1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57#include <openssl/des.h> 58 59#include <stdlib.h> 60 61#include "internal.h" 62 63 64static const uint32_t des_skb[8][64] = { 65 {/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 66 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 0x00010000L, 67 0x00010010L, 0x20010000L, 0x20010010L, 0x00000800L, 0x00000810L, 68 0x20000800L, 0x20000810L, 0x00010800L, 0x00010810L, 0x20010800L, 69 0x20010810L, 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, 70 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 0x00000820L, 71 0x00000830L, 0x20000820L, 0x20000830L, 0x00010820L, 0x00010830L, 72 0x20010820L, 0x20010830L, 0x00080000L, 0x00080010L, 0x20080000L, 73 0x20080010L, 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, 74 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 0x00090800L, 75 0x00090810L, 0x20090800L, 0x20090810L, 0x00080020L, 0x00080030L, 76 0x20080020L, 0x20080030L, 0x00090020L, 0x00090030L, 0x20090020L, 77 0x20090030L, 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, 78 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, }, 79 {/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ 80 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 0x00200000L, 81 0x02200000L, 0x00202000L, 0x02202000L, 0x00000004L, 0x02000004L, 82 0x00002004L, 0x02002004L, 0x00200004L, 0x02200004L, 0x00202004L, 83 0x02202004L, 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, 84 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 0x00000404L, 85 0x02000404L, 0x00002404L, 0x02002404L, 0x00200404L, 0x02200404L, 86 0x00202404L, 0x02202404L, 0x10000000L, 0x12000000L, 0x10002000L, 87 0x12002000L, 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, 88 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 0x10200004L, 89 0x12200004L, 0x10202004L, 0x12202004L, 0x10000400L, 0x12000400L, 90 0x10002400L, 0x12002400L, 0x10200400L, 0x12200400L, 0x10202400L, 91 0x12202400L, 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, 92 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, }, 93 {/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ 94 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 0x01000000L, 95 0x01000001L, 0x01040000L, 0x01040001L, 0x00000002L, 0x00000003L, 96 0x00040002L, 0x00040003L, 0x01000002L, 0x01000003L, 0x01040002L, 97 0x01040003L, 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, 98 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 0x00000202L, 99 0x00000203L, 0x00040202L, 0x00040203L, 0x01000202L, 0x01000203L, 100 0x01040202L, 0x01040203L, 0x08000000L, 0x08000001L, 0x08040000L, 101 0x08040001L, 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, 102 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 0x09000002L, 103 0x09000003L, 0x09040002L, 0x09040003L, 0x08000200L, 0x08000201L, 104 0x08040200L, 0x08040201L, 0x09000200L, 0x09000201L, 0x09040200L, 105 0x09040201L, 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, 106 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, }, 107 {/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ 108 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 0x00000008L, 109 0x00100008L, 0x00000108L, 0x00100108L, 0x00001000L, 0x00101000L, 110 0x00001100L, 0x00101100L, 0x00001008L, 0x00101008L, 0x00001108L, 111 0x00101108L, 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, 112 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 0x04001000L, 113 0x04101000L, 0x04001100L, 0x04101100L, 0x04001008L, 0x04101008L, 114 0x04001108L, 0x04101108L, 0x00020000L, 0x00120000L, 0x00020100L, 115 0x00120100L, 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, 116 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 0x00021008L, 117 0x00121008L, 0x00021108L, 0x00121108L, 0x04020000L, 0x04120000L, 118 0x04020100L, 0x04120100L, 0x04020008L, 0x04120008L, 0x04020108L, 119 0x04120108L, 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, 120 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, }, 121 {/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 122 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 0x00000004L, 123 0x10000004L, 0x00010004L, 0x10010004L, 0x20000000L, 0x30000000L, 124 0x20010000L, 0x30010000L, 0x20000004L, 0x30000004L, 0x20010004L, 125 0x30010004L, 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, 126 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 0x20100000L, 127 0x30100000L, 0x20110000L, 0x30110000L, 0x20100004L, 0x30100004L, 128 0x20110004L, 0x30110004L, 0x00001000L, 0x10001000L, 0x00011000L, 129 0x10011000L, 