Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / d9e397b599b13d642138480a28c14db7a136bf05 / . / src / crypto / des / des.c
blob: 6d000113ca211a9667c18fcaecab6312dbed0f7e [file] [log] [blame]
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame^]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57#include <openssl/des.h>
58
59#include "internal.h"
60
61
62static const uint32_t des_skb[8][64] = {
63 {/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
64 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 0x00010000L,
65 0x00010010L, 0x20010000L, 0x20010010L, 0x00000800L, 0x00000810L,
66 0x20000800L, 0x20000810L, 0x00010800L, 0x00010810L, 0x20010800L,
67 0x20010810L, 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
68 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 0x00000820L,
69 0x00000830L, 0x20000820L, 0x20000830L, 0x00010820L, 0x00010830L,
70 0x20010820L, 0x20010830L, 0x00080000L, 0x00080010L, 0x20080000L,
71 0x20080010L, 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
72 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 0x00090800L,
73 0x00090810L, 0x20090800L, 0x20090810L, 0x00080020L, 0x00080030L,
74 0x20080020L, 0x20080030L, 0x00090020L, 0x00090030L, 0x20090020L,
75 0x20090030L, 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
76 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, },
77 {/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
78 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 0x00200000L,
79 0x02200000L, 0x00202000L, 0x02202000L, 0x00000004L, 0x02000004L,
80 0x00002004L, 0x02002004L, 0x00200004L, 0x02200004L, 0x00202004L,
81 0x02202004L, 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
82 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 0x00000404L,
83 0x02000404L, 0x00002404L, 0x02002404L, 0x00200404L, 0x02200404L,
84 0x00202404L, 0x02202404L, 0x10000000L, 0x12000000L, 0x10002000L,
85 0x12002000L, 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
86 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 0x10200004L,
87 0x12200004L, 0x10202004L, 0x12202004L, 0x10000400L, 0x12000400L,
88 0x10002400L, 0x12002400L, 0x10200400L, 0x12200400L, 0x10202400L,
89 0x12202400L, 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
90 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, },
91 {/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
92 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 0x01000000L,
93 0x01000001L, 0x01040000L, 0x01040001L, 0x00000002L, 0x00000003L,
94 0x00040002L, 0x00040003L, 0x01000002L, 0x01000003L, 0x01040002L,
95 0x01040003L, 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
96 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 0x00000202L,
97 0x00000203L, 0x00040202L, 0x00040203L, 0x01000202L, 0x01000203L,
98 0x01040202L, 0x01040203L, 0x08000000L, 0x08000001L, 0x08040000L,
99 0x08040001L, 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
100 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 0x09000002L,
101 0x09000003L, 0x09040002L, 0x09040003L, 0x08000200L, 0x08000201L,
102 0x08040200L, 0x08040201L, 0x09000200L, 0x09000201L, 0x09040200L,
103 0x09040201L, 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
104 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, },
105 {/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
106 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 0x00000008L,
107 0x00100008L, 0x00000108L, 0x00100108L, 0x00001000L, 0x00101000L,
108 0x00001100L, 0x00101100L, 0x00001008L, 0x00101008L, 0x00001108L,
109 0x00101108L, 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
110 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 0x04001000L,
111 0x04101000L, 0x04001100L, 0x04101100L, 0x04001008L, 0x04101008L,
112 0x04001108L, 0x04101108L, 0x00020000L, 0x00120000L, 0x00020100L,
113 0x00120100L, 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
114 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 0x00021008L,
115 0x00121008L, 0x00021108L, 0x00121108L, 0x04020000L, 0x04120000L,
116 0x04020100L, 0x04120100L, 0x04020008L, 0x04120008L, 0x04020108L,
117 0x04120108L, 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
118 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, },
119 {/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
