1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/des.h>
58 
59 #include <stdlib.h>
60 
61 #include "internal.h"
62 
63 
64 static const uint32_t des_skb[8][64] = {
65     {/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
66      0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 0x00010000L,
67      0x00010010L, 0x20010000L, 0x20010010L, 0x00000800L, 0x00000810L,
68      0x20000800L, 0x20000810L, 0x00010800L, 0x00010810L, 0x20010800L,
69      0x20010810L, 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
70      0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 0x00000820L,
71      0x00000830L, 0x20000820L, 0x20000830L, 0x00010820L, 0x00010830L,
72      0x20010820L, 0x20010830L, 0x00080000L, 0x00080010L, 0x20080000L,
73      0x20080010L, 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
74      0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 0x00090800L,
75      0x00090810L, 0x20090800L, 0x20090810L, 0x00080020L, 0x00080030L,
76      0x20080020L, 0x20080030L, 0x00090020L, 0x00090030L, 0x20090020L,
77      0x20090030L, 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
78      0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, },
79     {/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
80      0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 0x00200000L,
81      0x02200000L, 0x00202000L, 0x02202000L, 0x00000004L, 0x02000004L,
82      0x00002004L, 0x02002004L, 0x00200004L, 0x02200004L, 0x00202004L,
83      0x02202004L, 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
84      0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 0x00000404L,
85      0x02000404L, 0x00002404L, 0x02002404L, 0x00200404L, 0x02200404L,
86      0x00202404L, 0x02202404L, 0x10000000L, 0x12000000L, 0x10002000L,
87      0x12002000L, 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
88      0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 0x10200004L,
89      0x12200004L, 0x10202004L, 0x12202004L, 0x10000400L, 0x12000400L,
90      0x10002400L, 0x12002400L, 0x10200400L, 0x12200400L, 0x10202400L,
91      0x12202400L, 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
92      0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, },
93     {/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
94      0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 0x01000000L,
95      0x01000001L, 0x01040000L, 0x01040001L, 0x00000002L, 0x00000003L,
96      0x00040002L, 0x00040003L, 0x01000002L, 0x01000003L, 0x01040002L,
97      0x01040003L, 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
98      0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 0x00000202L,
99      0x00000203L, 0x00040202L, 0x00040203L, 0x01000202L, 0x01000203L,
100      0x01040202L, 0x01040203L, 0x08000000L, 0x08000001L, 0x08040000L,
101      0x08040001L, 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
102      0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 0x09000002L,
103      0x09000003L, 0x09040002L, 0x09040003L, 0x08000200L, 0x08000201L,
104      0x08040200L, 0x08040201L, 0x09000200L, 0x09000201L, 0x09040200L,
105      0x09040201L, 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
106      0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, },
107     {/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
108      0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 0x00000008L,
109      0x00100008L, 0x00000108L, 0x00100108L, 0x00001000L, 0x00101000L,
110      0x00001100L, 0x00101100L, 0x00001008L, 0x00101008L, 0x00001108L,
111      0x00101108L, 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
112      0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 0x04001000L,
113      0x04101000L, 0x04001100L, 0x04101100L, 0x04001008L, 0x04101008L,
114      0x04001108L, 0x04101108L, 0x00020000L, 0x00120000L, 0x00020100L,
115      0x00120100L, 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
116      0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 0x00021008L,
117      0x00121008L, 0x00021108L, 0x00121108L, 0x04020000L, 0x04120000L,
118      0x04020100L, 0x04120100L, 0x04020008L, 0x04120008L, 0x04020108L,
119      0x04120108L, 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
120      0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, },
121     {/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
122      0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 0x00000004L,
123      0x10000004L, 0x00010004L, 0x10010004L, 0x20000000L, 0x30000000L,
124      0x20010000L, 0x30010000L, 0x20000004L, 0x30000004L, 0x20010004L,
125      0x30010004L, 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
126      0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 0x20100000L,
127      0x30100000L, 0x20110000L, 0x30110000L, 0x20100004L, 0x30100004L,
128      0x20110004L, 0x30110004L, 0x00001000L, 0x10001000L, 0x00011000L,
129      0x10011000L, 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
130      0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 0x20001004L,
131      0x30001004L, 0x20011004L, 0x30011004L, 0x00101000L, 0x10101000L,
132      0x00111000L, 0x10111000L, 0x00101004L, 0x10101004L, 0x00111004L,
133      0x10111004L, 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
