/src/boringssl/crypto/des/des.cc
Line | Count | Source |
1 | | // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/des.h> |
16 | | |
17 | | #include <assert.h> |
18 | | #include <stdlib.h> |
19 | | |
20 | | #include "internal.h" |
21 | | |
22 | | |
23 | | using namespace bssl; |
24 | | |
25 | | /* IP and FP |
26 | | * The problem is more of a geometric problem that random bit fiddling. |
27 | | 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 |
28 | | 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 |
29 | | 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 |
30 | | 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 |
31 | | |
32 | | 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 |
33 | | 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 |
34 | | 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 |
35 | | 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 |
36 | | |
37 | | The output has been subject to swaps of the form |
38 | | 0 1 -> 3 1 but the odd and even bits have been put into |
39 | | 2 3 2 0 |
40 | | different words. The main trick is to remember that |
41 | | t=((l>>size)^r)&(mask); |
42 | | r^=t; |
43 | | l^=(t<<size); |
44 | | can be used to swap and move bits between words. |
45 | | |
46 | | So l = 0 1 2 3 r = 16 17 18 19 |
47 | | 4 5 6 7 20 21 22 23 |
48 | | 8 9 10 11 24 25 26 27 |
49 | | 12 13 14 15 28 29 30 31 |
50 | | becomes (for size == 2 and mask == 0x3333) |
51 | | t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 |
52 | | 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 |
53 | | 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 |
54 | | 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 |
55 | | |
56 | | Thanks for hints from Richard Outerbridge - he told me IP&FP |
57 | | could be done in 15 xor, 10 shifts and 5 ands. |
58 | | When I finally started to think of the problem in 2D |
59 | | I first got ~42 operations without xors. When I remembered |
60 | | how to use xors :-) I got it to its final state. |
61 | | */ |
62 | | #define PERM_OP(a, b, t, n, m) \ |
63 | 442k | do { \ |
64 | 442k | (t) = ((((a) >> (n)) ^ (b)) & (m)); \ |
65 | 442k | (b) ^= (t); \ |
66 | 442k | (a) ^= ((t) << (n)); \ |
67 | 442k | } while (0) |
68 | | |
69 | | #define IP(l, r) \ |
70 | 39.8k | do { \ |
71 | 39.8k | uint32_t tt; \ |
72 | 39.8k | PERM_OP(r, l, tt, 4, 0x0f0f0f0fL); \ |
73 | 39.8k | PERM_OP(l, r, tt, 16, 0x0000ffffL); \ |
74 | 39.8k | PERM_OP(r, l, tt, 2, 0x33333333L); \ |
75 | 39.8k | PERM_OP(l, r, tt, 8, 0x00ff00ffL); \ |
76 | 39.8k | PERM_OP(r, l, tt, 1, 0x55555555L); \ |
77 | 39.8k | } while (0) |
78 | | |
79 | | #define FP(l, r) \ |
80 | 39.8k | do { \ |
81 | 39.8k | uint32_t tt; \ |
82 | 39.8k | PERM_OP(l, r, tt, 1, 0x55555555L); \ |
83 | 39.8k | PERM_OP(r, l, tt, 8, 0x00ff00ffL); \ |
