/src/boringssl/crypto/des/des.cc
Line | Count | Source |
1 | | // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/des.h> |
16 | | |
17 | | #include <stdlib.h> |
18 | | |
19 | | #include "internal.h" |
20 | | |
21 | | |
22 | | /* IP and FP |
23 | | * The problem is more of a geometric problem that random bit fiddling. |
24 | | 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 |
25 | | 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 |
26 | | 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 |
27 | | 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 |
28 | | |
29 | | 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 |
30 | | 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 |
31 | | 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 |
32 | | 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 |
33 | | |
34 | | The output has been subject to swaps of the form |
35 | | 0 1 -> 3 1 but the odd and even bits have been put into |
36 | | 2 3 2 0 |
37 | | different words. The main trick is to remember that |
38 | | t=((l>>size)^r)&(mask); |
39 | | r^=t; |
40 | | l^=(t<<size); |
41 | | can be used to swap and move bits between words. |
42 | | |
43 | | So l = 0 1 2 3 r = 16 17 18 19 |
44 | | 4 5 6 7 20 21 22 23 |
45 | | 8 9 10 11 24 25 26 27 |
46 | | 12 13 14 15 28 29 30 31 |
47 | | becomes (for size == 2 and mask == 0x3333) |
48 | | t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 |
49 | | 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 |
50 | | 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 |
51 | | 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 |
52 | | |
53 | | Thanks for hints from Richard Outerbridge - he told me IP&FP |
54 | | could be done in 15 xor, 10 shifts and 5 ands. |
55 | | When I finally started to think of the problem in 2D |
56 | | I first got ~42 operations without xors. When I remembered |
57 | | how to use xors :-) I got it to its final state. |
58 | | */ |
59 | | #define PERM_OP(a, b, t, n, m) \ |
60 | 340k | do { \ |
61 | 340k | (t) = ((((a) >> (n)) ^ (b)) & (m)); \ |
62 | 340k | (b) ^= (t); \ |
63 | 340k | (a) ^= ((t) << (n)); \ |
64 | 340k | } while (0) |
65 | | |
66 | | #define IP(l, r) \ |
67 | 30.3k | do { \ |
68 | 30.3k | uint32_t tt; \ |
69 | 30.3k | PERM_OP(r, l, tt, 4, 0x0f0f0f0fL); \ |
70 | 30.3k | PERM_OP(l, r, tt, 16, 0x0000ffffL); \ |
71 | 30.3k | PERM_OP(r, l, tt, 2, 0x33333333L); \ |
72 | 30.3k | PERM_OP(l, r, tt, 8, 0x00ff00ffL); \ |
73 | 30.3k | PERM_OP(r, l, tt, 1, 0x55555555L); \ |
74 | 30.3k | } while (0) |
75 | | |
76 | | #define FP(l, r) \ |
77 | 30.3k | do { \ |
78 | 30.3k | uint32_t tt; \ |
79 | 30.3k | PERM_OP(l, r, tt, 1, 0x55555555L); \ |
80 | 30.3k | PERM_OP(r, l, tt, 8, 0x00ff00ffL); \ |
81 | 30.3k | PERM_OP(l, r, tt, 2, 0x33333333L); \ |
82 | 30.3k | PERM_OP(r, l, tt, 16, 0x0000ffffL); \ |
83 | 30.3k | PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \ |
84 | 30.3k | } while (0) |
85 | | |
86 | | #define LOAD_DATA(ks, R, S, u, t, E0, E1) \ |
87 | 1.45M | do { \ |
88 | 1.45M | (u) = (R) ^ (ks)->subkeys[S][0]; \ |
89 | 1.45M | (t) = (R) ^ (ks)->subkeys[S][1]; \ |
90 | 1.45M | } while (0) |
91 | | |
92 | | #define D_ENCRYPT(ks, LL, R, S) \ |
93 | 1.45M | do { \ |
94 | 1.45M | LOAD_DATA(ks, R, S, u, t, E0, E1); \ |
95 | 1.45M | t = CRYPTO_rotr_u32(t, 4); \ |
96 | 1.45M | (LL) ^= \ |
97 | 1.45M | DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ \ |
98 | 1.45M | DES_SPtrans[4][(u >> 18L) & 0x3f] ^ \ |
99 | 1.45M | DES_SPtrans[6][(u >> 26L) & 0x3f] ^ DES_SPtrans[1][(t >> 2L) & 0x3f] ^ \ |
100 | 1.45M | DES_SPtrans[3][(t >> 10L) & 0x3f] ^ \ |
101 | 1.45M | DES_SPtrans[5][(t >> 18L) & 0x3f] ^ DES_SPtrans[7][(t >> 26L) & 0x3f]; \ |
102 | 1.45M | } while (0) |
103 | | |
104 | 159k | #define ITERATIONS 16 |
105 | | #define HALF_ITERATIONS 8 |
106 | | |
107 | | static const uint32_t des_skb[8][64] = { |
108 | | { // for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 |
109 | | 0x00000000, 0x00000010, 0x20000000, 0x20000010, 0x00010000, |
110 | | 0x00010010, 0x20010000, 0x20010010, 0x00000800, 0x00000810, |
111 | | 0x20000800, 0x20000810, 0x00010800, 0x00010810, 0x20010800, |
112 | | 0x20010810, 0x00000020, 0x00000030, 0x20000020, 0x20000030, |
113 | | 0x00010020, 0x00010030, 0x20010020, 0x20010030, 0x00000820, |
114 | | 0x00000830, 0x20000820, 0x20000830, 0x00010820, 0x00010830, |
115 | | 0x20010820, 0x20010830, 0x00080000, 0x00080010, 0x20080000, |
116 | | 0x20080010, 0x00090000, 0x00090010, 0x20090000, 0x20090010, |
117 | | 0x00080800, 0x00080810, 0x20080800, 0x20080810, 0x00090800, |
118 | | 0x00090810, 0x20090800, 0x20090810, 0x00080020, 0x00080030, |