134      0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, },
135     {/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
136      0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 0x00000400L,
137      0x08000400L, 0x00000408L, 0x08000408L, 0x00020000L, 0x08020000L,
138      0x00020008L, 0x08020008L, 0x00020400L, 0x08020400L, 0x00020408L,
139      0x08020408L, 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
140      0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 0x00020001L,
141      0x08020001L, 0x00020009L, 0x08020009L, 0x00020401L, 0x08020401L,
142      0x00020409L, 0x08020409L, 0x02000000L, 0x0A000000L, 0x02000008L,
143      0x0A000008L, 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
144      0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 0x02020400L,
145      0x0A020400L, 0x02020408L, 0x0A020408L, 0x02000001L, 0x0A000001L,
146      0x02000009L, 0x0A000009L, 0x02000401L, 0x0A000401L, 0x02000409L,
147      0x0A000409L, 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
148      0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, },
149     {/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
150      0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 0x01000000L,
151      0x01000100L, 0x01080000L, 0x01080100L, 0x00000010L, 0x00000110L,
152      0x00080010L, 0x00080110L, 0x01000010L, 0x01000110L, 0x01080010L,
153      0x01080110L, 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
154      0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 0x00200010L,
155      0x00200110L, 0x00280010L, 0x00280110L, 0x01200010L, 0x01200110L,
156      0x01280010L, 0x01280110L, 0x00000200L, 0x00000300L, 0x00080200L,
157      0x00080300L, 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
158      0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 0x01000210L,
159      0x01000310L, 0x01080210L, 0x01080310L, 0x00200200L, 0x00200300L,
160      0x00280200L, 0x00280300L, 0x01200200L, 0x01200300L, 0x01280200L,
161      0x01280300L, 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
162      0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, },
163     {/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
164      0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 0x00000002L,
165      0x04000002L, 0x00040002L, 0x04040002L, 0x00002000L, 0x04002000L,
166      0x00042000L, 0x04042000L, 0x00002002L, 0x04002002L, 0x00042002L,
167      0x04042002L, 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
168      0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 0x00002020L,
169      0x04002020L, 0x00042020L, 0x04042020L, 0x00002022L, 0x04002022L,
170      0x00042022L, 0x04042022L, 0x00000800L, 0x04000800L, 0x00040800L,
171      0x04040800L, 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
172      0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 0x00002802L,
173      0x04002802L, 0x00042802L, 0x04042802L, 0x00000820L, 0x04000820L,
174      0x00040820L, 0x04040820L, 0x00000822L, 0x04000822L, 0x00040822L,
175      0x04040822L, 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
176      0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, }};
177 
178 static const uint32_t DES_SPtrans[8][64] = {
179     {/* nibble 0 */
180      0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L,
181      0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L,
182      0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L,
183      0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
184      0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L,
185      0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L,
186      0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L,
187      0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
188      0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L,
189      0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L,
190      0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L,
191      0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
192      0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, },
193     {/* nibble 1 */
194      0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L,
195      0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L,
196      0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L,
197      0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
198      0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L,
199      0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L,
200      0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L,
201      0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
202      0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L,
203      0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L,
204      0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L,
205      0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
206      0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, },
207     {/* nibble 2 */
208      0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L,
209      0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L,
210      0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L,
211      0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
