1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/des.h>
58
59 #include <stdlib.h>
60
61 #include "internal.h"
62
63
64 static const uint32_t des_skb[8][64] = {
65 {/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
66 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 0x00010000L,
67 0x00010010L, 0x20010000L, 0x20010010L, 0x00000800L, 0x00000810L,
68 0x20000800L, 0x20000810L, 0x00010800L, 0x00010810L, 0x20010800L,
69 0x20010810L, 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
70 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 0x00000820L,
71 0x00000830L, 0x20000820L, 0x20000830L, 0x00010820L, 0x00010830L,
72 0x20010820L, 0x20010830L, 0x00080000L, 0x00080010L, 0x20080000L,
73 0x20080010L, 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
74 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 0x00090800L,
75 0x00090810L, 0x20090800L, 0x20090810L, 0x00080020L, 0x00080030L,
76 0x20080020L, 0x20080030L, 0x00090020L, 0x00090030L, 0x20090020L,
77 0x20090030L, 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
78 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, },
79 {/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
80 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 0x00200000L,
81 0x02200000L, 0x00202000L, 0x02202000L, 0x00000004L, 0x02000004L,
82 0x00002004L, 0x02002004L, 0x00200004L, 0x02200004L, 0x00202004L,
83 0x02202004L, 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
84 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 0x00000404L,
85 0x02000404L, 0x00002404L, 0x02002404L, 0x00200404L, 0x02200404L,
86 0x00202404L, 0x02202404L, 0x10000000L, 0x12000000L, 0x10002000L,
87 0x12002000L, 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
88 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 0x10200004L,
89 0x12200004L, 0x10202004L, 0x12202004L, 0x10000400L, 0x12000400L,
90 0x10002400L, 0x12002400L, 0x10200400L, 0x12200400L, 0x10202400L,
91 0x12202400L, 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
92 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, },
93 {/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
94 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 0x01000000L,
95 0x01000001L, 0x01040000L, 0x01040001L, 0x00000002L, 0x00000003L,
96 0x00040002L, 0x00040003L, 0x01000002L, 0x01000003L, 0x01040002L,
97 0x01040003L, 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
98 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 0x00000202L,
99 0x00000203L, 0x00040202L, 0x00040203L, 0x01000202L, 0x01000203L,
100 0x01040202L, 0x01040203L, 0x08000000L, 0x08000001L, 0x08040000L,
101 0x08040001L, 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
102 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 0x09000002L,
103 0x09000003L, 0x09040002L, 0x09040003L, 0x08000200L, 0x08000201L,
104 0x08040200L, 0x08040201L, 0x09000200L, 0x09000201L, 0x09040200L,
105 0x09040201L, 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
106 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, },
107 {/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
108 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 0x00000008L,
109 0x00100008L, 0x00000108L, 0x00100108L, 0x00001000L, 0x00101000L,
110 0x00001100L, 0x00101100L, 0x00001008L, 0x00101008L, 0x00001108L,
111 0x00101108L, 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
112 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 0x04001000L,
113 0x04101000L, 0x04001100L, 0x04101100L, 0x04001008L, 0x04101008L,
114 0x04001108L, 0x04101108L, 0x00020000L, 0x00120000L, 0x00020100L,
115 0x00120100L, 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
116 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 0x00021008L,
117 0x00121008L, 0x00021108L, 0x00121108L, 0x04020000L, 0x04120000L,
118 0x04020100L, 0x04120100L, 0x04020008L, 0x04120008L, 0x04020108L,
119 0x04120108L, 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
120 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, },
121 {/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
122 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 0x00000004L,
123 0x10000004L, 0x00010004L, 0x10010004L, 0x20000000L, 0x30000000L,
124 0x20010000L, 0x30010000L, 0x20000004L, 0x30000004L, 0x20010004L,
125 0x30010004L, 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
126 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 0x20100000L,
127 0x30100000L, 0x20110000L, 0x30110000L, 0x20100004L, 0x30100004L,
128 0x20110004L, 0x30110004L, 0x00001000L, 0x10001000L, 0x00011000L,
129 0x10011000L, 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
130 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 0x20001004L,
131 0x30001004L, 0x20011004L, 0x30011004L, 0x00101000L, 0x10101000L,