119 | | 0x20080020, 0x20080030, 0x00090020, 0x00090030, 0x20090020, |
120 | | 0x20090030, 0x00080820, 0x00080830, 0x20080820, 0x20080830, |
121 | | 0x00090820, 0x00090830, 0x20090820, 0x20090830, }, |
122 | | { // for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 |
123 | | 0x00000000, 0x02000000, 0x00002000, 0x02002000, 0x00200000, |
124 | | 0x02200000, 0x00202000, 0x02202000, 0x00000004, 0x02000004, |
125 | | 0x00002004, 0x02002004, 0x00200004, 0x02200004, 0x00202004, |
126 | | 0x02202004, 0x00000400, 0x02000400, 0x00002400, 0x02002400, |
127 | | 0x00200400, 0x02200400, 0x00202400, 0x02202400, 0x00000404, |
128 | | 0x02000404, 0x00002404, 0x02002404, 0x00200404, 0x02200404, |
129 | | 0x00202404, 0x02202404, 0x10000000, 0x12000000, 0x10002000, |
130 | | 0x12002000, 0x10200000, 0x12200000, 0x10202000, 0x12202000, |
131 | | 0x10000004, 0x12000004, 0x10002004, 0x12002004, 0x10200004, |
132 | | 0x12200004, 0x10202004, 0x12202004, 0x10000400, 0x12000400, |
133 | | 0x10002400, 0x12002400, 0x10200400, 0x12200400, 0x10202400, |
134 | | 0x12202400, 0x10000404, 0x12000404, 0x10002404, 0x12002404, |
135 | | 0x10200404, 0x12200404, 0x10202404, 0x12202404, }, |
136 | | { // for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 |
137 | | 0x00000000, 0x00000001, 0x00040000, 0x00040001, 0x01000000, |
138 | | 0x01000001, 0x01040000, 0x01040001, 0x00000002, 0x00000003, |
139 | | 0x00040002, 0x00040003, 0x01000002, 0x01000003, 0x01040002, |
140 | | 0x01040003, 0x00000200, 0x00000201, 0x00040200, 0x00040201, |
141 | | 0x01000200, 0x01000201, 0x01040200, 0x01040201, 0x00000202, |
142 | | 0x00000203, 0x00040202, 0x00040203, 0x01000202, 0x01000203, |
143 | | 0x01040202, 0x01040203, 0x08000000, 0x08000001, 0x08040000, |
144 | | 0x08040001, 0x09000000, 0x09000001, 0x09040000, 0x09040001, |
145 | | 0x08000002, 0x08000003, 0x08040002, 0x08040003, 0x09000002, |
146 | | 0x09000003, 0x09040002, 0x09040003, 0x08000200, 0x08000201, |
147 | | 0x08040200, 0x08040201, 0x09000200, 0x09000201, 0x09040200, |
148 | | 0x09040201, 0x08000202, 0x08000203, 0x08040202, 0x08040203, |
149 | | 0x09000202, 0x09000203, 0x09040202, 0x09040203, }, |
150 | | { // for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 |
151 | | 0x00000000, 0x00100000, 0x00000100, 0x00100100, 0x00000008, |
152 | | 0x00100008, 0x00000108, 0x00100108, 0x00001000, 0x00101000, |
153 | | 0x00001100, 0x00101100, 0x00001008, 0x00101008, 0x00001108, |
154 | | 0x00101108, 0x04000000, 0x04100000, 0x04000100, 0x04100100, |
155 | | 0x04000008, 0x04100008, 0x04000108, 0x04100108, 0x04001000, |
156 | | 0x04101000, 0x04001100, 0x04101100, 0x04001008, 0x04101008, |
157 | | 0x04001108, 0x04101108, 0x00020000, 0x00120000, 0x00020100, |
158 | | 0x00120100, 0x00020008, 0x00120008, 0x00020108, 0x00120108, |
159 | | 0x00021000, 0x00121000, 0x00021100, 0x00121100, 0x00021008, |
160 | | 0x00121008, 0x00021108, 0x00121108, 0x04020000, 0x04120000, |
161 | | 0x04020100, 0x04120100, 0x04020008, 0x04120008, 0x04020108, |
162 | | 0x04120108, 0x04021000, 0x04121000, 0x04021100, 0x04121100, |
163 | | 0x04021008, 0x04121008, 0x04021108, 0x04121108, }, |
164 | | { // for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 |
165 | | 0x00000000, 0x10000000, 0x00010000, 0x10010000, 0x00000004, |
166 | | 0x10000004, 0x00010004, 0x10010004, 0x20000000, 0x30000000, |
167 | | 0x20010000, 0x30010000, 0x20000004, 0x30000004, 0x20010004, |
168 | | 0x30010004, 0x00100000, 0x10100000, 0x00110000, 0x10110000, |
169 | | 0x00100004, 0x10100004, 0x00110004, 0x10110004, 0x20100000, |
170 | | 0x30100000, 0x20110000, 0x30110000, 0x20100004, 0x30100004, |
171 | | 0x20110004, 0x30110004, 0x00001000, 0x10001000, 0x00011000, |
172 | | 0x10011000, 0x00001004, 0x10001004, 0x00011004, 0x10011004, |
173 | | 0x20001000, 0x30001000, 0x20011000, 0x30011000, 0x20001004, |
174 | | 0x30001004, 0x20011004, 0x30011004, 0x00101000, 0x10101000, |
175 | | 0x00111000, 0x10111000, 0x00101004, 0x10101004, 0x00111004, |
176 | | 0x10111004, 0x20101000, 0x30101000, 0x20111000, 0x30111000, |
177 | | 0x20101004, 0x30101004, 0x20111004, 0x30111004, }, |
178 | | { // for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 |
179 | | 0x00000000, 0x08000000, 0x00000008, 0x08000008, 0x00000400, |
180 | | 0x08000400, 0x00000408, 0x08000408, 0x00020000, 0x08020000, |
181 | | 0x00020008, 0x08020008, 0x00020400, 0x08020400, 0x00020408, |
182 | | 0x08020408, 0x00000001, 0x08000001, 0x00000009, 0x08000009, |
183 | | 0x00000401, 0x08000401, 0x00000409, 0x08000409, 0x00020001, |
184 | | 0x08020001, 0x00020009, 0x08020009, 0x00020401, 0x08020401, |