120 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 0x00000004L,
121 0x10000004L, 0x00010004L, 0x10010004L, 0x20000000L, 0x30000000L,
122 0x20010000L, 0x30010000L, 0x20000004L, 0x30000004L, 0x20010004L,
123 0x30010004L, 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
124 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 0x20100000L,
125 0x30100000L, 0x20110000L, 0x30110000L, 0x20100004L, 0x30100004L,
126 0x20110004L, 0x30110004L, 0x00001000L, 0x10001000L, 0x00011000L,
127 0x10011000L, 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
128 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 0x20001004L,
129 0x30001004L, 0x20011004L, 0x30011004L, 0x00101000L, 0x10101000L,
130 0x00111000L, 0x10111000L, 0x00101004L, 0x10101004L, 0x00111004L,
131 0x10111004L, 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
132 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, },
133 {/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
134 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 0x00000400L,
135 0x08000400L, 0x00000408L, 0x08000408L, 0x00020000L, 0x08020000L,
136 0x00020008L, 0x08020008L, 0x00020400L, 0x08020400L, 0x00020408L,
137 0x08020408L, 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
138 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 0x00020001L,
139 0x08020001L, 0x00020009L, 0x08020009L, 0x00020401L, 0x08020401L,
140 0x00020409L, 0x08020409L, 0x02000000L, 0x0A000000L, 0x02000008L,
141 0x0A000008L, 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
142 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 0x02020400L,
143 0x0A020400L, 0x02020408L, 0x0A020408L, 0x02000001L, 0x0A000001L,
144 0x02000009L, 0x0A000009L, 0x02000401L, 0x0A000401L, 0x02000409L,
145 0x0A000409L, 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
146 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, },
147 {/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
148 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 0x01000000L,
149 0x01000100L, 0x01080000L, 0x01080100L, 0x00000010L, 0x00000110L,
150 0x00080010L, 0x00080110L, 0x01000010L, 0x01000110L, 0x01080010L,
151 0x01080110L, 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
152 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 0x00200010L,
153 0x00200110L, 0x00280010L, 0x00280110L, 0x01200010L, 0x01200110L,
154 0x01280010L, 0x01280110L, 0x00000200L, 0x00000300L, 0x00080200L,
155 0x00080300L, 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
156 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 0x01000210L,
157 0x01000310L, 0x01080210L, 0x01080310L, 0x00200200L, 0x00200300L,
158 0x00280200L, 0x00280300L, 0x01200200L, 0x01200300L, 0x01280200L,
159 0x01280300L, 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
160 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, },
161 {/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
162 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 0x00000002L,
163 0x04000002L, 0x00040002L, 0x04040002L, 0x00002000L, 0x04002000L,
164 0x00042000L, 0x04042000L, 0x00002002L, 0x04002002L, 0x00042002L,
165 0x04042002L, 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
166 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 0x00002020L,
167 0x04002020L, 0x00042020L, 0x04042020L, 0x00002022L, 0x04002022L,
168 0x00042022L, 0x04042022L, 0x00000800L, 0x04000800L, 0x00040800L,
169 0x04040800L, 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
170 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 0x00002802L,
171 0x04002802L, 0x00042802L, 0x04042802L, 0x00000820L, 0x04000820L,
172 0x00040820L, 0x04040820L, 0x00000822L, 0x04000822L, 0x00040822L,
173 0x04040822L, 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
174 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, }};
175
176static const uint32_t DES_SPtrans[8][64] = {
177 {/* nibble 0 */
178 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L,
179 0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L,
180 0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L,
181 0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
182 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L,
183 0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L,
184 0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L,
