1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <string.h>
58
59 #include <openssl/des.h>
60
61 #include "../crypto/des/internal.h"
62
63
64 /* The input and output encrypted as though 64bit cfb mode is being used. The
65 * extra state information to record how much of the 64bit block we have used
66 * is contained in *num; */
DES_ede3_cfb64_encrypt(const uint8_t * in,uint8_t * out,long length,DES_key_schedule * ks1,DES_key_schedule * ks2,DES_key_schedule * ks3,DES_cblock * ivec,int * num,int enc)67 void DES_ede3_cfb64_encrypt(const uint8_t *in, uint8_t *out,
68 long length, DES_key_schedule *ks1,
69 DES_key_schedule *ks2, DES_key_schedule *ks3,
70 DES_cblock *ivec, int *num, int enc) {
71 uint32_t v0, v1;
72 long l = length;
73 int n = *num;
74 uint32_t ti[2];
75 uint8_t *iv, c, cc;
76
77 iv = ivec->bytes;
78 if (enc) {
79 while (l--) {
80 if (n == 0) {
81 c2l(iv, v0);
82 c2l(iv, v1);
83
84 ti[0] = v0;
85 ti[1] = v1;
86 DES_encrypt3(ti, ks1, ks2, ks3);
87 v0 = ti[0];
88 v1 = ti[1];
89
90 iv = ivec->bytes;
91 l2c(v0, iv);
92 l2c(v1, iv);
93 iv = ivec->bytes;
94 }
95 c = *(in++) ^ iv[n];
96 *(out++) = c;
97 iv[n] = c;
98 n = (n + 1) & 0x07;
99 }
100 } else {
101 while (l--) {
102 if (n == 0) {
103 c2l(iv, v0);
104 c2l(iv, v1);
105
106 ti[0] = v0;
107 ti[1] = v1;
108 DES_encrypt3(ti, ks1, ks2, ks3);
109 v0 = ti[0];
110 v1 = ti[1];
111
112 iv = ivec->bytes;
113 l2c(v0, iv);
114 l2c(v1, iv);
115 iv = ivec->bytes;
116 }
117 cc = *(in++);
118 c = iv[n];
119 iv[n] = cc;
120 *(out++) = c ^ cc;
121 n = (n + 1) & 0x07;
122 }
123 }
124 v0 = v1 = ti[0] = ti[1] = c = cc = 0;
125 *num = n;
126 }
127
128 /* This is compatible with the single key CFB-r for DES, even thought that's
129 * not what EVP needs. */
130
DES_ede3_cfb_encrypt(const uint8_t * in,uint8_t * out,int numbits,long length,DES_key_schedule * ks1,DES_key_schedule * ks2,DES_key_schedule * ks3,DES_cblock * ivec,int enc)131 void DES_ede3_cfb_encrypt(const uint8_t *in, uint8_t *out, int numbits,
132 long length, DES_key_schedule *ks1,
133 DES_key_schedule *ks2, DES_key_schedule *ks3,
134 DES_cblock *ivec, int enc) {
135 uint32_t d0, d1, v0, v1;
136 unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
137 int num = numbits, i;
138 uint32_t ti[2];
139 uint8_t *iv;
140 uint8_t ovec[16];
141
142 if (num > 64) {
143 return;
144 };
145
146 iv = ivec->bytes;
147 c2l(iv, v0);
148 c2l(iv, v1);
149
150 if (enc) {
151 while (l >= n) {
152 l -= n;
153 ti[0] = v0;
154 ti[1] = v1;
155 DES_encrypt3(ti, ks1, ks2, ks3);
156 c2ln(in, d0, d1, n);
157 in += n;
158 d0 ^= ti[0];
159 d1 ^= ti[1];
160 l2cn(d0, d1, out, n);
161 out += n;
162 /* 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
163 * gcc :-( */
164 if (num == 32) {
165 v0 = v1;
166 v1 = d0;
167 } else if (num == 64) {
168 v0 = d0;
169 v1 = d1;
170 } else {
171 iv = &ovec[0];
172 l2c(v0, iv);
173 l2c(v1, iv);
174 l2c(d0, iv);
175 l2c(d1, iv);
176 /* shift ovec left most of the bits... */
177 memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
178 /* now the remaining bits */
179 if (num % 8 != 0) {
180 for (i = 0; i < 8; ++i) {
181 ovec[i] <<= num % 8;
182 ovec[i] |= ovec[i + 1] >> (8 - num % 8);
183 }
184 }
185 iv = &ovec[0];
186 c2l(iv, v0);
187 c2l(iv, v1);
188 }
189 }
190 } else {
191 while (l >= n) {
192 l -= n;
193 ti[0] = v0;
194 ti[1] = v1;
195 DES_encrypt3(ti, ks1, ks2, ks3);
196 c2ln(in, d0, d1, n);
197 in += n;
198 /* 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
199 * gcc :-( */
200 if (num == 32) {
201 v0 = v1;
202 v1 = d0;
203 } else if (num == 64) {
204 v0 = d0;
205 v1 = d1;
206 } else {
207 iv = &ovec[0];
208 l2c(v0, iv);
209 l2c(v1, iv);
210 l2c(d0, iv);
211 l2c(d1, iv);
212 /* shift ovec left most of the bits... */
213 memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
214 /* now the remaining bits */
215 if (num % 8 != 0) {
216 for (i = 0; i < 8; ++i) {
217 ovec[i] <<= num % 8;
218 ovec[i] |= ovec[i + 1] >> (8 - num % 8);
219 }
220 }
221 iv = &ovec[0];
222 c2l(iv, v0);
223 c2l(iv, v1);
224 }
225 d0 ^= ti[0];
226 d1 ^= ti[1];
227 l2cn(d0, d1, out, n);
228 out += n;
229 }
230 }
231
232 iv = ivec->bytes;
233 l2c(v0, iv);
234 l2c(v1, iv);
235 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
236 }
237