185 | | 0x00020409, 0x08020409, 0x02000000, 0x0A000000, 0x02000008, |
186 | | 0x0A000008, 0x02000400, 0x0A000400, 0x02000408, 0x0A000408, |
187 | | 0x02020000, 0x0A020000, 0x02020008, 0x0A020008, 0x02020400, |
188 | | 0x0A020400, 0x02020408, 0x0A020408, 0x02000001, 0x0A000001, |
189 | | 0x02000009, 0x0A000009, 0x02000401, 0x0A000401, 0x02000409, |
190 | | 0x0A000409, 0x02020001, 0x0A020001, 0x02020009, 0x0A020009, |
191 | | 0x02020401, 0x0A020401, 0x02020409, 0x0A020409, }, |
192 | | { // for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 |
193 | | 0x00000000, 0x00000100, 0x00080000, 0x00080100, 0x01000000, |
194 | | 0x01000100, 0x01080000, 0x01080100, 0x00000010, 0x00000110, |
195 | | 0x00080010, 0x00080110, 0x01000010, 0x01000110, 0x01080010, |
196 | | 0x01080110, 0x00200000, 0x00200100, 0x00280000, 0x00280100, |
197 | | 0x01200000, 0x01200100, 0x01280000, 0x01280100, 0x00200010, |
198 | | 0x00200110, 0x00280010, 0x00280110, 0x01200010, 0x01200110, |
199 | | 0x01280010, 0x01280110, 0x00000200, 0x00000300, 0x00080200, |
200 | | 0x00080300, 0x01000200, 0x01000300, 0x01080200, 0x01080300, |
201 | | 0x00000210, 0x00000310, 0x00080210, 0x00080310, 0x01000210, |
202 | | 0x01000310, 0x01080210, 0x01080310, 0x00200200, 0x00200300, |
203 | | 0x00280200, 0x00280300, 0x01200200, 0x01200300, 0x01280200, |
204 | | 0x01280300, 0x00200210, 0x00200310, 0x00280210, 0x00280310, |
205 | | 0x01200210, 0x01200310, 0x01280210, 0x01280310, }, |
206 | | { // for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 |
207 | | 0x00000000, 0x04000000, 0x00040000, 0x04040000, 0x00000002, |
208 | | 0x04000002, 0x00040002, 0x04040002, 0x00002000, 0x04002000, |
209 | | 0x00042000, 0x04042000, 0x00002002, 0x04002002, 0x00042002, |
210 | | 0x04042002, 0x00000020, 0x04000020, 0x00040020, 0x04040020, |
211 | | 0x00000022, 0x04000022, 0x00040022, 0x04040022, 0x00002020, |
212 | | 0x04002020, 0x00042020, 0x04042020, 0x00002022, 0x04002022, |
213 | | 0x00042022, 0x04042022, 0x00000800, 0x04000800, 0x00040800, |
214 | | 0x04040800, 0x00000802, 0x04000802, 0x00040802, 0x04040802, |
215 | | 0x00002800, 0x04002800, 0x00042800, 0x04042800, 0x00002802, |
216 | | 0x04002802, 0x00042802, 0x04042802, 0x00000820, 0x04000820, |
217 | | 0x00040820, 0x04040820, 0x00000822, 0x04000822, 0x00040822, |
218 | | 0x04040822, 0x00002820, 0x04002820, 0x00042820, 0x04042820, |
219 | | 0x00002822, 0x04002822, 0x00042822, 0x04042822, }}; |
220 | | |
221 | | static const uint32_t DES_SPtrans[8][64] = { |
222 | | { // nibble 0 |
223 | | 0x02080800, 0x00080000, 0x02000002, 0x02080802, 0x02000000, |
224 | | 0x00080802, 0x00080002, 0x02000002, 0x00080802, 0x02080800, |
225 | | 0x02080000, 0x00000802, 0x02000802, 0x02000000, 0x00000000, |
226 | | 0x00080002, 0x00080000, 0x00000002, 0x02000800, 0x00080800, |
227 | | 0x02080802, 0x02080000, 0x00000802, 0x02000800, 0x00000002, |
228 | | 0x00000800, 0x00080800, 0x02080002, 0x00000800, 0x02000802, |
229 | | 0x02080002, 0x00000000, 0x00000000, 0x02080802, 0x02000800, |
230 | | 0x00080002, 0x02080800, 0x00080000, 0x00000802, 0x02000800, |
231 | | 0x02080002, 0x00000800, 0x00080800, 0x02000002, 0x00080802, |
232 | | 0x00000002, 0x02000002, 0x02080000, 0x02080802, 0x00080800, |
233 | | 0x02080000, 0x02000802, 0x02000000, 0x00000802, 0x00080002, |
234 | | 0x00000000, 0x00080000, 0x02000000, 0x02000802, 0x02080800, |
235 | | 0x00000002, 0x02080002, 0x00000800, 0x00080802, }, |
236 | | { // nibble 1 |
237 | | 0x40108010, 0x00000000, 0x00108000, 0x40100000, 0x40000010, |
238 | | 0x00008010, 0x40008000, 0x00108000, 0x00008000, 0x40100010, |
239 | | 0x00000010, 0x40008000, 0x00100010, 0x40108000, 0x40100000, |
240 | | 0x00000010, 0x00100000, 0x40008010, 0x40100010, 0x00008000, |
241 | | 0x00108010, 0x40000000, 0x00000000, 0x00100010, 0x40008010, |
242 | | 0x00108010, 0x40108000, 0x40000010, 0x40000000, 0x00100000, |
243 | | 0x00008010, 0x40108010, 0x00100010, 0x40108000, 0x40008000, |
244 | | 0x00108010, 0x40108010, 0x00100010, 0x40000010, 0x00000000, |
245 | | 0x40000000, 0x00008010, 0x00100000, 0x40100010, 0x00008000, |
246 | | 0x40000000, 0x00108010, 0x40008010, 0x40108000, 0x00008000, |
247 | | 0x00000000, 0x40000010, 0x00000010, 0x40108010, 0x00108000, |
248 | | 0x40100000, 0x40100010, 0x00100000, 0x00008010, 0x40008000, |
249 | | 0x40008010, 0x00000010, 0x40100000, 0x00108000, }, |
250 | | { // nibble 2 |
251 | | 0x04000001, 0x04040100, 0x00000100, 0x04000101, 0x00040001, |
252 | | 0x04000000, 0x04000101, 0x00040100, 0x04000100, 0x00040000, |
253 | | 0x04040000, 0x00000001, 0x04040101, 0x00000101, 0x00000001, |
254 | | 0x04040001, 0x00000000, 0x00040001, 0x04040100, 0x00000100, |