132 0x00111000L, 0x10111000L, 0x00101004L, 0x10101004L, 0x00111004L,
133 0x10111004L, 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
134 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, },
135 {/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
136 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 0x00000400L,
137 0x08000400L, 0x00000408L, 0x08000408L, 0x00020000L, 0x08020000L,
138 0x00020008L, 0x08020008L, 0x00020400L, 0x08020400L, 0x00020408L,
139 0x08020408L, 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
140 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 0x00020001L,
141 0x08020001L, 0x00020009L, 0x08020009L, 0x00020401L, 0x08020401L,
142 0x00020409L, 0x08020409L, 0x02000000L, 0x0A000000L, 0x02000008L,
143 0x0A000008L, 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
144 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 0x02020400L,
145 0x0A020400L, 0x02020408L, 0x0A020408L, 0x02000001L, 0x0A000001L,
146 0x02000009L, 0x0A000009L, 0x02000401L, 0x0A000401L, 0x02000409L,
147 0x0A000409L, 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
148 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, },
149 {/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
150 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 0x01000000L,
151 0x01000100L, 0x01080000L, 0x01080100L, 0x00000010L, 0x00000110L,
152 0x00080010L, 0x00080110L, 0x01000010L, 0x01000110L, 0x01080010L,
153 0x01080110L, 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
154 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 0x00200010L,
155 0x00200110L, 0x00280010L, 0x00280110L, 0x01200010L, 0x01200110L,
156 0x01280010L, 0x01280110L, 0x00000200L, 0x00000300L, 0x00080200L,
157 0x00080300L, 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
158 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 0x01000210L,
159 0x01000310L, 0x01080210L, 0x01080310L, 0x00200200L, 0x00200300L,
160 0x00280200L, 0x00280300L, 0x01200200L, 0x01200300L, 0x01280200L,
161 0x01280300L, 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
162 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, },
163 {/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
164 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 0x00000002L,
165 0x04000002L, 0x00040002L, 0x04040002L, 0x00002000L, 0x04002000L,
166 0x00042000L, 0x04042000L, 0x00002002L, 0x04002002L, 0x00042002L,
167 0x04042002L, 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
168 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 0x00002020L,
169 0x04002020L, 0x00042020L, 0x04042020L, 0x00002022L, 0x04002022L,
170 0x00042022L, 0x04042022L, 0x00000800L, 0x04000800L, 0x00040800L,
171 0x04040800L, 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
172 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 0x00002802L,
173 0x04002802L, 0x00042802L, 0x04042802L, 0x00000820L, 0x04000820L,
174 0x00040820L, 0x04040820L, 0x00000822L, 0x04000822L, 0x00040822L,
175 0x04040822L, 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
176 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, }};
177
178 static const uint32_t DES_SPtrans[8][64] = {
179 {/* nibble 0 */
180 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L,
181 0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L,
182 0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L,
183 0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
184 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L,
185 0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L,
186 0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L,
187 0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
188 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L,
189 0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L,
190 0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L,
191 0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
192 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, },
193 {/* nibble 1 */
194 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L,
195 0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L,
196 0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L,
197 0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
198 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L,
199 0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L,
200 0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L,
201 0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
202 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L,
203 0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L,
204 0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L,
205 0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
206 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, },