84 | 39.8k | PERM_OP(l, r, tt, 2, 0x33333333L); \ |
85 | 39.8k | PERM_OP(r, l, tt, 16, 0x0000ffffL); \ |
86 | 39.8k | PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \ |
87 | 39.8k | } while (0) |
88 | | |
89 | | #define LOAD_DATA(ks, R, S, u, t, E0, E1) \ |
90 | 1.91M | do { \ |
91 | 1.91M | (u) = (R) ^ (ks)->subkeys[S][0]; \ |
92 | 1.91M | (t) = (R) ^ (ks)->subkeys[S][1]; \ |
93 | 1.91M | } while (0) |
94 | | |
95 | | #define D_ENCRYPT(ks, LL, R, S) \ |
96 | 1.91M | do { \ |
97 | 1.91M | LOAD_DATA(ks, R, S, u, t, E0, E1); \ |
98 | 1.91M | t = CRYPTO_rotr_u32(t, 4); \ |
99 | 1.91M | (LL) ^= \ |
100 | 1.91M | DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ \ |
101 | 1.91M | DES_SPtrans[4][(u >> 18L) & 0x3f] ^ \ |
102 | 1.91M | DES_SPtrans[6][(u >> 26L) & 0x3f] ^ DES_SPtrans[1][(t >> 2L) & 0x3f] ^ \ |
103 | 1.91M | DES_SPtrans[3][(t >> 10L) & 0x3f] ^ \ |
104 | 1.91M | DES_SPtrans[5][(t >> 18L) & 0x3f] ^ DES_SPtrans[7][(t >> 26L) & 0x3f]; \ |
105 | 1.91M | } while (0) |
106 | | |
107 | 187k | #define ITERATIONS 16 |
108 | | #define HALF_ITERATIONS 8 |
109 | | |
110 | | static const uint32_t des_skb[8][64] = { |
111 | | { // for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 |
112 | | 0x00000000, 0x00000010, 0x20000000, 0x20000010, 0x00010000, |
113 | | 0x00010010, 0x20010000, 0x20010010, 0x00000800, 0x00000810, |
114 | | 0x20000800, 0x20000810, 0x00010800, 0x00010810, 0x20010800, |
115 | | 0x20010810, 0x00000020, 0x00000030, 0x20000020, 0x20000030, |
116 | | 0x00010020, 0x00010030, 0x20010020, 0x20010030, 0x00000820, |
117 | | 0x00000830, 0x20000820, 0x20000830, 0x00010820, 0x00010830, |
118 | | 0x20010820, 0x20010830, 0x00080000, 0x00080010, 0x20080000, |
119 | | 0x20080010, 0x00090000, 0x00090010, 0x20090000, 0x20090010, |
120 | | 0x00080800, 0x00080810, 0x20080800, 0x20080810, 0x00090800, |
121 | | 0x00090810, 0x20090800, 0x20090810, 0x00080020, 0x00080030, |
122 | | 0x20080020, 0x20080030, 0x00090020, 0x00090030, 0x20090020, |
123 | | 0x20090030, 0x00080820, 0x00080830, 0x20080820, 0x20080830, |
124 | | 0x00090820, 0x00090830, 0x20090820, 0x20090830, }, |
125 | | { // for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 |
126 | | 0x00000000, 0x02000000, 0x00002000, 0x02002000, 0x00200000, |
127 | | 0x02200000, 0x00202000, 0x02202000, 0x00000004, 0x02000004, |
128 | | 0x00002004, 0x02002004, 0x00200004, 0x02200004, 0x00202004, |
129 | | 0x02202004, 0x00000400, 0x02000400, 0x00002400, 0x02002400, |
130 | | 0x00200400, 0x02200400, 0x00202400, 0x02202400, 0x00000404, |
131 | | 0x02000404, 0x00002404, 0x02002404, 0x00200404, 0x02200404, |
132 | | 0x00202404, 0x02202404, 0x10000000, 0x12000000, 0x10002000, |
133 | | 0x12002000, 0x10200000, 0x12200000, 0x10202000, 0x12202000, |
134 | | 0x10000004, 0x12000004, 0x10002004, 0x12002004, 0x10200004, |