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, 130 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 0x20001004L, 131 0x30001004L, 0x20011004L, 0x30011004L, 0x00101000L, 0x10101000L, 132 0x00111000L, 0x10111000L, 0x00101004L, 0x10101004L, 0x00111004L, 133 0x10111004L, 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, 134 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, }, 135 {/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ 136 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 0x00000400L, 137 0x08000400L, 0x00000408L, 0x08000408L, 0x00020000L, 0x08020000L, 138 0x00020008L, 0x08020008L, 0x00020400L, 0x08020400L, 0x00020408L, 139 0x08020408L, 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, 140 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 0x00020001L, 141 0x08020001L, 0x00020009L, 0x08020009L, 0x00020401L, 0x08020401L, 142 0x00020409L, 0x08020409L, 0x02000000L, 0x0A000000L, 0x02000008L, 143 0x0A000008L, 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, 144 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 0x02020400L, 145 0x0A020400L, 0x02020408L, 0x0A020408L, 0x02000001L, 0x0A000001L, 146 0x02000009L, 0x0A000009L, 0x02000401L, 0x0A000401L, 0x02000409L, 147 0x0A000409L, 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, 148 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, }, 149 {/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ 150 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 0x01000000L, 151 0x01000100L, 0x01080000L, 0x01080100L, 0x00000010L, 0x00000110L, 152 0x00080010L, 0x00080110L, 0x01000010L, 0x01000110L, 0x01080010L, 153 0x01080110L, 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, 154 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 0x00200010L, 155 0x00200110L, 0x00280010L, 0x00280110L, 0x01200010L, 0x01200110L, 156 0x01280010L, 0x01280110L, 0x00000200L, 0x00000300L, 0x00080200L, 157 0x00080300L, 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, 158 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 0x01000210L, 159 0x01000310L, 0x01080210L, 0x01080310L, 0x00200200L, 0x00200300L, 160 0x00280200L, 0x00280300L, 0x01200200L, 0x01200300L, 0x01280200L, 161 0x01280300L, 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, 162 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, }, 163 {/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ 164 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 0x00000002L, 165 0x04000002L, 0x00040002L, 0x04040002L, 0x00002000L, 0x04002000L, 166 0x00042000L, 0x04042000L, 0x00002002L, 0x04002002L, 0x00042002L, 167 0x04042002L, 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, 168 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 0x00002020L, 169 0x04002020L, 0x00042020L, 0x04042020L, 0x00002022L, 0x04002022L, 170 0x00042022L, 0x04042022L, 0x00000800L, 0x04000800L, 0x00040800L, 171 0x04040800L, 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, 172 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 0x00002802L, 173 0x04002802L, 0x00042802L, 0x04042802L, 0x00000820L, 0x04000820L, 174 0x00040820L, 0x04040820L, 0x00000822L, 0x04000822L, 0x00040822L, 175 0x04040822L, 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, 176 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, }}; 177 178static const uint32_t DES_SPtrans[8][64] = { 179 {/* nibble 0 */ 180 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L, 181 0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L, 182 0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L, 183 0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, 184 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L, 185 0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L, 186 0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L, 187 0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, 188 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L, 189 0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L, 190 0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L, 191 0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, 192 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, }, 193 {/* nibble 1 */ 194 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L, 195 0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L, 196 0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L, 197 0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, 198 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L, 199 0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L, 200 0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L, 201 