207 {/* nibble 2 */
208 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L,
209 0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L,
210 0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L,
211 0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
212 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L,
213 0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L,
214 0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L,
215 0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
216 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L,
217 0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L,
218 0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L,
219 0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
220 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, },
221 {/* nibble 3 */
222 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L,
223 0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L,
224 0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L,
225 0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
226 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L,
227 0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L,
228 0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L,
229 0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
230 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L,
231 0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L,
232 0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L,
233 0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
234 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, },
235 {/* nibble 4 */
236 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L,
237 0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L,
238 0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L,
239 0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
240 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L,
241 0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L,
242 0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L,
243 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
244 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L,
245 0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L,
246 0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L,
247 0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
248 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, },
249 {/* nibble 5 */
250 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L,
251 0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L,
252 0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L,
253 0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
254 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L,
255 0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L,
256 0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L,
257 0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
258 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L,
259 0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L,
260 0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L,
261 0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
262 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, },
263 {/* nibble 6 */
264 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L,
265 0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L,
266 0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L,
267 0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
268 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L,
269 0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L,
270 0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L,
271 0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
272 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L,
273 0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L,
274 0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L,
275 0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
276 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, },
277 {/* nibble 7 */
278 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L,
279 0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L,
280 0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L,
281 0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
282 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L,
283 0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L,
284 0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L,
285 0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
286 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L,
287 0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L,
288 0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L,