135 | | 0x12200004, 0x10202004, 0x12202004, 0x10000400, 0x12000400, |
136 | | 0x10002400, 0x12002400, 0x10200400, 0x12200400, 0x10202400, |
137 | | 0x12202400, 0x10000404, 0x12000404, 0x10002404, 0x12002404, |
138 | | 0x10200404, 0x12200404, 0x10202404, 0x12202404, }, |
139 | | { // for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 |
140 | | 0x00000000, 0x00000001, 0x00040000, 0x00040001, 0x01000000, |
141 | | 0x01000001, 0x01040000, 0x01040001, 0x00000002, 0x00000003, |
142 | | 0x00040002, 0x00040003, 0x01000002, 0x01000003, 0x01040002, |
143 | | 0x01040003, 0x00000200, 0x00000201, 0x00040200, 0x00040201, |
144 | | 0x01000200, 0x01000201, 0x01040200, 0x01040201, 0x00000202, |
145 | | 0x00000203, 0x00040202, 0x00040203, 0x01000202, 0x01000203, |
146 | | 0x01040202, 0x01040203, 0x08000000, 0x08000001, 0x08040000, |
147 | | 0x08040001, 0x09000000, 0x09000001, 0x09040000, 0x09040001, |
148 | | 0x08000002, 0x08000003, 0x08040002, 0x08040003, 0x09000002, |
149 | | 0x09000003, 0x09040002, 0x09040003, 0x08000200, 0x08000201, |
150 | | 0x08040200, 0x08040201, 0x09000200, 0x09000201, 0x09040200, |
151 | | 0x09040201, 0x08000202, 0x08000203, 0x08040202, 0x08040203, |
152 | | 0x09000202, 0x09000203, 0x09040202, 0x09040203, }, |
153 | | { // for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 |
154 | | 0x00000000, 0x00100000, 0x00000100, 0x00100100, 0x00000008, |
155 | | 0x00100008, 0x00000108, 0x00100108, 0x00001000, 0x00101000, |
156 | | 0x00001100, 0x00101100, 0x00001008, 0x00101008, 0x00001108, |
157 | | 0x00101108, 0x04000000, 0x04100000, 0x04000100, 0x04100100, |
158 | | 0x04000008, 0x04100008, 0x04000108, 0x04100108, 0x04001000, |
159 | | 0x04101000, 0x04001100, 0x04101100, 0x04001008, 0x04101008, |
160 | | 0x04001108, 0x04101108, 0x00020000, 0x00120000, 0x00020100, |
161 | | 0x00120100, 0x00020008, 0x00120008, 0x00020108, 0x00120108, |
162 | | 0x00021000, 0x00121000, 0x00021100, 0x00121100, 0x00021008, |
163 | | 0x00121008, 0x00021108, 0x00121108, 0x04020000, 0x04120000, |
164 | | 0x04020100, 0x04120100, 0x04020008, 0x04120008, 0x04020108, |
165 | | 0x04120108, 0x04021000, 0x04121000, 0x04021100, 0x04121100, |
166 | | 0x04021008, 0x04121008, 0x04021108, 0x04121108, }, |
167 | | { // for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 |
168 | | 0x00000000, 0x10000000, 0x00010000, 0x10010000, 0x00000004, |
169 | | 0x10000004, 0x00010004, 0x10010004, 0x20000000, 0x30000000, |
170 | | 0x20010000, 0x30010000, 0x20000004, 0x30000004, 0x20010004, |
171 | | 0x30010004, 0x00100000, 0x10100000, 0x00110000, 0x10110000, |
172 | | 0x00100004, 0x10100004, 0x00110004, 0x10110004, 0x20100000, |
173 | | 0x30100000, 0x20110000, 0x30110000, 0x20100004, 0x30100004, |
174 | | 0x20110004, 0x30110004, 0x00001000, 0x10001000, 0x00011000, |
175 | | 0x10011000, 0x00001004, 0x10001004, 0x00011004, 0x10011004, |