0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, 202 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L, 203 0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L, 204 0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L, 205 0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, 206 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, }, 207 {/* nibble 2 */ 208 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L, 209 0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L, 210 0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L, 211 0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, 212 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L, 213 0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L, 214 0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L, 215 0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, 216 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L, 217 0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L, 218 0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L, 219 0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, 220 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, }, 221 {/* nibble 3 */ 222 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L, 223 0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L, 224 0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L, 225 0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, 226 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L, 227 0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L, 228 0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L, 229 0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, 230 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L, 231 0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L, 232 0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L, 233 0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, 234 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, }, 235 {/* nibble 4 */ 236 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L, 237 0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L, 238 0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L, 239 0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, 240 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L, 241 0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L, 242 0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L, 243 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, 244 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L, 245 0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L, 246 0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L, 247 0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, 248 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, }, 249 {/* nibble 5 */ 250 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L, 251 0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L, 252 0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L, 253 0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, 254 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L, 255 0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L, 256 0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L, 257 0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, 258 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L, 259 0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L, 260 0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L, 261 0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, 262 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, }, 263 {/* nibble 6 */ 264 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L, 265 0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L, 266 0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L, 267 0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, 268 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L, 269 0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L, 270 0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L, 271 0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, 272 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L, 273 0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L, 274 0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L, 275 0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, 276 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, }, 277 {/* nibble 7 */ 278 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L, 279 0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L, 280 0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L, 