289 0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
290 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }};
291
292 #define HPERM_OP(a, t, n, m) \
293 ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
294 (a) = (a) ^ (t) ^ (t >> (16 - (n))))
295
DES_set_key(const DES_cblock * key,DES_key_schedule * schedule)296 void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
297 static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
298 0, 1, 1, 1, 1, 1, 1, 0};
299 uint32_t c, d, t, s, t2;
300 const uint8_t *in;
301 uint32_t *k;
302 int i;
303
304 k = &schedule->ks->deslong[0];
305 in = key->bytes;
306
307 c2l(in, c);
308 c2l(in, d);
309
310 /* do PC1 in 47 simple operations :-)
311 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
312 * for the inspiration. :-) */
313 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
314 HPERM_OP(c, t, -2, 0xcccc0000L);
315 HPERM_OP(d, t, -2, 0xcccc0000L);
316 PERM_OP(d, c, t, 1, 0x55555555L);
317 PERM_OP(c, d, t, 8, 0x00ff00ffL);
318 PERM_OP(d, c, t, 1, 0x55555555L);
319 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
320 ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
321 c &= 0x0fffffffL;
322
323 for (i = 0; i < ITERATIONS; i++) {
324 if (shifts2[i]) {
325 c = ((c >> 2L) | (c << 26L));
326 d = ((d >> 2L) | (d << 26L));
327 } else {
328 c = ((c >> 1L) | (c << 27L));
329 d = ((d >> 1L) | (d << 27L));
330 }
331 c &= 0x0fffffffL;
332 d &= 0x0fffffffL;
333 /* could be a few less shifts but I am to lazy at this
334 * point in time to investigate */
335 s = des_skb[0][(c) & 0x3f] |
336 des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
337 des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
338 des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
339 ((c >> 22L) & 0x38)];
340 t = des_skb[4][(d) & 0x3f] |
341 des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
342 des_skb[6][(d >> 15L) & 0x3f] |
343 des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
344
345 /* table contained 0213 4657 */
346 t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
347 *(k++) = ROTATE(t2, 30) & 0xffffffffL;
348
349 t2 = ((s >> 16L) | (t & 0xffff0000L));
350 *(k++) = ROTATE(t2, 26) & 0xffffffffL;
351 }
352 }
353
354 static const uint8_t kOddParity[256] = {
355 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14,
356 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28,
357 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44,
358 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59,
359 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74,
360 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
361 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104,
362 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118,
363 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134,
364 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148,
365 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164,
366 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179,
367 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194,
368 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208,
369 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224,
370 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
371 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
372 254
373 };
374
DES_set_odd_parity(DES_cblock * key)375 void DES_set_odd_parity(DES_cblock *key) {
376 unsigned i;
377
378 for (i = 0; i < DES_KEY_SZ; i++) {
379 key->bytes[i] = kOddParity[key->bytes[i]];
380 }
381 }
382
DES_encrypt1(uint32_t * data,const DES_key_schedule * ks,int enc)383 static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
384 uint32_t l, r, t, u;
385 const uint32_t *s;
386
387 r = data[0];
388 l = data[1];
389
390 IP(r, l);
391 /* Things have been modified so that the initial rotate is done outside
392 * the loop. This required the DES_SPtrans values in sp.h to be
393 * rotated 1 bit to the right. One perl script later and things have a
394 * 5% speed up on a sparc2. Thanks to Richard Outerbridge
395 * <71755.204@CompuServe.COM> for pointing this out. */
396 /* clear the top bits on machines with 8byte longs */
397 /* shift left by 2 */
398 r = ROTATE(r, 29) & 0xffffffffL;
399 l = ROTATE(l, 29) & 0xffffffffL;
400
401 s = ks->ks->deslong;
402 /* I don't know if it is worth the effort of loop unrolling the
403 * inner loop */
404 if (enc) {
405 D_ENCRYPT(l, r, 0); /* 1 */
406 D_ENCRYPT(r, l, 2); /* 2 */
407 D_ENCRYPT(l, r, 4); /* 3 */
408 D_ENCRYPT(r, l, 6); /* 4 */
409 D_ENCRYPT(l, r, 8); /* 5 */
410 D_ENCRYPT(r, l, 10); /* 6 */
411 D_ENCRYPT(l, r, 12); /* 7 */
412 D_ENCRYPT(r, l, 14); /* 8 */
413 D_ENCRYPT(l, r, 16); /* 9 */
414 D_ENCRYPT(r, l, 18); /* 10 */