176 | | 0x20001000, 0x30001000, 0x20011000, 0x30011000, 0x20001004, |
177 | | 0x30001004, 0x20011004, 0x30011004, 0x00101000, 0x10101000, |
178 | | 0x00111000, 0x10111000, 0x00101004, 0x10101004, 0x00111004, |
179 | | 0x10111004, 0x20101000, 0x30101000, 0x20111000, 0x30111000, |
180 | | 0x20101004, 0x30101004, 0x20111004, 0x30111004, }, |
181 | | { // for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 |
182 | | 0x00000000, 0x08000000, 0x00000008, 0x08000008, 0x00000400, |
183 | | 0x08000400, 0x00000408, 0x08000408, 0x00020000, 0x08020000, |
184 | | 0x00020008, 0x08020008, 0x00020400, 0x08020400, 0x00020408, |
185 | | 0x08020408, 0x00000001, 0x08000001, 0x00000009, 0x08000009, |
186 | | 0x00000401, 0x08000401, 0x00000409, 0x08000409, 0x00020001, |
187 | | 0x08020001, 0x00020009, 0x08020009, 0x00020401, 0x08020401, |
188 | | 0x00020409, 0x08020409, 0x02000000, 0x0A000000, 0x02000008, |
189 | | 0x0A000008, 0x02000400, 0x0A000400, 0x02000408, 0x0A000408, |
190 | | 0x02020000, 0x0A020000, 0x02020008, 0x0A020008, 0x02020400, |
191 | | 0x0A020400, 0x02020408, 0x0A020408, 0x02000001, 0x0A000001, |
192 | | 0x02000009, 0x0A000009, 0x02000401, 0x0A000401, 0x02000409, |
193 | | 0x0A000409, 0x02020001, 0x0A020001, 0x02020009, 0x0A020009, |
194 | | 0x02020401, 0x0A020401, 0x02020409, 0x0A020409, }, |
195 | | { // for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 |
196 | | 0x00000000, 0x00000100, 0x00080000, 0x00080100, 0x01000000, |
197 | | 0x01000100, 0x01080000, 0x01080100, 0x00000010, 0x00000110, |
198 | | 0x00080010, 0x00080110, 0x01000010, 0x01000110, 0x01080010, |
199 | | 0x01080110, 0x00200000, 0x00200100, 0x00280000, 0x00280100, |
200 | | 0x01200000, 0x01200100, 0x01280000, 0x01280100, 0x00200010, |
201 | | 0x00200110, 0x00280010, 0x00280110, 0x01200010, 0x01200110, |
202 | | 0x01280010, 0x01280110, 0x00000200, 0x00000300, 0x00080200, |
203 | | 0x00080300, 0x01000200, 0x01000300, 0x01080200, 0x01080300, |
204 | | 0x00000210, 0x00000310, 0x00080210, 0x00080310, 0x01000210, |
205 | | 0x01000310, 0x01080210, 0x01080310, 0x00200200, 0x00200300, |
206 | | 0x00280200, 0x00280300, 0x01200200, 0x01200300, 0x01280200, |
207 | | 0x01280300, 0x00200210, 0x00200310, 0x00280210, 0x00280310, |
208 | | 0x01200210, 0x01200310, 0x01280210, 0x01280310, }, |
209 | | { // for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 |
210 | | 0x00000000, 0x04000000, 0x00040000, 0x04040000, 0x00000002, |
211 | | 0x04000002, 0x00040002, 0x04040002, 0x00002000, 0x04002000, |
212 | | 0x00042000, 0x04042000, 0x00002002, 0x04002002, 0x00042002, |
213 | | 0x04042002, 0x00000020, 0x04000020, 0x00040020, 0x04040020, |
214 | | 0x00000022, 0x04000022, 0x00040022, 0x04040022, 0x00002020, |
215 | | 0x04002020, 0x00042020, 0x04042020, 0x00002022, 0x04002022, |