212      0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L,
213      0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L,
214      0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L,
215      0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
216      0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L,
217      0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L,
218      0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L,
219      0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
220      0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, },
221     {/* nibble 3 */
222      0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L,
223      0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L,
224      0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L,
225      0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
226      0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L,
227      0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L,
228      0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L,
229      0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
230      0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L,
231      0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L,
232      0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L,
233      0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
234      0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, },
235     {/* nibble 4 */
236      0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L,
237      0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L,
238      0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L,
239      0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
240      0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L,
241      0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L,
242      0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L,
243      0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
244      0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L,
245      0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L,
246      0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L,
247      0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
248      0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, },
249     {/* nibble 5 */
250      0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L,
251      0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L,
252      0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L,
253      0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
254      0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L,
255      0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L,
256      0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L,
257      0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
258      0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L,
259      0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L,
260      0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L,
261      0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
262      0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, },
263     {/* nibble 6 */
264      0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L,
265      0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L,
266      0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L,
267      0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
268      0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L,
269      0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L,
270      0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L,
271      0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
272      0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L,
273      0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L,
274      0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L,
275      0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
276      0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, },
277     {/* nibble 7 */
278      0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L,
279      0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L,
280      0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L,
281      0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
282      0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L,
283      0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L,
284      0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L,
285      0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
286      0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L,
287      0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L,
288      0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L,
289      0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
290      0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }};
291 
292 #define HPERM_OP(a, t, n, m)                  \
293   ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \
294    (a) = (a) ^ (t) ^ (t >> (16 - (n))))
295 
DES_set_key(const DES_cblock * key,DES_key_schedule * schedule)296 void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