415 D_ENCRYPT(l, r, 20); /* 11 */
416 D_ENCRYPT(r, l, 22); /* 12 */
417 D_ENCRYPT(l, r, 24); /* 13 */
418 D_ENCRYPT(r, l, 26); /* 14 */
419 D_ENCRYPT(l, r, 28); /* 15 */
420 D_ENCRYPT(r, l, 30); /* 16 */
421 } else {
422 D_ENCRYPT(l, r, 30); /* 16 */
423 D_ENCRYPT(r, l, 28); /* 15 */
424 D_ENCRYPT(l, r, 26); /* 14 */
425 D_ENCRYPT(r, l, 24); /* 13 */
426 D_ENCRYPT(l, r, 22); /* 12 */
427 D_ENCRYPT(r, l, 20); /* 11 */
428 D_ENCRYPT(l, r, 18); /* 10 */
429 D_ENCRYPT(r, l, 16); /* 9 */
430 D_ENCRYPT(l, r, 14); /* 8 */
431 D_ENCRYPT(r, l, 12); /* 7 */
432 D_ENCRYPT(l, r, 10); /* 6 */
433 D_ENCRYPT(r, l, 8); /* 5 */
434 D_ENCRYPT(l, r, 6); /* 4 */
435 D_ENCRYPT(r, l, 4); /* 3 */
436 D_ENCRYPT(l, r, 2); /* 2 */
437 D_ENCRYPT(r, l, 0); /* 1 */
438 }
439
440 /* rotate and clear the top bits on machines with 8byte longs */
441 l = ROTATE(l, 3) & 0xffffffffL;
442 r = ROTATE(r, 3) & 0xffffffffL;
443
444 FP(r, l);
445 data[0] = l;
446 data[1] = r;
447 }
448
DES_encrypt2(uint32_t * data,const DES_key_schedule * ks,int enc)449 static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
450 uint32_t l, r, t, u;
451 const uint32_t *s;
452
453 r = data[0];
454 l = data[1];
455
456 /* Things have been modified so that the initial rotate is done outside the
457 * loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to
458 * the right. One perl script later and things have a 5% speed up on a
459 * sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
460 * pointing this out. */
461 /* clear the top bits on machines with 8byte longs */
462 r = ROTATE(r, 29) & 0xffffffffL;
463 l = ROTATE(l, 29) & 0xffffffffL;
464
465 s = ks->ks->deslong;
466 /* I don't know if it is worth the effort of loop unrolling the
467 * inner loop */
468 if (enc) {
469 D_ENCRYPT(l, r, 0); /* 1 */
470 D_ENCRYPT(r, l, 2); /* 2 */
471 D_ENCRYPT(l, r, 4); /* 3 */
472 D_ENCRYPT(r, l, 6); /* 4 */
473 D_ENCRYPT(l, r, 8); /* 5 */
474 D_ENCRYPT(r, l, 10); /* 6 */
475 D_ENCRYPT(l, r, 12); /* 7 */
476 D_ENCRYPT(r, l, 14); /* 8 */
477 D_ENCRYPT(l, r, 16); /* 9 */
478 D_ENCRYPT(r, l, 18); /* 10 */
479 D_ENCRYPT(l, r, 20); /* 11 */
480 D_ENCRYPT(r, l, 22); /* 12 */
481 D_ENCRYPT(l, r, 24); /* 13 */
482 D_ENCRYPT(r, l, 26); /* 14 */
483 D_ENCRYPT(l, r, 28); /* 15 */
484 D_ENCRYPT(r, l, 30); /* 16 */
485 } else {
486 D_ENCRYPT(l, r, 30); /* 16 */
487 D_ENCRYPT(r, l, 28); /* 15 */
488 D_ENCRYPT(l, r, 26); /* 14 */
489 D_ENCRYPT(r, l, 24); /* 13 */
490 D_ENCRYPT(l, r, 22); /* 12 */
491 D_ENCRYPT(r, l, 20); /* 11 */
492 D_ENCRYPT(l, r, 18); /* 10 */
493 D_ENCRYPT(r, l, 16); /* 9 */
494 D_ENCRYPT(l, r, 14); /* 8 */
495 D_ENCRYPT(r, l, 12); /* 7 */
496 D_ENCRYPT(l, r, 10); /* 6 */
497 D_ENCRYPT(r, l, 8); /* 5 */
498 D_ENCRYPT(l, r, 6); /* 4 */
499 D_ENCRYPT(r, l, 4); /* 3 */
500 D_ENCRYPT(l, r, 2); /* 2 */
501 D_ENCRYPT(r, l, 0); /* 1 */
502 }
503 /* rotate and clear the top bits on machines with 8byte longs */
504 data[0] = ROTATE(l, 3) & 0xffffffffL;
505 data[1] = ROTATE(r, 3) & 0xffffffffL;
506 }
507
DES_encrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)508 static void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
509 const DES_key_schedule *ks2,
510 const DES_key_schedule *ks3) {
511 uint32_t l, r;
512
513 l = data[0];
514 r = data[1];
515 IP(l, r);
516 data[0] = l;
517 data[1] = r;
518 DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
519 DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
520 DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
521 l = data[0];
522 r = data[1];
523 FP(r, l);
524 data[0] = l;
525 data[1] = r;
526 }
527
DES_decrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)528 static void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
529 const DES_key_schedule *ks2,
530 const DES_key_schedule *ks3) {
531 uint32_t l, r;
532
533 l = data[0];
534 r = data[1];
535 IP(l, r);
536 data[0] = l;
537 data[1] = r;
538 DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
539 DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
540 DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
541 l = data[0];
542 r = data[1];
543 FP(r, l);
544 data[0] = l;
545 data[1] = r;
546 }
547
DES_ecb_encrypt(const DES_cblock * in_block,DES_cblock * out_block,const DES_key_schedule * schedule,int is_encrypt)548 void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
549 const DES_key_schedule *schedule, int is_encrypt) {
550 uint32_t l;
551 uint32_t ll[2];
552 const uint8_t *in = in_block->bytes;
553 uint8_t *out = out_block->bytes;
554
555 c2l(in, l);
556 ll[0] = l;
557 c2l(in, l);
558 ll[1] = l;
559 DES_encrypt1(ll, schedule, is_encrypt);
560 l = ll[0];
561 l2c(l, out);
562 l = ll[1];
563 l2c(l, out);
564 ll[0] = ll[1] = 0;
565 }
566