255 | | 0x00000101, 0x04040101, 0x00040000, 0x04000001, 0x04040001, |
256 | | 0x04000100, 0x00040101, 0x04040000, 0x00040100, 0x00000000, |
257 | | 0x04000000, 0x00040101, 0x04040100, 0x00000100, 0x00000001, |
258 | | 0x00040000, 0x00000101, 0x00040001, 0x04040000, 0x04000101, |
259 | | 0x00000000, 0x04040100, 0x00040100, 0x04040001, 0x00040001, |
260 | | 0x04000000, 0x04040101, 0x00000001, 0x00040101, 0x04000001, |
261 | | 0x04000000, 0x04040101, 0x00040000, 0x04000100, 0x04000101, |
262 | | 0x00040100, 0x04000100, 0x00000000, 0x04040001, 0x00000101, |
263 | | 0x04000001, 0x00040101, 0x00000100, 0x04040000, }, |
264 | | { // nibble 3 |
265 | | 0x00401008, 0x10001000, 0x00000008, 0x10401008, 0x00000000, |
266 | | 0x10400000, 0x10001008, 0x00400008, 0x10401000, 0x10000008, |
267 | | 0x10000000, 0x00001008, 0x10000008, 0x00401008, 0x00400000, |
268 | | 0x10000000, 0x10400008, 0x00401000, 0x00001000, 0x00000008, |
269 | | 0x00401000, 0x10001008, 0x10400000, 0x00001000, 0x00001008, |
270 | | 0x00000000, 0x00400008, 0x10401000, 0x10001000, 0x10400008, |
271 | | 0x10401008, 0x00400000, 0x10400008, 0x00001008, 0x00400000, |
272 | | 0x10000008, 0x00401000, 0x10001000, 0x00000008, 0x10400000, |
273 | | 0x10001008, 0x00000000, 0x00001000, 0x00400008, 0x00000000, |
274 | | 0x10400008, 0x10401000, 0x00001000, 0x10000000, 0x10401008, |
275 | | 0x00401008, 0x00400000, 0x10401008, 0x00000008, 0x10001000, |
276 | | 0x00401008, 0x00400008, 0x00401000, 0x10400000, 0x10001008, |
277 | | 0x00001008, 0x10000000, 0x10000008, 0x10401000, }, |
278 | | { // nibble 4 |
279 | | 0x08000000, 0x00010000, 0x00000400, 0x08010420, 0x08010020, |
280 | | 0x08000400, 0x00010420, 0x08010000, 0x00010000, 0x00000020, |
281 | | 0x08000020, 0x00010400, 0x08000420, 0x08010020, 0x08010400, |
282 | | 0x00000000, 0x00010400, 0x08000000, 0x00010020, 0x00000420, |
283 | | 0x08000400, 0x00010420, 0x00000000, 0x08000020, 0x00000020, |
284 | | 0x08000420, 0x08010420, 0x00010020, 0x08010000, 0x00000400, |
285 | | 0x00000420, 0x08010400, 0x08010400, 0x08000420, 0x00010020, |
286 | | 0x08010000, 0x00010000, 0x00000020, 0x08000020, 0x08000400, |
287 | | 0x08000000, 0x00010400, 0x08010420, 0x00000000, 0x00010420, |
288 | | 0x08000000, 0x00000400, 0x00010020, 0x08000420, 0x00000400, |
289 | | 0x00000000, 0x08010420, 0x08010020, 0x08010400, 0x00000420, |
290 | | 0x00010000, 0x00010400, 0x08010020, 0x08000400, 0x00000420, |
291 | | 0x00000020, 0x00010420, 0x08010000, 0x08000020, }, |
292 | | { // nibble 5 |
293 | | 0x80000040, 0x00200040, 0x00000000, 0x80202000, 0x00200040, |
294 | | 0x00002000, 0x80002040, 0x00200000, 0x00002040, 0x80202040, |
295 | | 0x00202000, 0x80000000, 0x80002000, 0x80000040, 0x80200000, |
296 | | 0x00202040, 0x00200000, 0x80002040, 0x80200040, 0x00000000, |
297 | | 0x00002000, 0x00000040, 0x80202000, 0x80200040, 0x80202040, |
298 | | 0x80200000, 0x80000000, 0x00002040, 0x00000040, 0x00202000, |
299 | | 0x00202040, 0x80002000, 0x00002040, 0x80000000, 0x80002000, |
300 | | 0x00202040, 0x80202000, 0x00200040, 0x00000000, 0x80002000, |
301 | | 0x80000000, 0x00002000, 0x80200040, 0x00200000, 0x00200040, |
302 | | 0x80202040, 0x00202000, 0x00000040, 0x80202040, 0x00202000, |
303 | | 0x00200000, 0x80002040, 0x80000040, 0x80200000, 0x00202040, |
304 | | 0x00000000, 0x00002000, 0x80000040, 0x80002040, 0x80202000, |
305 | | 0x80200000, 0x00002040, 0x00000040, 0x80200040, }, |
306 | | { // nibble 6 |
307 | | 0x00004000, 0x00000200, 0x01000200, 0x01000004, 0x01004204, |
308 | | 0x00004004, 0x00004200, 0x00000000, 0x01000000, 0x01000204, |
309 | | 0x00000204, 0x01004000, 0x00000004, 0x01004200, 0x01004000, |
310 | | 0x00000204, 0x01000204, 0x00004000, 0x00004004, 0x01004204, |
311 | | 0x00000000, 0x01000200, 0x01000004, 0x00004200, 0x01004004, |
312 | | 0x00004204, 0x01004200, 0x00000004, 0x00004204, 0x01004004, |
313 | | 0x00000200, 0x01000000, 0x00004204, 0x01004000, 0x01004004, |
314 | | 0x00000204, 0x00004000, 0x00000200, 0x01000000, 0x01004004, |
315 | | 0x01000204, 0x00004204, 0x00004200, 0x00000000, 0x00000200, |
316 | | 0x01000004, 0x00000004, 0x01000200, 0x00000000, 0x01000204, |
317 | | 0x01000200, 0x00004200, 0x00000204, 0x00004000, 0x01004204, |
318 | | 0x01000000, 0x01004200, 0x00000004, 0x00004004, 0x01004204, |
319 | | 0x01000004, 0x01004200, 0x01004000, 0x00004004, }, |
320 | | { // nibble 7 |
321 | | 0x20800080, 0x20820000, 0x00020080, 0x00000000, 0x20020000, |
322 | | 0x00800080, 0x20800000, 0x20820080, 0x00000080, 0x20000000, |
323 | | 0x00820000, 0x00020080, 0x00820080, 0x20020080, 0x20000080, |
324 | | 0x20800000, 0x00020000, 0x00820080, 0x00800080, 0x20020000, |