297   static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
298                                   0, 1, 1, 1, 1, 1, 1, 0};
299   uint32_t c, d, t, s, t2;
300   const uint8_t *in;
301   int i;
302 
303   in = key->bytes;
304 
305   c2l(in, c);
306   c2l(in, d);
307 
308   /* do PC1 in 47 simple operations :-)
309    * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
310    * for the inspiration. :-) */
311   PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
312   HPERM_OP(c, t, -2, 0xcccc0000L);
313   HPERM_OP(d, t, -2, 0xcccc0000L);
314   PERM_OP(d, c, t, 1, 0x55555555L);
315   PERM_OP(c, d, t, 8, 0x00ff00ffL);
316   PERM_OP(d, c, t, 1, 0x55555555L);
317   d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
318        ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
319   c &= 0x0fffffffL;
320 
321   for (i = 0; i < ITERATIONS; i++) {
322     if (shifts2[i]) {
323       c = ((c >> 2L) | (c << 26L));
324       d = ((d >> 2L) | (d << 26L));
325     } else {
326       c = ((c >> 1L) | (c << 27L));
327       d = ((d >> 1L) | (d << 27L));
328     }
329     c &= 0x0fffffffL;
330     d &= 0x0fffffffL;
331     /* could be a few less shifts but I am to lazy at this
332      * point in time to investigate */
333     s = des_skb[0][(c) & 0x3f] |
334         des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
335         des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
336         des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
337                    ((c >> 22L) & 0x38)];
338     t = des_skb[4][(d) & 0x3f] |
339         des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
340         des_skb[6][(d >> 15L) & 0x3f] |
341         des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
342 
343     /* table contained 0213 4657 */
344     t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
345     schedule->subkeys[i][0] = ROTATE(t2, 30) & 0xffffffffL;
346 
347     t2 = ((s >> 16L) | (t & 0xffff0000L));
348     schedule->subkeys[i][1] = ROTATE(t2, 26) & 0xffffffffL;
349   }
350 }
351 
352 static const uint8_t kOddParity[256] = {
353     1,   1,   2,   2,   4,   4,   7,   7,   8,   8,   11,  11,  13,  13,  14,
354     14,  16,  16,  19,  19,  21,  21,  22,  22,  25,  25,  26,  26,  28,  28,
355     31,  31,  32,  32,  35,  35,  37,  37,  38,  38,  41,  41,  42,  42,  44,
356     44,  47,  47,  49,  49,  50,  50,  52,  52,  55,  55,  56,  56,  59,  59,
357     61,  61,  62,  62,  64,  64,  67,  67,  69,  69,  70,  70,  73,  73,  74,
358     74,  76,  76,  79,  79,  81,  81,  82,  82,  84,  84,  87,  87,  88,  88,
359     91,  91,  93,  93,  94,  94,  97,  97,  98,  98,  100, 100, 103, 103, 104,
360     104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118,
361     121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134,
362     134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148,
363     151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164,
364     164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179,
365     181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194,
366     194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208,
367     211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224,
368     224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
369     241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
370     254
371 };
372 
DES_set_odd_parity(DES_cblock * key)373 void DES_set_odd_parity(DES_cblock *key) {
374   unsigned i;
375 
376   for (i = 0; i < DES_KEY_SZ; i++) {
377     key->bytes[i] = kOddParity[key->bytes[i]];
378   }
379 }
380 
DES_encrypt1(uint32_t * data,const DES_key_schedule * ks,int enc)381 static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
382   uint32_t l, r, t, u;
383 
384   r = data[0];
385   l = data[1];
386 
387   IP(r, l);
388   /* Things have been modified so that the initial rotate is done outside
389    * the loop.  This required the DES_SPtrans values in sp.h to be
390    * rotated 1 bit to the right. One perl script later and things have a
391    * 5% speed up on a sparc2. Thanks to Richard Outerbridge
392    * <71755.204@CompuServe.COM> for pointing this out. */
393   /* clear the top bits on machines with 8byte longs */
394   /* shift left by 2 */
395   r = ROTATE(r, 29) & 0xffffffffL;
396   l = ROTATE(l, 29) & 0xffffffffL;
397 
398   /* I don't know if it is worth the effort of loop unrolling the
399    * inner loop */
400   if (enc) {
401     D_ENCRYPT(ks, l, r, 0);
402     D_ENCRYPT(ks, r, l, 1);
403     D_ENCRYPT(ks, l, r, 2);
404     D_ENCRYPT(ks, r, l, 3);
405     D_ENCRYPT(ks, l, r, 4);
406     D_ENCRYPT(ks, r, l, 5);
407     D_ENCRYPT(ks, l, r, 6);
408     D_ENCRYPT(ks, r, l, 7);
409     D_ENCRYPT(ks, l, r, 8);
410     D_ENCRYPT(ks, r, l, 9);
411     D_ENCRYPT(ks, l, r, 10);
412     D_ENCRYPT(ks, r, l, 11);
413     D_ENCRYPT(ks, l, r, 12);
414     D_ENCRYPT(ks, r, l, 13);
415     D_ENCRYPT(ks, l, r, 14);
416     D_ENCRYPT(ks, r, l, 15);
417   } else {
418     D_ENCRYPT(ks, l, r, 15);
419     D_ENCRYPT(ks, r, l, 14);
420     D_ENCRYPT(ks, l, r, 13);
421     D_ENCRYPT(ks, r, l, 12);
422     D_ENCRYPT(ks, l, r, 11);
423     D_ENCRYPT(ks, r, l, 10);
424     D_ENCRYPT(ks, l, r, 9);
425     D_ENCRYPT(ks, r, l, 8);
426     D_ENCRYPT(ks, l, r, 7);