DES_ncbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * schedule,DES_cblock * ivec,int enc)567 void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
568 const DES_key_schedule *schedule, DES_cblock *ivec,
569 int enc) {
570 uint32_t tin0, tin1;
571 uint32_t tout0, tout1, xor0, xor1;
572 uint32_t tin[2];
573 unsigned char *iv;
574
575 iv = ivec->bytes;
576
577 if (enc) {
578 c2l(iv, tout0);
579 c2l(iv, tout1);
580 for (; len >= 8; len -= 8) {
581 c2l(in, tin0);
582 c2l(in, tin1);
583 tin0 ^= tout0;
584 tin[0] = tin0;
585 tin1 ^= tout1;
586 tin[1] = tin1;
587 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
588 tout0 = tin[0];
589 l2c(tout0, out);
590 tout1 = tin[1];
591 l2c(tout1, out);
592 }
593 if (len != 0) {
594 c2ln(in, tin0, tin1, len);
595 tin0 ^= tout0;
596 tin[0] = tin0;
597 tin1 ^= tout1;
598 tin[1] = tin1;
599 DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
600 tout0 = tin[0];
601 l2c(tout0, out);
602 tout1 = tin[1];
603 l2c(tout1, out);
604 }
605 iv = ivec->bytes;
606 l2c(tout0, iv);
607 l2c(tout1, iv);
608 } else {
609 c2l(iv, xor0);
610 c2l(iv, xor1);
611 for (; len >= 8; len -= 8) {
612 c2l(in, tin0);
613 tin[0] = tin0;
614 c2l(in, tin1);
615 tin[1] = tin1;
616 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
617 tout0 = tin[0] ^ xor0;
618 tout1 = tin[1] ^ xor1;
619 l2c(tout0, out);
620 l2c(tout1, out);
621 xor0 = tin0;
622 xor1 = tin1;
623 }
624 if (len != 0) {
625 c2l(in, tin0);
626 tin[0] = tin0;
627 c2l(in, tin1);
628 tin[1] = tin1;
629 DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
630 tout0 = tin[0] ^ xor0;
631 tout1 = tin[1] ^ xor1;
632 l2cn(tout0, tout1, out, len);
633 xor0 = tin0;
634 xor1 = tin1;
635 }
636 iv = ivec->bytes;
637 l2c(xor0, iv);
638 l2c(xor1, iv);
639 }
640 tin[0] = tin[1] = 0;
641 }
642
DES_ecb3_encrypt(const DES_cblock * input,DES_cblock * output,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,int enc)643 void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
644 const DES_key_schedule *ks1, const DES_key_schedule *ks2,
645 const DES_key_schedule *ks3, int enc) {
646 uint32_t l0, l1;
647 uint32_t ll[2];
648 const uint8_t *in = input->bytes;
649 uint8_t *out = output->bytes;
650
651 c2l(in, l0);
652 c2l(in, l1);
653 ll[0] = l0;
654 ll[1] = l1;
655 if (enc) {
656 DES_encrypt3(ll, ks1, ks2, ks3);
657 } else {
658 DES_decrypt3(ll, ks1, ks2, ks3);
659 }
660 l0 = ll[0];
661 l1 = ll[1];
662 l2c(l0, out);
663 l2c(l1, out);
664 }
665
DES_ede3_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,DES_cblock * ivec,int enc)666 void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
667 const DES_key_schedule *ks1,
668 const DES_key_schedule *ks2,
669 const DES_key_schedule *ks3, DES_cblock *ivec,
670 int enc) {
671 uint32_t tin0, tin1;
672 uint32_t tout0, tout1, xor0, xor1;
673 uint32_t tin[2];
674 uint8_t *iv;
675
676 iv = ivec->bytes;
677
678 if (enc) {
679 c2l(iv, tout0);
680 c2l(iv, tout1);
681 for (; len >= 8; len -= 8) {
682 c2l(in, tin0);
683 c2l(in, tin1);
684 tin0 ^= tout0;
685 tin1 ^= tout1;
686
687 tin[0] = tin0;
688 tin[1] = tin1;
689 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
690 tout0 = tin[0];
691 tout1 = tin[1];
692
693 l2c(tout0, out);
694 l2c(tout1, out);
695 }
696 if (len != 0) {
697 c2ln(in, tin0, tin1, len);
698 tin0 ^= tout0;
699 tin1 ^= tout1;
700
701 tin[0] = tin0;
702 tin[1] = tin1;
703 DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
704 tout0 = tin[0];
705 tout1 = tin[1];
706
707 l2c(tout0, out);
708 l2c(tout1, out);
709 }
710 iv = ivec->bytes;
711 l2c(tout0, iv);
712 l2c(tout1, iv);
713 } else {
714 uint32_t t0, t1;
715
716 c2l(iv, xor0);
717 c2l(iv, xor1);
718 for (; len >= 8; len -= 8) {
719 c2l(in, tin0);
720 c2l(in, tin1);
721
722 t0 = tin0;
723 t1 = tin1;
724
725 tin[0] = tin0;
726 tin[1] = tin1;
727 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
728 tout0 = tin[0];
729 tout1 = tin[1];
730
731 tout0 ^= xor0;
732 tout1 ^= xor1;
733 l2c(tout0, out);
734 l2c(tout1, out);
735 xor0 = t0;
736 xor1 = t1;
737 }
738 if (len != 0) {
739 c2l(in, tin0);
740 c2l(in, tin1);
741
742 t0 = tin0;
743 t1 = tin1;
744
745 tin[0] = tin0;
746 tin[1] = tin1;
747 DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
748 tout0 = tin[0];
749 tout1 = tin[1];
750
751 tout0 ^= xor0;
752 tout1 ^= xor1;
753 l2cn(tout0, tout1, out, len);
754 xor0 = t0;
755 xor1 = t1;
756 }
757
758 iv = ivec->bytes;
759 l2c(xor0, iv);
760 l2c(xor1, iv);
761 }
762
763 tin[0] = tin[1] = 0;
764 }
765
DES_ede2_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,DES_cblock * ivec,int enc)766 void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
767 const DES_key_schedule *ks1,
768 const DES_key_schedule *ks2,
769 DES_cblock *ivec,
770 int enc) {
771 DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc);
772 }
773