325 | | 0x20820080, 0x20000080, 0x00000000, 0x00820000, 0x20000000, |
326 | | 0x00800000, 0x20020080, 0x20800080, 0x00800000, 0x00020000, |
327 | | 0x20820000, 0x00000080, 0x00800000, 0x00020000, 0x20000080, |
328 | | 0x20820080, 0x00020080, 0x20000000, 0x00000000, 0x00820000, |
329 | | 0x20800080, 0x20020080, 0x20020000, 0x00800080, 0x20820000, |
330 | | 0x00000080, 0x00800080, 0x20020000, 0x20820080, 0x00800000, |
331 | | 0x20800000, 0x20000080, 0x00820000, 0x00020080, 0x20020080, |
332 | | 0x20800000, 0x00000080, 0x20820000, 0x00820080, 0x00000000, |
333 | | 0x20000000, 0x20800080, 0x00020000, 0x00820080, }}; |
334 | | |
335 | | #define HPERM_OP(a, t, n, m) \ |
336 | 18.7k | ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \ |
337 | 18.7k | (a) = (a) ^ (t) ^ ((t) >> (16 - (n)))) |
338 | | |
339 | 0 | void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { |
340 | 0 | DES_set_key_ex(key->bytes, schedule); |
341 | 0 | } |
342 | | |
343 | 9.38k | void DES_set_key_ex(const uint8_t key[8], DES_key_schedule *schedule) { |
344 | 9.38k | static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1, |
345 | 9.38k | 0, 1, 1, 1, 1, 1, 1, 0}; |
346 | 9.38k | uint32_t c, d, t, s, t2; |
347 | 9.38k | const uint8_t *in; |
348 | 9.38k | int i; |
349 | | |
350 | 9.38k | in = key; |
351 | | |
352 | 9.38k | c2l(in, c); |
353 | 9.38k | c2l(in, d); |
354 | | |
355 | | // do PC1 in 47 simple operations :-) |
356 | | // Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) |
357 | | // for the inspiration. :-) |
358 | 9.38k | PERM_OP(d, c, t, 4, 0x0f0f0f0f); |
359 | 9.38k | HPERM_OP(c, t, -2, 0xcccc0000); |
360 | 9.38k | HPERM_OP(d, t, -2, 0xcccc0000); |
361 | 9.38k | PERM_OP(d, c, t, 1, 0x55555555); |
362 | 9.38k | PERM_OP(c, d, t, 8, 0x00ff00ff); |
363 | 9.38k | PERM_OP(d, c, t, 1, 0x55555555); |
364 | 9.38k | d = (((d & 0x000000ff) << 16) | (d & 0x0000ff00) | |
365 | 9.38k | ((d & 0x00ff0000) >> 16) | ((c & 0xf0000000) >> 4)); |
366 | 9.38k | c &= 0x0fffffff; |
367 | | |
368 | 159k | for (i = 0; i < ITERATIONS; i++) { |
369 | 150k | if (shifts2[i]) { |
370 | 112k | c = ((c >> 2) | (c << 26)); |
371 | 112k | d = ((d >> 2) | (d << 26)); |
372 | 112k | } else { |
373 | 37.5k | c = ((c >> 1) | (c << 27)); |
374 | 37.5k | d = ((d >> 1) | (d << 27)); |
375 | 37.5k | } |
376 | 150k | c &= 0x0fffffff; |
377 | 150k | d &= 0x0fffffff; |
378 | | // could be a few less shifts but I am to lazy at this |
379 | | // point in time to investigate |
380 | 150k | s = des_skb[0][(c) & 0x3f] | |
381 | 150k | des_skb[1][((c >> 6) & 0x03) | ((c >> 7) & 0x3c)] | |
382 | 150k | des_skb[2][((c >> 13) & 0x0f) | ((c >> 14) & 0x30)] | |
383 | 150k | des_skb[3][((c >> 20) & 0x01) | ((c >> 21) & 0x06) | |
384 | 150k | ((c >> 22) & 0x38)]; |
385 | 150k | t = des_skb[4][(d) & 0x3f] | |
386 | 150k | des_skb[5][((d >> 7) & 0x03) | ((d >> 8) & 0x3c)] | |
387 | 150k | des_skb[6][(d >> 15) & 0x3f] | |
388 | 150k | des_skb[7][((d >> 21) & 0x0f) | ((d >> 22) & 0x30)]; |
389 | | |
390 | | // table contained 0213 4657 |
391 | 150k | t2 = ((t << 16) | (s & 0x0000ffff)) & 0xffffffff; |
392 | 150k | schedule->subkeys[i][0] = CRYPTO_rotr_u32(t2, 30); |
393 | | |
394 | 150k | t2 = ((s >> 16) | (t & 0xffff0000)); |
395 | 150k | schedule->subkeys[i][1] = CRYPTO_rotr_u32(t2, 26); |
396 | 150k | } |
397 | 9.38k | } |
398 | | |
399 | | static const uint8_t kOddParity[256] = { |
400 | | 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, |
401 | | 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, |
402 | | 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, |
403 | | 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, |
404 | | 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, |
405 | | 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, |
406 | | 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, |
407 | | 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, |
408 | | 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134, |
409 | | 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148, |
410 | | 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164, |
411 | | 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179, |
412 | | 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194, |
413 | | 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208, |
414 | | 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224, |
415 | | 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239, |
416 | | 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, |
417 | | 254 |
418 | | }; |
419 | | |
420 | 0 | void DES_set_odd_parity(DES_cblock *key) { |
421 | 0 | unsigned i; |
