749 xor1 = t1;
750 }
751
752 iv = ivec->bytes;
753 l2c(xor0, iv);
754 l2c(xor1, iv);
755 }
756
757 tin[0] = tin[1] = 0;
758}
Adam Langleyf4e42722015-06-04 17:45:09 -0700[diff] [blame]759
760void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
761 const DES_key_schedule *ks1,
762 const DES_key_schedule *ks2,
763 DES_cblock *ivec,
764 int enc) {
765 DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc);
766}
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame^]767
768
769/* Deprecated functions. */
770
771void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) {
772 DES_set_key(key, schedule);
773}