185 0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
186 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L,
187 0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L,
188 0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L,
189 0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
190 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, },
191 {/* nibble 1 */
192 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L,
193 0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L,
194 0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L,
195 0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
196 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L,
197 0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L,
198 0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L,
199 0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
200 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L,
201 0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L,
202 0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L,
203 0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
204 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, },
205 {/* nibble 2 */
206 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L,
207 0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L,
208 0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L,
209 0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
210 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L,
211 0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L,
212 0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L,
213 0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
214 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L,
215 0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L,
216 0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L,
217 0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
218 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, },
219 {/* nibble 3 */
220 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L,
221 0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L,
222 0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L,
223 0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
224 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L,
225 0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L,
226 0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L,
227 0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
228 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L,
229 0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L,
230 0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L,
231 0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
232 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, },
233 {/* nibble 4 */
234 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L,
235 0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L,
236 0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L,
237 0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
238 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L,
239 0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L,
240 0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L,
241 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
242 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L,
243 0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L,
244 0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L,
245 0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
246 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, },
247 {/* nibble 5 */
248 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L,
249 0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L,
250 0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L,
251 0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
252 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L,
253 0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L,
254 0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L,
255 0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
256 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L,
257 0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L,
258 0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L,
259 0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
260 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, },
261 {/* nibble 6 */
262 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L,
263 0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L,
264 0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L,
265 0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
266 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L,
267 0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L,
268 0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L,
269 0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
270 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L,
271 0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L,
272 0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L,
273 0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
274 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, },
275 {/* nibble 7 */
276 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L,
277 0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L,
278 0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L,
279 0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
280 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L,
281 0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L,
282 0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L,
283 0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
284 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L,
285 0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L,
286 0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L,
287 0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
288 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }};
289
290#define HPERM_OP(a, t, n, m) \
291 ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
292 (a) = (a) ^ (t) ^ (t >> (16 - (n))))
293
294void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
295 static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
296 0, 1, 1, 1, 1, 1, 1, 0};
297 uint32_t c, d, t, s, t2;
298 const uint8_t *in;
299 uint32_t *k;
300 int i;
301
302 k = &schedule->ks->deslong[0];
303 in = key->bytes;
304
305 c2l(in, c);
306 c2l(in, d);
307
308 /* do PC1 in 47 simple operations :-)
309 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
310 * for the inspiration. :-) */
311 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
312 HPERM_OP(c, t, -2, 0xcccc0000L);
313 HPERM_OP(d, t, -2, 0xcccc0000L);
314 PERM_OP(d, c, t, 1, 0x55555555L);
315 PERM_OP(c, d, t, 8, 0x00ff00ffL);
316 PERM_OP(d, c, t, 1, 0x55555555L);
317 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
318 ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
319 c &= 0x0fffffffL;
320
321 for (i = 0; i < ITERATIONS; i++) {
322 if (shifts2[i]) {
323 c = ((c >> 2L) | (c << 26L));
324 d = ((d >> 2L) | (d << 26L));
325 } else {
326 c = ((c >> 1L) | (c << 27L));
327 d = ((d >> 1L) | (d << 27L));
328 }
329 c &= 0x0fffffffL;
330 d &= 0x0fffffffL;
331 /* could be a few less shifts but I am to lazy at this
332 * point in time to investigate */
333 s = des_skb[0][(c) & 0x3f] |
334 des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
335 des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
336 des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
337 ((c >> 22L) & 0x38)];
338 t = des_skb[4][(d) & 0x3f] |
339 des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
340 des_skb[6][(d >> 15L) & 0x3f] |
341 des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
342
343 /* table contained 0213 4657 */
344 t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
345 *(k++) = ROTATE(t2, 30) & 0xffffffffL;
346
347 t2 = ((s >> 16L) | (t & 0xffff0000L));
348 *(k++) = ROTATE(t2, 26) & 0xffffffffL;
349 }
350}
351
352static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
353 uint32_t l, r, t, u;
354 const uint32_t *s;
355
356 r = data[0];
357 l = data[1];
358
359 IP(r, l);
360 /* Things have been modified so that the initial rotate is done outside
361 * the loop. This required the DES_SPtrans values in sp.h to be
362 * rotated 1 bit to the right. One perl script later and things have a
363 * 5% speed up on a sparc2. Thanks to Richard Outerbridge
364 * <71755.204@CompuServe.COM> for pointing this out. */
365 /* clear the top bits on machines with 8byte longs */