281 0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, 282 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L, 283 0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L, 284 0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L, 285 0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, 286 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L, 287 0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L, 288 0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L, 289 0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, 290 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }}; 291 292#define HPERM_OP(a, t, n, m) \ 293 ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \ 294 (a) = (a) ^ (t) ^ ((t) >> (16 - (n)))) 295 296void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { 297 static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1, 298 0, 1, 1, 1, 1, 1, 1, 0}; 299 uint32_t c, d, t, s, t2; 300 const uint8_t *in; 301 int i; 302 303 in = key->bytes; 304 305 c2l(in, c); 306 c2l(in, d); 307 308 /* do PC1 in 47 simple operations :-) 309 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) 310 * for the inspiration. :-) */ 311 PERM_OP(d, c, t, 4, 0x0f0f0f0fL); 312 HPERM_OP(c, t, -2, 0xcccc0000L); 313 HPERM_OP(d, t, -2, 0xcccc0000L); 314 PERM_OP(d, c, t, 1, 0x55555555L); 315 PERM_OP(c, d, t, 8, 0x00ff00ffL); 316 PERM_OP(d, c, t, 1, 0x55555555L); 317 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | 318 ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); 319 c &= 0x0fffffffL; 320 321 for (i = 0; i < ITERATIONS; i++) { 322 if (shifts2[i]) { 323 c = ((c >> 2L) | (c << 26L)); 324 d = ((d >> 2L) | (d << 26L)); 325 } else { 326 c = ((c >> 1L) | (c << 27L)); 327 d = ((d >> 1L) | (d << 27L)); 328 } 329 c &= 0x0fffffffL; 330 d &= 0x0fffffffL; 331 /* could be a few less shifts but I am to lazy at this 332 * point in time to investigate */ 333 s = des_skb[0][(c) & 0x3f] | 334 des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | 335 des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | 336 des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | 337 ((c >> 22L) & 0x38)]; 338 t = des_skb[4][(d) & 0x3f] | 339 des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | 340 des_skb[6][(d >> 15L) & 0x3f] | 341 des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; 342 343 /* table contained 0213 4657 */ 344 t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; 345 schedule->subkeys[i][0] = ROTATE(t2, 30) & 0xffffffffL; 346 347 t2 = ((s >> 16L) | (t & 0xffff0000L)); 348 schedule->subkeys[i][1] = ROTATE(t2, 26) & 0xffffffffL; 349 } 350} 351 352static const uint8_t kOddParity[256] = { 353 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 354 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 355 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 356 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 357 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 358 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 359 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, 360 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, 361 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134, 362 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148, 363 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164, 364 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179, 365 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194, 366 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208, 367 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224, 368 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239, 369 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, 370 254 371}; 372 373void DES_set_odd_parity(DES_cblock *key) { 374 unsigned i; 375 376 for (i = 0; i < DES_KEY_SZ; i++) { 377 key->bytes[i] = kOddParity[key->bytes[i]]; 378 } 379} 380 381static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) { 382 uint32_t l, r, t, u; 383 384 r = data[0]; 385 l = data[1]; 386 387 IP(r, l); 388 /* Things have been modified so that the initial rotate is done outside 389 * the loop. This required the DES_SPtrans values in sp.h to be 390 * rotated 1 bit to the right. One perl script later and things have a 391 * 5% speed up on a sparc2. Thanks to Richard Outerbridge 392 * <71755.204@CompuServe.COM> for pointing this out. */ 393 /* clear the top bits on machines with 8byte longs */ 394 /* shift left by 2 */ 395 r = ROTATE(r, 29) & 0xffffffffL; 396 l = ROTATE(l, 29) & 0xffffffffL; 397 398 /* I don't know if it is worth the effort of loop unrolling the 