427     D_ENCRYPT(ks, r, l, 6);
428     D_ENCRYPT(ks, l, r, 5);
429     D_ENCRYPT(ks, r, l, 4);
430     D_ENCRYPT(ks, l, r, 3);
431     D_ENCRYPT(ks, r, l, 2);
432     D_ENCRYPT(ks, l, r, 1);
433     D_ENCRYPT(ks, r, l, 0);
434   }
435 
436   /* rotate and clear the top bits on machines with 8byte longs */
437   l = ROTATE(l, 3) & 0xffffffffL;
438   r = ROTATE(r, 3) & 0xffffffffL;
439 
440   FP(r, l);
441   data[0] = l;
442   data[1] = r;
443 }
444 
DES_encrypt2(uint32_t * data,const DES_key_schedule * ks,int enc)445 static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
446   uint32_t l, r, t, u;
447 
448   r = data[0];
449   l = data[1];
450 
451   /* Things have been modified so that the initial rotate is done outside the
452    * loop.  This required the DES_SPtrans values in sp.h to be rotated 1 bit to
453    * the right. One perl script later and things have a 5% speed up on a
454    * sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for
455    * pointing this out. */
456   /* clear the top bits on machines with 8byte longs */
457   r = ROTATE(r, 29) & 0xffffffffL;
458   l = ROTATE(l, 29) & 0xffffffffL;
459 
460   /* I don't know if it is worth the effort of loop unrolling the
461    * inner loop */
462   if (enc) {
463     D_ENCRYPT(ks, l, r, 0);
464     D_ENCRYPT(ks, r, l, 1);
465     D_ENCRYPT(ks, l, r, 2);
466     D_ENCRYPT(ks, r, l, 3);
467     D_ENCRYPT(ks, l, r, 4);
468     D_ENCRYPT(ks, r, l, 5);
469     D_ENCRYPT(ks, l, r, 6);
470     D_ENCRYPT(ks, r, l, 7);
471     D_ENCRYPT(ks, l, r, 8);
472     D_ENCRYPT(ks, r, l, 9);
473     D_ENCRYPT(ks, l, r, 10);
474     D_ENCRYPT(ks, r, l, 11);
475     D_ENCRYPT(ks, l, r, 12);
476     D_ENCRYPT(ks, r, l, 13);
477     D_ENCRYPT(ks, l, r, 14);
478     D_ENCRYPT(ks, r, l, 15);
479   } else {
480     D_ENCRYPT(ks, l, r, 15);
481     D_ENCRYPT(ks, r, l, 14);
482     D_ENCRYPT(ks, l, r, 13);
483     D_ENCRYPT(ks, r, l, 12);
484     D_ENCRYPT(ks, l, r, 11);
485     D_ENCRYPT(ks, r, l, 10);
486     D_ENCRYPT(ks, l, r, 9);
487     D_ENCRYPT(ks, r, l, 8);
488     D_ENCRYPT(ks, l, r, 7);
489     D_ENCRYPT(ks, r, l, 6);
490     D_ENCRYPT(ks, l, r, 5);
491     D_ENCRYPT(ks, r, l, 4);
492     D_ENCRYPT(ks, l, r, 3);
493     D_ENCRYPT(ks, r, l, 2);
494     D_ENCRYPT(ks, l, r, 1);
495     D_ENCRYPT(ks, r, l, 0);
496   }
497   /* rotate and clear the top bits on machines with 8byte longs */
498   data[0] = ROTATE(l, 3) & 0xffffffffL;
499   data[1] = ROTATE(r, 3) & 0xffffffffL;
500 }
501 
DES_encrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)502 void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
503                   const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
504   uint32_t l, r;
505 
506   l = data[0];
507   r = data[1];
508   IP(l, r);
509   data[0] = l;
510   data[1] = r;
511   DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
512   DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
513   DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
514   l = data[0];
515   r = data[1];
516   FP(r, l);
517   data[0] = l;
518   data[1] = r;
519 }
520 
DES_decrypt3(uint32_t * data,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3)521 void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
522                   const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
523   uint32_t l, r;
524 
525   l = data[0];
526   r = data[1];
527   IP(l, r);
528   data[0] = l;
529   data[1] = r;
530   DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
531   DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
532   DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
533   l = data[0];
534   r = data[1];
535   FP(r, l);
536   data[0] = l;
537   data[1] = r;
538 }
539 
DES_ecb_encrypt(const DES_cblock * in_block,DES_cblock * out_block,const DES_key_schedule * schedule,int is_encrypt)540 void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
541                      const DES_key_schedule *schedule, int is_encrypt) {
542   uint32_t l;
543   uint32_t ll[2];
544   const uint8_t *in = in_block->bytes;
545   uint8_t *out = out_block->bytes;
546 
547   c2l(in, l);
548   ll[0] = l;
549   c2l(in, l);
550   ll[1] = l;
551   DES_encrypt1(ll, schedule, is_encrypt);
552   l = ll[0];
553   l2c(l, out);
554   l = ll[1];
555   l2c(l, out);
556   ll[0] = ll[1] = 0;
557 }
558 
DES_ncbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * schedule,DES_cblock * ivec,int enc)559 void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
560                       const DES_key_schedule *schedule, DES_cblock *ivec,
561                       int enc) {
562   uint32_t tin0, tin1;
563   uint32_t tout0, tout1, xor0, xor1;
564   uint32_t tin[2];
565   unsigned char *iv;
566 
567   iv = ivec->bytes;
568 
569   if (enc) {
570     c2l(iv, tout0);
571     c2l(iv, tout1);
572     for (; len >= 8; len -= 8) {
573       c2l(in, tin0);
574       c2l(in, tin1);
575       tin0 ^= tout0;
576       tin[0] = tin0;
577       tin1 ^= tout1;
578       tin[1] = tin1;
579       DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
580       tout0 = tin[0];
581       l2c(tout0, out);
582       tout1 = tin[1];
583       l2c(tout1, out);
584     }
585     if (len != 0) {
586       c2ln(in, tin0, tin1, len);
587       tin0 ^= tout0;