366 /* shift left by 2 */
367 r = ROTATE(r, 29) & 0xffffffffL;
368 l = ROTATE(l, 29) & 0xffffffffL;
369
370 s = ks->ks->deslong;
371 /* I don't know if it is worth the effort of loop unrolling the
372 * inner loop */
373 if (enc) {
374 D_ENCRYPT(l, r, 0); /* 1 */
375 D_ENCRYPT(r, l, 2); /* 2 */
376 D_ENCRYPT(l, r, 4); /* 3 */
377 D_ENCRYPT(r, l, 6); /* 4 */
378 D_ENCRYPT(l, r, 8); /* 5 */
379 D_ENCRYPT(r, l, 10); /* 6 */
380 D_ENCRYPT(l, r, 12); /* 7 */
381 D_ENCRYPT(r, l, 14); /* 8 */
382 D_ENCRYPT(l, r, 16); /* 9 */
383 D_ENCRYPT(r, l, 18); /* 10 */
384 D_ENCRYPT(l, r, 20); /* 11 */
385 D_ENCRYPT(r, l, 22); /* 12 */
386 D_ENCRYPT(l, r, 24); /* 13 */
387 D_ENCRYPT(r, l, 26); /* 14 */
388 D_ENCRYPT(l, r, 28); /* 15 */
389 D_ENCRYPT(r, l, 30); /* 16 */
390 } else {
391 D_ENCRYPT(l, r, 30); /* 16 */
392 D_ENCRYPT(r, l, 28); /* 15 */
393 D_ENCRYPT(l, r, 26); /* 14 */
394 D_ENCRYPT(r, l, 24); /* 13 */
395 D_ENCRYPT(l, r, 22); /* 12 */
396 D_ENCRYPT(r, l, 20); /* 11 */
397 D_ENCRYPT(l, r, 18); /* 10 */
398 D_ENCRYPT(r, l, 16); /* 9 */
399 D_ENCRYPT(l, r, 14); /* 8 */
400 D_ENCRYPT(r, l, 12); /* 7 */
401 D_ENCRYPT(l, r, 10); /* 6 */
402 D_ENCRYPT(r, l, 8); /* 5 */
403 D_ENCRYPT(l, r, 6); /* 4 */
404 D_ENCRYPT(r, l, 4); /* 3 */
405 D_ENCRYPT(l, r, 2); /* 2 */
406 D_ENCRYPT(r, l, 0); /* 1 */
407 }
408
409 /* rotate and clear the top bits on machines with 8byte longs */
410 l = ROTATE(l, 3) & 0xffffffffL;
411 r = ROTATE(r, 3) & 0xffffffffL;
412
413 FP(r, l);
414 data[0] = l;
415 data[1] = r;
416}
417
418static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
419 uint32_t l, r, t, u;
420 const uint32_t *s;
421
422 r = data[0];
423 l = data[1];
424
425 /* Things have been modified so that the initial rotate is done outside the
426 * loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to
427 * the right. One perl script later and things have a 5% speed up on a
428 * sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
429 * pointing this out. */
430 /* clear the top bits on machines with 8byte longs */
431 r = ROTATE(r, 29) & 0xffffffffL;
432 l = ROTATE(l, 29) & 0xffffffffL;
433
434 s = ks->ks->deslong;
435 /* I don't know if it is worth the effort of loop unrolling the
436 * inner loop */
437 if (enc) {
438 D_ENCRYPT(l, r, 0); /* 1 */
439 D_ENCRYPT(r, l, 2); /* 2 */
440 D_ENCRYPT(l, r, 4); /* 3 */
441 D_ENCRYPT(r, l, 6); /* 4 */
442 D_ENCRYPT(l, r, 8); /* 5 */
443 D_ENCRYPT(r, l, 10); /* 6 */
444 D_ENCRYPT(l, r, 12); /* 7 */
445 D_ENCRYPT(r, l, 14); /* 8 */
446 D_ENCRYPT(l, r, 16); /* 9 */
447 D_ENCRYPT(r, l, 18); /* 10 */
448 D_ENCRYPT(l, r, 20); /* 11 */
449 D_ENCRYPT(r, l, 22); /* 12 */
450 D_ENCRYPT(l, r, 24); /* 13 */
451 D_ENCRYPT(r, l, 26); /* 14 */
452 D_ENCRYPT(l, r, 28); /* 15 */
453 D_ENCRYPT(r, l, 30); /* 16 */
454 } else {
455 D_ENCRYPT(l, r, 30); /* 16 */
456 D_ENCRYPT(r, l, 28); /* 15 */
457 D_ENCRYPT(l, r, 26); /* 14 */
458 D_ENCRYPT(r, l, 24); /* 13 */
459 D_ENCRYPT(l, r, 22); /* 12 */
460 D_ENCRYPT(r, l, 20); /* 11 */
461 D_ENCRYPT(l, r, 18); /* 10 */
462 D_ENCRYPT(r, l, 16); /* 9 */
463 D_ENCRYPT(l, r, 14); /* 8 */
464 D_ENCRYPT(r, l, 12); /* 7 */
465 D_ENCRYPT(l, r, 10); /* 6 */
466 D_ENCRYPT(r, l, 8); /* 5 */
467 D_ENCRYPT(l, r, 6); /* 4 */
468 D_ENCRYPT(r, l, 4); /* 3 */
469 D_ENCRYPT(l, r, 2); /* 2 */
470 D_ENCRYPT(r, l, 0); /* 1 */
471 }
472 /* rotate and clear the top bits on machines with 8byte longs */
473 data[0] = ROTATE(l, 3) & 0xffffffffL;
474 data[1] = ROTATE(r, 3) & 0xffffffffL;
475}
476
477static void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
478 const DES_key_schedule *ks2,
479 const DES_key_schedule *ks3) {
480 uint32_t l, r;
481
482 l = data[0];
483 r = data[1];
484 IP(l, r);
485 data[0] = l;
486 data[1] = r;
487 DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
488 DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
489 DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
490 l = data[0];
491 r = data[1];
492 FP(r, l);
493 data[0] = l;
494 data[1] = r;
495}
496
497static void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
498 const DES_key_schedule *ks2,
499 const DES_key_schedule *ks3) {
500 uint32_t l, r;
501
502 l = data[0];
503 r = data[1];
504 IP(l, r);
505 data[0] = l;
506 data[1] = r;