216 | | 0x00042022, 0x04042022, 0x00000800, 0x04000800, 0x00040800, |
217 | | 0x04040800, 0x00000802, 0x04000802, 0x00040802, 0x04040802, |
218 | | 0x00002800, 0x04002800, 0x00042800, 0x04042800, 0x00002802, |
219 | | 0x04002802, 0x00042802, 0x04042802, 0x00000820, 0x04000820, |
220 | | 0x00040820, 0x04040820, 0x00000822, 0x04000822, 0x00040822, |
221 | | 0x04040822, 0x00002820, 0x04002820, 0x00042820, 0x04042820, |
222 | | 0x00002822, 0x04002822, 0x00042822, 0x04042822, }}; |
223 | | |
224 | | static const uint32_t DES_SPtrans[8][64] = { |
225 | | { // nibble 0 |
226 | | 0x02080800, 0x00080000, 0x02000002, 0x02080802, 0x02000000, |
227 | | 0x00080802, 0x00080002, 0x02000002, 0x00080802, 0x02080800, |
228 | | 0x02080000, 0x00000802, 0x02000802, 0x02000000, 0x00000000, |
229 | | 0x00080002, 0x00080000, 0x00000002, 0x02000800, 0x00080800, |
230 | | 0x02080802, 0x02080000, 0x00000802, 0x02000800, 0x00000002, |
231 | | 0x00000800, 0x00080800, 0x02080002, 0x00000800, 0x02000802, |
232 | | 0x02080002, 0x00000000, 0x00000000, 0x02080802, 0x02000800, |
233 | | 0x00080002, 0x02080800, 0x00080000, 0x00000802, 0x02000800, |
234 | | 0x02080002, 0x00000800, 0x00080800, 0x02000002, 0x00080802, |
235 | | 0x00000002, 0x02000002, 0x02080000, 0x02080802, 0x00080800, |
236 | | 0x02080000, 0x02000802, 0x02000000, 0x00000802, 0x00080002, |
237 | | 0x00000000, 0x00080000, 0x02000000, 0x02000802, 0x02080800, |
238 | | 0x00000002, 0x02080002, 0x00000800, 0x00080802, }, |
239 | | { // nibble 1 |
240 | | 0x40108010, 0x00000000, 0x00108000, 0x40100000, 0x40000010, |
241 | | 0x00008010, 0x40008000, 0x00108000, 0x00008000, 0x40100010, |
242 | | 0x00000010, 0x40008000, 0x00100010, 0x40108000, 0x40100000, |
243 | | 0x00000010, 0x00100000, 0x40008010, 0x40100010, 0x00008000, |
244 | | 0x00108010, 0x40000000, 0x00000000, 0x00100010, 0x40008010, |
245 | | 0x00108010, 0x40108000, 0x40000010, 0x40000000, 0x00100000, |
246 | | 0x00008010, 0x40108010, 0x00100010, 0x40108000, 0x40008000, |
247 | | 0x00108010, 0x40108010, 0x00100010, 0x40000010, 0x00000000, |
248 | | 0x40000000, 0x00008010, 0x00100000, 0x40100010, 0x00008000, |
249 | | 0x40000000, 0x00108010, 0x40008010, 0x40108000, 0x00008000, |
250 | | 0x00000000, 0x40000010, 0x00000010, 0x40108010, 0x00108000, |
251 | | 0x40100000, 0x40100010, 0x00100000, 0x00008010, 0x40008000, |
252 | | 0x40008010, 0x00000010, 0x40100000, 0x00108000, }, |
253 | | { // nibble 2 |
254 | | 0x04000001, 0x04040100, 0x00000100, 0x04000101, 0x00040001, |
255 | | 0x04000000, 0x04000101, 0x00040100, 0x04000100, 0x00040000, |
256 | | 0x04040000, 0x00000001, 0x04040101, 0x00000101, 0x00000001, |
257 | | 0x04040001, 0x00000000, 0x00040001, 0x04040100, 0x00000100, |
258 | | 0x00000101, 0x04040101, 0x00040000, 0x04000001, 0x04040001, |
259 | | 0x04000100, 0x00040101, 0x04040000, 0x00040100, 0x00000000, |