588       tin[0] = tin0;
589       tin1 ^= tout1;
590       tin[1] = tin1;
591       DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
592       tout0 = tin[0];
593       l2c(tout0, out);
594       tout1 = tin[1];
595       l2c(tout1, out);
596     }
597     iv = ivec->bytes;
598     l2c(tout0, iv);
599     l2c(tout1, iv);
600   } else {
601     c2l(iv, xor0);
602     c2l(iv, xor1);
603     for (; len >= 8; len -= 8) {
604       c2l(in, tin0);
605       tin[0] = tin0;
606       c2l(in, tin1);
607       tin[1] = tin1;
608       DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
609       tout0 = tin[0] ^ xor0;
610       tout1 = tin[1] ^ xor1;
611       l2c(tout0, out);
612       l2c(tout1, out);
613       xor0 = tin0;
614       xor1 = tin1;
615     }
616     if (len != 0) {
617       c2l(in, tin0);
618       tin[0] = tin0;
619       c2l(in, tin1);
620       tin[1] = tin1;
621       DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
622       tout0 = tin[0] ^ xor0;
623       tout1 = tin[1] ^ xor1;
624       l2cn(tout0, tout1, out, len);
625       xor0 = tin0;
626       xor1 = tin1;
627     }
628     iv = ivec->bytes;
629     l2c(xor0, iv);
630     l2c(xor1, iv);
631   }
632   tin[0] = tin[1] = 0;
633 }
634 
DES_ecb3_encrypt(const DES_cblock * input,DES_cblock * output,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,int enc)635 void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
636                       const DES_key_schedule *ks1, const DES_key_schedule *ks2,
637                       const DES_key_schedule *ks3, int enc) {
638   uint32_t l0, l1;
639   uint32_t ll[2];
640   const uint8_t *in = input->bytes;
641   uint8_t *out = output->bytes;
642 
643   c2l(in, l0);
644   c2l(in, l1);
645   ll[0] = l0;
646   ll[1] = l1;
647   if (enc) {
648     DES_encrypt3(ll, ks1, ks2, ks3);
649   } else {
650     DES_decrypt3(ll, ks1, ks2, ks3);
651   }
652   l0 = ll[0];
653   l1 = ll[1];
654   l2c(l0, out);
655   l2c(l1, out);
656 }
657 
DES_ede3_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,const DES_key_schedule * ks3,DES_cblock * ivec,int enc)658 void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
659                           const DES_key_schedule *ks1,
660                           const DES_key_schedule *ks2,
661                           const DES_key_schedule *ks3, DES_cblock *ivec,
662                           int enc) {
663   uint32_t tin0, tin1;
664   uint32_t tout0, tout1, xor0, xor1;
665   uint32_t tin[2];
666   uint8_t *iv;
667 
668   iv = ivec->bytes;
669 
670   if (enc) {
671     c2l(iv, tout0);
672     c2l(iv, tout1);
673     for (; len >= 8; len -= 8) {
674       c2l(in, tin0);
675       c2l(in, tin1);
676       tin0 ^= tout0;
677       tin1 ^= tout1;
678 
679       tin[0] = tin0;
680       tin[1] = tin1;
681       DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
682       tout0 = tin[0];
683       tout1 = tin[1];
684 
685       l2c(tout0, out);
686       l2c(tout1, out);
687     }
688     if (len != 0) {
689       c2ln(in, tin0, tin1, len);
690       tin0 ^= tout0;
691       tin1 ^= tout1;
692 
693       tin[0] = tin0;
694       tin[1] = tin1;
695       DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
696       tout0 = tin[0];
697       tout1 = tin[1];
698 
699       l2c(tout0, out);
700       l2c(tout1, out);
701     }
702     iv = ivec->bytes;
703     l2c(tout0, iv);
704     l2c(tout1, iv);
705   } else {
706     uint32_t t0, t1;
707 
708     c2l(iv, xor0);
709     c2l(iv, xor1);
710     for (; len >= 8; len -= 8) {
711       c2l(in, tin0);
712       c2l(in, tin1);
713 
714       t0 = tin0;
715       t1 = tin1;
716 
717       tin[0] = tin0;
718       tin[1] = tin1;
719       DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
720       tout0 = tin[0];
721       tout1 = tin[1];
722 
723       tout0 ^= xor0;
724       tout1 ^= xor1;
725       l2c(tout0, out);
726       l2c(tout1, out);
727       xor0 = t0;
728       xor1 = t1;
729     }
730     if (len != 0) {
731       c2l(in, tin0);
732       c2l(in, tin1);
733 
734       t0 = tin0;
735       t1 = tin1;
736 
737       tin[0] = tin0;
738       tin[1] = tin1;
739       DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
740       tout0 = tin[0];
741       tout1 = tin[1];
742 
743       tout0 ^= xor0;
744       tout1 ^= xor1;
745       l2cn(tout0, tout1, out, len);
746       xor0 = t0;
747       xor1 = t1;
748     }
749 
750     iv = ivec->bytes;
751     l2c(xor0, iv);
752     l2c(xor1, iv);
753   }
754 
755   tin[0] = tin[1] = 0;
756 }
757 
DES_ede2_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t len,const DES_key_schedule * ks1,const DES_key_schedule * ks2,DES_cblock * ivec,int enc)758 void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
759                           const DES_key_schedule *ks1,
760                           const DES_key_schedule *ks2,
761                           DES_cblock *ivec,
762                           int enc) {
763   DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc);
764 }
765 
766 
767 /* Deprecated functions. */
768 
DES_set_key_unchecked(const DES_cblock * key,DES_key_schedule * schedule)769 void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) {
770   DES_set_key(key, schedule);
771 }
772