422 | |
|
423 | 0 | for (i = 0; i < DES_KEY_SZ; i++) { |
424 | 0 | key->bytes[i] = kOddParity[key->bytes[i]]; |
425 | 0 | } |
426 | 0 | } |
427 | | |
428 | | static void DES_encrypt1(uint32_t data[2], const DES_key_schedule *ks, |
429 | 0 | int enc) { |
430 | 0 | uint32_t l, r, t, u; |
431 | |
|
432 | 0 | r = data[0]; |
433 | 0 | l = data[1]; |
434 | |
|
435 | 0 | IP(r, l); |
436 | | // Things have been modified so that the initial rotate is done outside |
437 | | // the loop. This required the DES_SPtrans values in sp.h to be |
438 | | // rotated 1 bit to the right. One perl script later and things have a |
439 | | // 5% speed up on a sparc2. Thanks to Richard Outerbridge |
440 | | // <71755.204@CompuServe.COM> for pointing this out. |
441 | | // clear the top bits on machines with 8byte longs |
442 | | // shift left by 2 |
443 | 0 | r = CRYPTO_rotr_u32(r, 29); |
444 | 0 | l = CRYPTO_rotr_u32(l, 29); |
445 | | |
446 | | // I don't know if it is worth the effort of loop unrolling the |
447 | | // inner loop |
448 | 0 | if (enc) { |
449 | 0 | D_ENCRYPT(ks, l, r, 0); |
450 | 0 | D_ENCRYPT(ks, r, l, 1); |
451 | 0 | D_ENCRYPT(ks, l, r, 2); |
452 | 0 | D_ENCRYPT(ks, r, l, 3); |
453 | 0 | D_ENCRYPT(ks, l, r, 4); |
454 | 0 | D_ENCRYPT(ks, r, l, 5); |
455 | 0 | D_ENCRYPT(ks, l, r, 6); |
456 | 0 | D_ENCRYPT(ks, r, l, 7); |
457 | 0 | D_ENCRYPT(ks, l, r, 8); |
458 | 0 | D_ENCRYPT(ks, r, l, 9); |
459 | 0 | D_ENCRYPT(ks, l, r, 10); |
460 | 0 | D_ENCRYPT(ks, r, l, 11); |
461 | 0 | D_ENCRYPT(ks, l, r, 12); |
462 | 0 | D_ENCRYPT(ks, r, l, 13); |
463 | 0 | D_ENCRYPT(ks, l, r, 14); |
464 | 0 | D_ENCRYPT(ks, r, l, 15); |
465 | 0 | } else { |
466 | 0 | D_ENCRYPT(ks, l, r, 15); |
467 | 0 | D_ENCRYPT(ks, r, l, 14); |
468 | 0 | D_ENCRYPT(ks, l, r, 13); |
469 | 0 | D_ENCRYPT(ks, r, l, 12); |
470 | 0 | D_ENCRYPT(ks, l, r, 11); |
471 | 0 | D_ENCRYPT(ks, r, l, 10); |
472 | 0 | D_ENCRYPT(ks, l, r, 9); |
473 | 0 | D_ENCRYPT(ks, r, l, 8); |
474 | 0 | D_ENCRYPT(ks, l, r, 7); |
475 | 0 | D_ENCRYPT(ks, r, l, 6); |
476 | 0 | D_ENCRYPT(ks, l, r, 5); |
477 | 0 | D_ENCRYPT(ks, r, l, 4); |
478 | 0 | D_ENCRYPT(ks, l, r, 3); |
479 | 0 | D_ENCRYPT(ks, r, l, 2); |
480 | 0 | D_ENCRYPT(ks, l, r, 1); |
481 | 0 | D_ENCRYPT(ks, r, l, 0); |
482 | 0 | } |
483 | | |
484 | | // rotate and clear the top bits on machines with 8byte longs |
485 | 0 | l = CRYPTO_rotr_u32(l, 3); |
486 | 0 | r = CRYPTO_rotr_u32(r, 3); |
487 | |
|
488 | 0 | FP(r, l); |
489 | 0 | data[0] = l; |
490 | 0 | data[1] = r; |
491 | 0 | } |
492 | | |
493 | | static void DES_encrypt2(uint32_t data[2], const DES_key_schedule *ks, |
494 | 90.9k | int enc) { |
495 | 90.9k | uint32_t l, r, t, u; |
496 | | |
497 | 90.9k | r = data[0]; |
498 | 90.9k | l = data[1]; |
499 | | |
500 | | // Things have been modified so that the initial rotate is done outside the |
501 | | // loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to |
502 | | // the right. One perl script later and things have a 5% speed up on a |
503 | | // sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for |
504 | | // pointing this out. |
505 | | // clear the top bits on machines with 8byte longs |
506 | 90.9k | r = CRYPTO_rotr_u32(r, 29); |
507 | 90.9k | l = CRYPTO_rotr_u32(l, 29); |
508 | | |
509 | | // I don't know if it is worth the effort of loop unrolling the |
510 | | // inner loop |
511 | 90.9k | if (enc) { |
512 | 32.0k | D_ENCRYPT(ks, l, r, 0); |
513 | 32.0k | D_ENCRYPT(ks, r, l, 1); |
514 | 32.0k | D_ENCRYPT(ks, l, r, 2); |
515 | 32.0k | D_ENCRYPT(ks, r, l, 3); |
516 | 32.0k | D_ENCRYPT(ks, l, r, 4); |
517 | 32.0k | D_ENCRYPT(ks, r, l, 5); |
518 | 32.0k | D_ENCRYPT(ks, l, r, 6); |
519 | 32.0k | D_ENCRYPT(ks, r, l, 7); |
520 | 32.0k | D_ENCRYPT(ks, l, r, 8); |
521 | 32.0k | D_ENCRYPT(ks, r, l, 9); |
522 | 32.0k | D_ENCRYPT(ks, l, r, 10); |
523 | 32.0k | D_ENCRYPT(ks, r, l, 11); |
524 | 32.0k | D_ENCRYPT(ks, l, r, 12); |
525 | 32.0k | D_ENCRYPT(ks, r, l, 13); |
526 | 32.0k | D_ENCRYPT(ks, l, r, 14); |
527 | 32.0k | D_ENCRYPT(ks, r, l, 15); |
528 | 58.8k | } else { |
529 | 58.8k | D_ENCRYPT(ks, l, r, 15); |
530 | 58.8k | D_ENCRYPT(ks, r, l, 14); |
531 | 58.8k | D_ENCRYPT(ks, l, r, 13); |
532 | 58.8k | D_ENCRYPT(ks, r, l, 12); |
533 | 58.8k | D_ENCRYPT(ks, l, r, 11); |
534 | 58.8k | D_ENCRYPT(ks, r, l, 10); |
535 | 58.8k | D_ENCRYPT(ks, l, r, 9); |
536 | 58.8k | D_ENCRYPT(ks, r, l, 8); |
537 | 58.8k | D_ENCRYPT(ks, l, r, 7); |
538 | 58.8k | D_ENCRYPT(ks, r, l, 6); |
539 | 58.8k | D_ENCRYPT(ks, l, r, 5); |
540 | 58.8k | D_ENCRYPT(ks, r, l, 4); |
541 | 58.8k | D_ENCRYPT(ks, l, r, 3); |
542 | 58.8k | D_ENCRYPT(ks, r, l, 2); |
543 | 58.8k | D_ENCRYPT(ks, l, r, 1); |