399 * inner loop */ 400 if (enc) { 401 D_ENCRYPT(ks, l, r, 0); 402 D_ENCRYPT(ks, r, l, 1); 403 D_ENCRYPT(ks, l, r, 2); 404 D_ENCRYPT(ks, r, l, 3); 405 D_ENCRYPT(ks, l, r, 4); 406 D_ENCRYPT(ks, r, l, 5); 407 D_ENCRYPT(ks, l, r, 6); 408 D_ENCRYPT(ks, r, l, 7); 409 D_ENCRYPT(ks, l, r, 8); 410 D_ENCRYPT(ks, r, l, 9); 411 D_ENCRYPT(ks, l, r, 10); 412 D_ENCRYPT(ks, r, l, 11); 413 D_ENCRYPT(ks, l, r, 12); 414 D_ENCRYPT(ks, r, l, 13); 415 D_ENCRYPT(ks, l, r, 14); 416 D_ENCRYPT(ks, r, l, 15); 417 } else { 418 D_ENCRYPT(ks, l, r, 15); 419 D_ENCRYPT(ks, r, l, 14); 420 D_ENCRYPT(ks, l, r, 13); 421 D_ENCRYPT(ks, r, l, 12); 422 D_ENCRYPT(ks, l, r, 11); 423 D_ENCRYPT(ks, r, l, 10); 424 D_ENCRYPT(ks, l, r, 9); 425 D_ENCRYPT(ks, r, l, 8); 426 D_ENCRYPT(ks, l, r, 7); 427 D_ENCRYPT(ks, r, l, 6); 428 D_ENCRYPT(ks, l, r, 5); 429 D_ENCRYPT(ks, r, l, 4); 430 D_ENCRYPT(ks, l, r, 3); 431 D_ENCRYPT(ks, r, l, 2); 432 D_ENCRYPT(ks, l, r, 1); 433 D_ENCRYPT(ks, r, l, 0); 434 } 435 436 /* rotate and clear the top bits on machines with 8byte longs */ 437 l = ROTATE(l, 3) & 0xffffffffL; 438 r = ROTATE(r, 3) & 0xffffffffL; 439 440 FP(r, l); 441 data[0] = l; 442 data[1] = r; 443} 444 445static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) { 446 uint32_t l, r, t, u; 447 448 r = data[0]; 449 l = data[1]; 450 451 /* Things have been modified so that the initial rotate is done outside the 452 * loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to 453 * the right. One perl script later and things have a 5% speed up on a 454 * sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for 455 * pointing this out. */ 456 /* clear the top bits on machines with 8byte longs */ 457 r = ROTATE(r, 29) & 0xffffffffL; 458 l = ROTATE(l, 29) & 0xffffffffL; 459 460 /* I don't know if it is worth the effort of loop unrolling the 461 * inner loop */ 462 if (enc) { 463 D_ENCRYPT(ks, l, r, 0); 464 D_ENCRYPT(ks, r, l, 1); 465 D_ENCRYPT(ks, l, r, 2); 466 D_ENCRYPT(ks, r, l, 3); 467 D_ENCRYPT(ks, l, r, 4); 468 D_ENCRYPT(ks, r, l, 5); 469 D_ENCRYPT(ks, l, r, 6); 470 D_ENCRYPT(ks, r, l, 7); 471 D_ENCRYPT(ks, l, r, 8); 472 D_ENCRYPT(ks, r, l, 9); 473 D_ENCRYPT(ks, l, r, 10); 474 D_ENCRYPT(ks, r, l, 11); 475 D_ENCRYPT(ks, l, r, 12); 476 D_ENCRYPT(ks, r, l, 13); 477 D_ENCRYPT(ks, l, r, 14); 478 D_ENCRYPT(ks, r, l, 15); 479 } else { 480 D_ENCRYPT(ks, l, r, 15); 481 D_ENCRYPT(ks, r, l, 14); 482 D_ENCRYPT(ks, l, r, 13); 483 D_ENCRYPT(ks, r, l, 12); 484 D_ENCRYPT(ks, l, r, 11); 485 D_ENCRYPT(ks, r, l, 10); 486 D_ENCRYPT(ks, l, r, 9); 487 D_ENCRYPT(ks, r, l, 8); 488 D_ENCRYPT(ks, l, r, 7); 489 D_ENCRYPT(ks, r, l, 6); 490 D_ENCRYPT(ks, l, r, 5); 491 D_ENCRYPT(ks, r, l, 4); 492 D_ENCRYPT(ks, l, r, 3); 493 D_ENCRYPT(ks, r, l, 2); 494 D_ENCRYPT(ks, l, r, 1); 495 D_ENCRYPT(ks, r, l, 0); 496 } 497 /* rotate and clear the top bits on machines with 8byte longs */ 498 data[0] = ROTATE(l, 3) & 0xffffffffL; 499 data[1] = ROTATE(r, 3) & 0xffffffffL; 500} 501 502void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1, 503 const DES_key_schedule *ks2, const DES_key_schedule *ks3) { 504 uint32_t l, r; 505 506 l = data[0]; 507 r = data[1]; 508 IP(l, r); 509 data[0] = l; 510 data[1] = r; 511 DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT); 512 DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT); 513 DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT); 514 l = data[0]; 515 r = data[1]; 516 FP(r, l); 517 data[0] = l; 518 data[1] = r; 519} 520 521void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1, 522 const DES_key_schedule *ks2, const DES_key_schedule *ks3) { 523 uint32_t l, r; 524 525 l = data[0]; 526 r = data[1]; 527 IP(l, r); 528 data[0] = l; 529 data[1] = r; 530 DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT); 531 DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT); 532 DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT); 533 l = data[0]; 534 r = data[1]; 535 FP(r, l); 536 data[0] = l; 537 data[1] = r; 538} 539 540void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block, 541 const DES_key_schedule *schedule, int is_encrypt) { 542 uint32_t l; 543 uint32_t ll[2]; 544 const uint8_t *in = in_block->bytes; 545 uint8_t *out = out_block->bytes; 546 547 c2l(in, l); 548 ll[0] = l; 549 c2l(in, l); 550 ll[1] = l; 551 DES_encrypt1(ll, schedule, is_encrypt); 552 l = ll[0]; 553 l2c(l, out); 554 l = ll[1]; 555 l2c(l, out); 556 ll[0] = ll[1] = 0; 557} 558 559void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, 560 const DES_key_schedule *schedule, DES_cblock *ivec, 561 int enc) { 562 uint32_t tin0, tin1; 563 uint32_t tout0, tout1, xor0, xor1; 