260 | | 0x04000000, 0x00040101, 0x04040100, 0x00000100, 0x00000001, |
261 | | 0x00040000, 0x00000101, 0x00040001, 0x04040000, 0x04000101, |
262 | | 0x00000000, 0x04040100, 0x00040100, 0x04040001, 0x00040001, |
263 | | 0x04000000, 0x04040101, 0x00000001, 0x00040101, 0x04000001, |
264 | | 0x04000000, 0x04040101, 0x00040000, 0x04000100, 0x04000101, |
265 | | 0x00040100, 0x04000100, 0x00000000, 0x04040001, 0x00000101, |
266 | | 0x04000001, 0x00040101, 0x00000100, 0x04040000, }, |
267 | | { // nibble 3 |
268 | | 0x00401008, 0x10001000, 0x00000008, 0x10401008, 0x00000000, |
269 | | 0x10400000, 0x10001008, 0x00400008, 0x10401000, 0x10000008, |
270 | | 0x10000000, 0x00001008, 0x10000008, 0x00401008, 0x00400000, |
271 | | 0x10000000, 0x10400008, 0x00401000, 0x00001000, 0x00000008, |
272 | | 0x00401000, 0x10001008, 0x10400000, 0x00001000, 0x00001008, |
273 | | 0x00000000, 0x00400008, 0x10401000, 0x10001000, 0x10400008, |
274 | | 0x10401008, 0x00400000, 0x10400008, 0x00001008, 0x00400000, |
275 | | 0x10000008, 0x00401000, 0x10001000, 0x00000008, 0x10400000, |
276 | | 0x10001008, 0x00000000, 0x00001000, 0x00400008, 0x00000000, |
277 | | 0x10400008, 0x10401000, 0x00001000, 0x10000000, 0x10401008, |
278 | | 0x00401008, 0x00400000, 0x10401008, 0x00000008, 0x10001000, |
279 | | 0x00401008, 0x00400008, 0x00401000, 0x10400000, 0x10001008, |
280 | | 0x00001008, 0x10000000, 0x10000008, 0x10401000, }, |
281 | | { // nibble 4 |
282 | | 0x08000000, 0x00010000, 0x00000400, 0x08010420, 0x08010020, |
283 | | 0x08000400, 0x00010420, 0x08010000, 0x00010000, 0x00000020, |
284 | | 0x08000020, 0x00010400, 0x08000420, 0x08010020, 0x08010400, |
285 | | 0x00000000, 0x00010400, 0x08000000, 0x00010020, 0x00000420, |
286 | | 0x08000400, 0x00010420, 0x00000000, 0x08000020, 0x00000020, |
287 | | 0x08000420, 0x08010420, 0x00010020, 0x08010000, 0x00000400, |
288 | | 0x00000420, 0x08010400, 0x08010400, 0x08000420, 0x00010020, |
289 | | 0x08010000, 0x00010000, 0x00000020, 0x08000020, 0x08000400, |
290 | | 0x08000000, 0x00010400, 0x08010420, 0x00000000, 0x00010420, |
291 | | 0x08000000, 0x00000400, 0x00010020, 0x08000420, 0x00000400, |
292 | | 0x00000000, 0x08010420, 0x08010020, 0x08010400, 0x00000420, |
293 | | 0x00010000, 0x00010400, 0x08010020, 0x08000400, 0x00000420, |
294 | | 0x00000020, 0x00010420, 0x08010000, 0x08000020, }, |
295 | | { // nibble 5 |
296 | | 0x80000040, 0x00200040, 0x00000000, 0x80202000, 0x00200040, |
297 | | 0x00002000, 0x80002040, 0x00200000, 0x00002040, 0x80202040, |
298 | | 0x00202000, 0x80000000, 0x80002000, 0x80000040, 0x80200000, |
299 | | 0x00202040, 0x00200000, 0x80002040, 0x80200040, 0x00000000, |
300 | | 0x00002000, 0x00000040, 0x80202000, 0x80200040, 0x80202040, |
301 | | 0x80200000, 0x80000000, 0x00002040, 0x00000040, 0x00202000, |