544 | 58.8k | D_ENCRYPT(ks, r, l, 0); |
545 | 58.8k | } |
546 | | // rotate and clear the top bits on machines with 8byte longs |
547 | 90.9k | data[0] = CRYPTO_rotr_u32(l, 3); |
548 | 90.9k | data[1] = CRYPTO_rotr_u32(r, 3); |
549 | 90.9k | } |
550 | | |
551 | | void DES_encrypt3(uint32_t data[2], const DES_key_schedule *ks1, |
552 | 1.75k | const DES_key_schedule *ks2, const DES_key_schedule *ks3) { |
553 | 1.75k | uint32_t l, r; |
554 | | |
555 | 1.75k | l = data[0]; |
556 | 1.75k | r = data[1]; |
557 | 1.75k | IP(l, r); |
558 | 1.75k | data[0] = l; |
559 | 1.75k | data[1] = r; |
560 | 1.75k | DES_encrypt2(data, ks1, DES_ENCRYPT); |
561 | 1.75k | DES_encrypt2(data, ks2, DES_DECRYPT); |
562 | 1.75k | DES_encrypt2(data, ks3, DES_ENCRYPT); |
563 | 1.75k | l = data[0]; |
564 | 1.75k | r = data[1]; |
565 | 1.75k | FP(r, l); |
566 | 1.75k | data[0] = l; |
567 | 1.75k | data[1] = r; |
568 | 1.75k | } |
569 | | |
570 | | void DES_decrypt3(uint32_t data[2], const DES_key_schedule *ks1, |
571 | 28.5k | const DES_key_schedule *ks2, const DES_key_schedule *ks3) { |
572 | 28.5k | uint32_t l, r; |
573 | | |
574 | 28.5k | l = data[0]; |
575 | 28.5k | r = data[1]; |
576 | 28.5k | IP(l, r); |
577 | 28.5k | data[0] = l; |
578 | 28.5k | data[1] = r; |
579 | 28.5k | DES_encrypt2(data, ks3, DES_DECRYPT); |
580 | 28.5k | DES_encrypt2(data, ks2, DES_ENCRYPT); |
581 | 28.5k | DES_encrypt2(data, ks1, DES_DECRYPT); |
582 | 28.5k | l = data[0]; |
583 | 28.5k | r = data[1]; |
584 | 28.5k | FP(r, l); |
585 | 28.5k | data[0] = l; |
586 | 28.5k | data[1] = r; |
587 | 28.5k | } |
588 | | |
589 | | void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block, |
590 | 0 | const DES_key_schedule *schedule, int is_encrypt) { |
591 | 0 | DES_ecb_encrypt_ex(in_block->bytes, out_block->bytes, schedule, is_encrypt); |
592 | 0 | } |
593 | | |
594 | | void DES_ecb_encrypt_ex(const uint8_t in[8], uint8_t out[8], |
595 | 0 | const DES_key_schedule *schedule, int is_encrypt) { |
596 | 0 | uint32_t ll[2]; |
597 | 0 | ll[0] = CRYPTO_load_u32_le(in); |
598 | 0 | ll[1] = CRYPTO_load_u32_le(in + 4); |
599 | 0 | DES_encrypt1(ll, schedule, is_encrypt); |
600 | 0 | CRYPTO_store_u32_le(out, ll[0]); |
601 | 0 | CRYPTO_store_u32_le(out + 4, ll[1]); |
602 | 0 | } |
603 | | |
604 | | void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
605 | | const DES_key_schedule *schedule, DES_cblock *ivec, |
606 | 0 | int enc) { |
607 | 0 | DES_ncbc_encrypt_ex(in, out, len, schedule, ivec->bytes, enc); |
608 | 0 | } |
609 | | |
610 | | void DES_ncbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len, |
611 | | const DES_key_schedule *schedule, uint8_t ivec[8], |
612 | 0 | int enc) { |
613 | 0 | uint32_t tin0, tin1; |
614 | 0 | uint32_t tout0, tout1, xor0, xor1; |
615 | 0 | uint32_t tin[2]; |
616 | 0 | unsigned char *iv; |
617 | |
|
618 | 0 | iv = ivec; |
619 | |
|
620 | 0 | if (enc) { |
621 | 0 | c2l(iv, tout0); |
622 | 0 | c2l(iv, tout1); |
623 | 0 | for (; len >= 8; len -= 8) { |
624 | 0 | c2l(in, tin0); |
625 | 0 | c2l(in, tin1); |
626 | 0 | tin0 ^= tout0; |
627 | 0 | tin[0] = tin0; |
628 | 0 | tin1 ^= tout1; |
629 | 0 | tin[1] = tin1; |
630 | 0 | DES_encrypt1(tin, schedule, DES_ENCRYPT); |
631 | 0 | tout0 = tin[0]; |
632 | 0 | l2c(tout0, out); |
633 | 0 | tout1 = tin[1]; |
634 | 0 | l2c(tout1, out); |
635 | 0 | } |
636 | 0 | if (len != 0) { |
637 | 0 | c2ln(in, tin0, tin1, len); |
638 | 0 | tin0 ^= tout0; |
639 | 0 | tin[0] = tin0; |
640 | 0 | tin1 ^= tout1; |
641 | 0 | tin[1] = tin1; |
642 | 0 | DES_encrypt1(tin, schedule, DES_ENCRYPT); |
643 | 0 | tout0 = tin[0]; |
644 | 0 | l2c(tout0, out); |
645 | 0 | tout1 = tin[1]; |
646 | 0 | l2c(tout1, out); |
647 | 0 | } |
648 | 0 | iv = ivec; |
649 | 0 | l2c(tout0, iv); |
650 | 0 | l2c(tout1, iv); |
651 | 0 | } else { |
652 | 0 | c2l(iv, xor0); |
653 | 0 | c2l(iv, xor1); |
654 | 0 | for (; len >= 8; len -= 8) { |
655 | 0 | c2l(in, tin0); |
656 | 0 | tin[0] = tin0; |
657 | 0 | c2l(in, tin1); |
658 | 0 | tin[1] = tin1; |
659 | 0 | DES_encrypt1(tin, schedule, DES_DECRYPT); |
660 | 0 | tout0 = tin[0] ^ xor0; |
661 | 0 | tout1 = tin[1] ^ xor1; |
662 | 0 | l2c(tout0, out); |
663 | 0 | l2c(tout1, out); |
664 | 0 | xor0 = tin0; |
665 | 0 | xor1 = tin1; |
666 | 0 | } |
667 | 0 | if (len != 0) { |
668 | 0 | c2l(in, tin0); |
669 | 0 | tin[0] = tin0; |
670 | 0 | c2l(in, tin1); |
671 | 0 | tin[1] = tin1; |
672 | 0 | DES_encrypt1(tin, schedule, DES_DECRYPT); |
673 | 0 | tout0 = tin[0] ^ xor0; |
674 | 0 | tout1 = tin[1] ^ xor1; |
675 | 0 | l2cn(tout0, tout1, out, len); |
676 | 0 | xor0 = tin0; |
677 | 0 | xor1 = tin1; |
678 | 0 | } |