507 DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
508 DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
509 DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
510 l = data[0];
511 r = data[1];
512 FP(r, l);
513 data[0] = l;
514 data[1] = r;
515}
516
517void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
518 const DES_key_schedule *schedule, int is_encrypt) {
519 uint32_t l;
520 uint32_t ll[2];
521 const uint8_t *in = in_block->bytes;
522 uint8_t *out = out_block->bytes;
523
524 c2l(in, l);
525 ll[0] = l;
526 c2l(in, l);
527 ll[1] = l;
528 DES_encrypt1(ll, schedule, is_encrypt);
529 l = ll[0];
530 l2c(l, out);
531 l = ll[1];
532 l2c(l, out);
533 ll[0] = ll[1] = 0;
534}
535
536void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
537 const DES_key_schedule *schedule, DES_cblock *ivec,
538 int enc) {
539 uint32_t tin0, tin1;
540 uint32_t tout0, tout1, xor0, xor1;
541 uint32_t tin[2];
542 unsigned char *iv;
543
544 iv = ivec->bytes;
545
546 if (enc) {
547 c2l(iv, tout0);
548 c2l(iv, tout1);
549 for (; len >= 8; len -= 8) {
550 c2l(in, tin0);
551 c2l(in, tin1);
552 tin0 ^= tout0;
553 tin[0] = tin0;
554 tin1 ^= tout1;
555 tin[1] = tin1;
556 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
557 tout0 = tin[0];
558 l2c(tout0, out);
559 tout1 = tin[1];
560 l2c(tout1, out);
561 }
562 if (len != 0) {
563 c2ln(in, tin0, tin1, len);
564 tin0 ^= tout0;
565 tin[0] = tin0;
566 tin1 ^= tout1;
567 tin[1] = tin1;
568 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
569 tout0 = tin[0];
570 l2c(tout0, out);
571 tout1 = tin[1];
572 l2c(tout1, out);
573 }
574 iv = ivec->bytes;
575 l2c(tout0, iv);
576 l2c(tout1, iv);
577 } else {
578 c2l(iv, xor0);
579 c2l(iv, xor1);
580 for (; len >= 8; len -= 8) {
581 c2l(in, tin0);
582 tin[0] = tin0;
583 c2l(in, tin1);
584 tin[1] = tin1;
585 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
586 tout0 = tin[0] ^ xor0;
587 tout1 = tin[1] ^ xor1;
588 l2c(tout0, out);
589 l2c(tout1, out);
590 xor0 = tin0;
591 xor1 = tin1;
592 }
593 if (len != 0) {
594 c2l(in, tin0);
595 tin[0] = tin0;
596 c2l(in, tin1);
597 tin[1] = tin1;
598 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
599 tout0 = tin[0] ^ xor0;
600 tout1 = tin[1] ^ xor1;
601 l2cn(tout0, tout1, out, len);
602 xor0 = tin0;
603 xor1 = tin1;
604 }
605 iv = ivec->bytes;
606 l2c(xor0, iv);
607 l2c(xor1, iv);
608 }
609 tin[0] = tin[1] = 0;
610}
611
612void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
613 const DES_key_schedule *ks1,
614 const DES_key_schedule *ks2,
615 const DES_key_schedule *ks3, DES_cblock *ivec,
616 int enc) {
617 uint32_t tin0, tin1;
618 uint32_t tout0, tout1, xor0, xor1;
619 uint32_t tin[2];
620 uint8_t *iv;
621
622 iv = ivec->bytes;
623
624 if (enc) {
625 c2l(iv, tout0);
626 c2l(iv, tout1);
627 for (; len >= 8; len -= 8) {
628 c2l(in, tin0);
629 c2l(in, tin1);
630 tin0 ^= tout0;
631 tin1 ^= tout1;
632
633 tin[0] = tin0;
634 tin[1] = tin1;
635 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
636 tout0 = tin[0];
637 tout1 = tin[1];
638
639 l2c(tout0, out);
640 l2c(tout1, out);
641 }
642 if (len != 0) {
643 c2ln(in, tin0, tin1, len);
644 tin0 ^= tout0;
645 tin1 ^= tout1;
646
647 tin[0] = tin0;
648 tin[1] = tin1;
649 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
650 tout0 = tin[0];
651 tout1 = tin[1];
652
653 l2c(tout0, out);
654 l2c(tout1, out);
655 }
656 iv = ivec->bytes;
657 l2c(tout0, iv);
658 l2c(tout1, iv);
659 } else {
660 uint32_t t0, t1;
661
662 c2l(iv, xor0);
663 c2l(iv, xor1);
664 for (; len >= 8; len -= 8) {
665 c2l(in, tin0);
666 c2l(in, tin1);
667
668 t0 = tin0;
669 t1 = tin1;
670
671 tin[0] = tin0;
672 tin[1] = tin1;
673 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
674 tout0 = tin[0];
675 tout1 = tin[1];
676
677 tout0 ^= xor0;
678 tout1 ^= xor1;
679 l2c(tout0, out);
680 l2c(tout1, out);
681 xor0 = t0;
682 xor1 = t1;
683 }
684 if (len != 0) {
685 c2l(in, tin0);
686 c2l(in, tin1);
687
688 t0 = tin0;
689 t1 = tin1;
690
691 tin[0] = tin0;
692 tin[1] = tin1;
693 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
694 tout0 = tin[0];
695 tout1 = tin[1];
696
697 tout0 ^= xor0;
698 tout1 ^= xor1;
699 l2cn(tout0, tout1, out, len);
700 xor0 = t0;
701 xor1 = t1;
702 }
703
704 iv = ivec->bytes;
705 l2c(xor0, iv);
706 l2c(xor1, iv);
707 }
708
709 tin[0] = tin[1] = 0;
710}