564 uint32_t tin[2]; 565 unsigned char *iv; 566 567 iv = ivec->bytes; 568 569 if (enc) { 570 c2l(iv, tout0); 571 c2l(iv, tout1); 572 for (; len >= 8; len -= 8) { 573 c2l(in, tin0); 574 c2l(in, tin1); 575 tin0 ^= tout0; 576 tin[0] = tin0; 577 tin1 ^= tout1; 578 tin[1] = tin1; 579 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT); 580 tout0 = tin[0]; 581 l2c(tout0, out); 582 tout1 = tin[1]; 583 l2c(tout1, out); 584 } 585 if (len != 0) { 586 c2ln(in, tin0, tin1, len); 587 tin0 ^= tout0; 588 tin[0] = tin0; 589 tin1 ^= tout1; 590 tin[1] = tin1; 591 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT); 592 tout0 = tin[0]; 593 l2c(tout0, out); 594 tout1 = tin[1]; 595 l2c(tout1, out); 596 } 597 iv = ivec->bytes; 598 l2c(tout0, iv); 599 l2c(tout1, iv); 600 } else { 601 c2l(iv, xor0); 602 c2l(iv, xor1); 603 for (; len >= 8; len -= 8) { 604 c2l(in, tin0); 605 tin[0] = tin0; 606 c2l(in, tin1); 607 tin[1] = tin1; 608 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT); 609 tout0 = tin[0] ^ xor0; 610 tout1 = tin[1] ^ xor1; 611 l2c(tout0, out); 612 l2c(tout1, out); 613 xor0 = tin0; 614 xor1 = tin1; 615 } 616 if (len != 0) { 617 c2l(in, tin0); 618 tin[0] = tin0; 619 c2l(in, tin1); 620 tin[1] = tin1; 621 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT); 622 tout0 = tin[0] ^ xor0; 623 tout1 = tin[1] ^ xor1; 624 l2cn(tout0, tout1, out, len); 625 xor0 = tin0; 626 xor1 = tin1; 627 } 628 iv = ivec->bytes; 629 l2c(xor0, iv); 630 l2c(xor1, iv); 631 } 632 tin[0] = tin[1] = 0; 633} 634 635void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output, 636 const DES_key_schedule *ks1, const DES_key_schedule *ks2, 637 const DES_key_schedule *ks3, int enc) { 638 uint32_t l0, l1; 639 uint32_t ll[2]; 640 const uint8_t *in = input->bytes; 641 uint8_t *out = output->bytes; 642 643 c2l(in, l0); 644 c2l(in, l1); 645 ll[0] = l0; 646 ll[1] = l1; 647 if (enc) { 648 DES_encrypt3(ll, ks1, ks2, ks3); 649 } else { 650 DES_decrypt3(ll, ks1, ks2, ks3); 651 } 652 l0 = ll[0]; 653 l1 = ll[1]; 654 l2c(l0, out); 655 l2c(l1, out); 656} 657 658void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, 659 const DES_key_schedule *ks1, 660 const DES_key_schedule *ks2, 661 const DES_key_schedule *ks3, DES_cblock *ivec, 662 int enc) { 663 uint32_t tin0, tin1; 664 uint32_t tout0, tout1, xor0, xor1; 665 uint32_t tin[2]; 666 uint8_t *iv; 667 668 iv = ivec->bytes; 669 670 if (enc) { 671 c2l(iv, tout0); 672 c2l(iv, tout1); 673 for (; len >= 8; len -= 8) { 674 c2l(in, tin0); 675 c2l(in, tin1); 676 tin0 ^= tout0; 677 tin1 ^= tout1; 678 679 tin[0] = tin0; 680 tin[1] = tin1; 681 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3); 682 tout0 = tin[0]; 683 tout1 = tin[1]; 684 685 l2c(tout0, out); 686 l2c(tout1, out); 687 } 688 if (len != 0) { 689 c2ln(in, tin0, tin1, len); 690 tin0 ^= tout0; 691 tin1 ^= tout1; 692 693 tin[0] = tin0; 694 tin[1] = tin1; 695 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3); 696 tout0 = tin[0]; 697 tout1 = tin[1]; 698 699 l2c(tout0, out); 700 l2c(tout1, out); 701 } 702 iv = ivec->bytes; 703 l2c(tout0, iv); 704 l2c(tout1, iv); 705 } else { 706 uint32_t t0, t1; 707 708 c2l(iv, xor0); 709 c2l(iv, xor1); 710 for (; len >= 8; len -= 8) { 711 c2l(in, tin0); 712 c2l(in, tin1); 713 714 t0 = tin0; 715 t1 = tin1; 716 717 tin[0] = tin0; 718 tin[1] = tin1; 719 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3); 720 tout0 = tin[0]; 721 tout1 = tin[1]; 722 723 tout0 ^= xor0; 724 tout1 ^= xor1; 725 l2c(tout0, out); 726 l2c(tout1, out); 727 xor0 = t0; 728 xor1 = t1; 729 } 730 if (len != 0) { 731 c2l(in, tin0); 732 c2l(in, tin1); 733 734 t0 = tin0; 735 t1 = tin1; 736 737 tin[0] = tin0; 738 tin[1] = tin1; 739 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3); 740 tout0 = tin[0]; 741 tout1 = tin[1]; 742 743 tout0 ^= xor0; 744 tout1 ^= xor1; 745 l2cn(tout0, tout1, out, len); 746 xor0 = t0; 747 xor1 = t1; 748 } 749 750 iv = ivec->bytes; 751 l2c(xor0, iv); 752 l2c(xor1, iv); 753 } 754 755 tin[0] = tin[1] = 0; 756} 757 758void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, 759 const DES_key_schedule *ks1, 760 const DES_key_schedule *ks2, 761 DES_cblock *ivec, 762 int enc) { 763 DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc); 764} 765 766 767/* Deprecated functions. */ 768 769void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) { 770 DES_set_key(key, schedule); 771} 772 773#undef HPERM_OP 774#undef c2l 775#undef l2c 776#undef c2ln 777#undef l2cn 778#undef PERM_OP 779#undef IP 780#undef FP 781#undef LOAD_DATA 782#undef D_ENCRYPT 783#undef ITERATIONS 784#undef HALF_ITERATIONS 785#undef ROTATE 786