679 | 0 | iv = ivec; |
680 | 0 | l2c(xor0, iv); |
681 | 0 | l2c(xor1, iv); |
682 | 0 | } |
683 | 0 | tin[0] = tin[1] = 0; |
684 | 0 | } |
685 | | |
686 | | void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output, |
687 | | const DES_key_schedule *ks1, const DES_key_schedule *ks2, |
688 | 0 | const DES_key_schedule *ks3, int enc) { |
689 | 0 | DES_ecb3_encrypt_ex(input->bytes, output->bytes, ks1, ks2, ks3, enc); |
690 | 0 | } |
691 | | |
692 | | void DES_ecb3_encrypt_ex(const uint8_t in[8], uint8_t out[8], |
693 | | const DES_key_schedule *ks1, |
694 | | const DES_key_schedule *ks2, |
695 | 0 | const DES_key_schedule *ks3, int enc) { |
696 | 0 | uint32_t ll[2]; |
697 | 0 | ll[0] = CRYPTO_load_u32_le(in); |
698 | 0 | ll[1] = CRYPTO_load_u32_le(in + 4); |
699 | 0 | if (enc) { |
700 | 0 | DES_encrypt3(ll, ks1, ks2, ks3); |
701 | 0 | } else { |
702 | 0 | DES_decrypt3(ll, ks1, ks2, ks3); |
703 | 0 | } |
704 | 0 | CRYPTO_store_u32_le(out, ll[0]); |
705 | 0 | CRYPTO_store_u32_le(out + 4, ll[1]); |
706 | 0 | } |
707 | | |
708 | | void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
709 | | const DES_key_schedule *ks1, |
710 | | const DES_key_schedule *ks2, |
711 | | const DES_key_schedule *ks3, DES_cblock *ivec, |
712 | 0 | int enc) { |
713 | 0 | DES_ede3_cbc_encrypt_ex(in, out, len, ks1, ks2, ks3, ivec->bytes, enc); |
714 | 0 | } |
715 | | |
716 | | void DES_ede3_cbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len, |
717 | | const DES_key_schedule *ks1, |
718 | | const DES_key_schedule *ks2, |
719 | | const DES_key_schedule *ks3, uint8_t ivec[8], |
720 | 1.18k | int enc) { |
721 | 1.18k | uint32_t tin0, tin1; |
722 | 1.18k | uint32_t tout0, tout1, xor0, xor1; |
723 | 1.18k | uint32_t tin[2]; |
724 | 1.18k | uint8_t *iv; |
725 | | |
726 | 1.18k | iv = ivec; |
727 | | |
728 | 1.18k | if (enc) { |
729 | 1.05k | c2l(iv, tout0); |
730 | 1.05k | c2l(iv, tout1); |
731 | 2.81k | for (; len >= 8; len -= 8) { |
732 | 1.75k | c2l(in, tin0); |
733 | 1.75k | c2l(in, tin1); |
734 | 1.75k | tin0 ^= tout0; |
735 | 1.75k | tin1 ^= tout1; |
736 | | |
737 | 1.75k | tin[0] = tin0; |
738 | 1.75k | tin[1] = tin1; |
739 | 1.75k | DES_encrypt3(tin, ks1, ks2, ks3); |
740 | 1.75k | tout0 = tin[0]; |
741 | 1.75k | tout1 = tin[1]; |
742 | | |
743 | 1.75k | l2c(tout0, out); |
744 | 1.75k | l2c(tout1, out); |
745 | 1.75k | } |
746 | 1.05k | if (len != 0) { |
747 | 0 | c2ln(in, tin0, tin1, len); |
748 | 0 | tin0 ^= tout0; |
749 | 0 | tin1 ^= tout1; |
750 | |
|
751 | 0 | tin[0] = tin0; |
752 | 0 | tin[1] = tin1; |
753 | 0 | DES_encrypt3(tin, ks1, ks2, ks3); |
754 | 0 | tout0 = tin[0]; |
755 | 0 | tout1 = tin[1]; |
756 | |
|
757 | 0 | l2c(tout0, out); |
758 | 0 | l2c(tout1, out); |
759 | 0 | } |
760 | 1.05k | iv = ivec; |
761 | 1.05k | l2c(tout0, iv); |
762 | 1.05k | l2c(tout1, iv); |
763 | 1.05k | } else { |
764 | 136 | uint32_t t0, t1; |
765 | | |
766 | 136 | c2l(iv, xor0); |
767 | 136 | c2l(iv, xor1); |
768 | 28.6k | for (; len >= 8; len -= 8) { |
769 | 28.5k | c2l(in, tin0); |
770 | 28.5k | c2l(in, tin1); |
771 | | |
772 | 28.5k | t0 = tin0; |
773 | 28.5k | t1 = tin1; |
774 | | |
775 | 28.5k | tin[0] = tin0; |
776 | 28.5k | tin[1] = tin1; |
777 | 28.5k | DES_decrypt3(tin, ks1, ks2, ks3); |
778 | 28.5k | tout0 = tin[0]; |
779 | 28.5k | tout1 = tin[1]; |
780 | | |
781 | 28.5k | tout0 ^= xor0; |
782 | 28.5k | tout1 ^= xor1; |
783 | 28.5k | l2c(tout0, out); |
784 | 28.5k | l2c(tout1, out); |
785 | 28.5k | xor0 = t0; |
786 | 28.5k | xor1 = t1; |
787 | 28.5k | } |
788 | 136 | if (len != 0) { |
789 | 0 | c2l(in, tin0); |
790 | 0 | c2l(in, tin1); |
791 | |
|
792 | 0 | t0 = tin0; |
793 | 0 | t1 = tin1; |
794 | |
|
795 | 0 | tin[0] = tin0; |
796 | 0 | tin[1] = tin1; |
797 | 0 | DES_decrypt3(tin, ks1, ks2, ks3); |
798 | 0 | tout0 = tin[0]; |
799 | 0 | tout1 = tin[1]; |
800 | |
|
801 | 0 | tout0 ^= xor0; |
802 | 0 | tout1 ^= xor1; |
803 | 0 | l2cn(tout0, tout1, out, len); |
804 | 0 | xor0 = t0; |
805 | 0 | xor1 = t1; |
806 | 0 | } |
807 | | |
808 | 136 | iv = ivec; |
809 | 136 | l2c(xor0, iv); |
810 | 136 | l2c(xor1, iv); |
811 | 136 | } |
812 | | |
813 | 1.18k | tin[0] = tin[1] = 0; |
814 | 1.18k | } |
815 | | |
816 | | void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
817 | | const DES_key_schedule *ks1, |
818 | | const DES_key_schedule *ks2, |
819 | | DES_cblock *ivec, |
820 | 0 | int enc) { |
821 | 0 | DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc); |
822 | 0 | } |
823 | | |
824 | | |
825 | | // Deprecated functions. |
826 | | |
827 | 0 | void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) { |
828 | 0 | DES_set_key(key, schedule); |
829 | 0 | } |