302 | | 0x00202040, 0x80002000, 0x00002040, 0x80000000, 0x80002000, |
303 | | 0x00202040, 0x80202000, 0x00200040, 0x00000000, 0x80002000, |
304 | | 0x80000000, 0x00002000, 0x80200040, 0x00200000, 0x00200040, |
305 | | 0x80202040, 0x00202000, 0x00000040, 0x80202040, 0x00202000, |
306 | | 0x00200000, 0x80002040, 0x80000040, 0x80200000, 0x00202040, |
307 | | 0x00000000, 0x00002000, 0x80000040, 0x80002040, 0x80202000, |
308 | | 0x80200000, 0x00002040, 0x00000040, 0x80200040, }, |
309 | | { // nibble 6 |
310 | | 0x00004000, 0x00000200, 0x01000200, 0x01000004, 0x01004204, |
311 | | 0x00004004, 0x00004200, 0x00000000, 0x01000000, 0x01000204, |
312 | | 0x00000204, 0x01004000, 0x00000004, 0x01004200, 0x01004000, |
313 | | 0x00000204, 0x01000204, 0x00004000, 0x00004004, 0x01004204, |
314 | | 0x00000000, 0x01000200, 0x01000004, 0x00004200, 0x01004004, |
315 | | 0x00004204, 0x01004200, 0x00000004, 0x00004204, 0x01004004, |
316 | | 0x00000200, 0x01000000, 0x00004204, 0x01004000, 0x01004004, |
317 | | 0x00000204, 0x00004000, 0x00000200, 0x01000000, 0x01004004, |
318 | | 0x01000204, 0x00004204, 0x00004200, 0x00000000, 0x00000200, |
319 | | 0x01000004, 0x00000004, 0x01000200, 0x00000000, 0x01000204, |
320 | | 0x01000200, 0x00004200, 0x00000204, 0x00004000, 0x01004204, |
321 | | 0x01000000, 0x01004200, 0x00000004, 0x00004004, 0x01004204, |
322 | | 0x01000004, 0x01004200, 0x01004000, 0x00004004, }, |
323 | | { // nibble 7 |
324 | | 0x20800080, 0x20820000, 0x00020080, 0x00000000, 0x20020000, |
325 | | 0x00800080, 0x20800000, 0x20820080, 0x00000080, 0x20000000, |
326 | | 0x00820000, 0x00020080, 0x00820080, 0x20020080, 0x20000080, |
327 | | 0x20800000, 0x00020000, 0x00820080, 0x00800080, 0x20020000, |
328 | | 0x20820080, 0x20000080, 0x00000000, 0x00820000, 0x20000000, |
329 | | 0x00800000, 0x20020080, 0x20800080, 0x00800000, 0x00020000, |
330 | | 0x20820000, 0x00000080, 0x00800000, 0x00020000, 0x20000080, |
331 | | 0x20820080, 0x00020080, 0x20000000, 0x00000000, 0x00820000, |
332 | | 0x20800080, 0x20020080, 0x20020000, 0x00800080, 0x20820000, |
333 | | 0x00000080, 0x00800080, 0x20020000, 0x20820080, 0x00800000, |
334 | | 0x20800000, 0x20000080, 0x00820000, 0x00020080, 0x20020080, |
335 | | 0x20800000, 0x00000080, 0x20820000, 0x00820080, 0x00000000, |
336 | | 0x20000000, 0x20800080, 0x00020000, 0x00820080, }}; |
337 | | |
338 | | #define HPERM_OP(a, t, n, m) \ |
339 | 22.1k | ((t) = ((((a) << (16 - (n))) ^ (a)) & (m)), \ |
340 | 22.1k | (a) = (a) ^ (t) ^ ((t) >> (16 - (n)))) |
341 | | |
342 | 0 | void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { |
343 | 0 | DES_set_key_ex(key->bytes, schedule); |
344 | 0 | } |
345 | | |
346 | 11.0k | void bssl::DES_set_key_ex(const uint8_t key[8], DES_key_schedule *schedule) { |
347 | 11.0k | static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1, |
348 | 11.0k | 0, 1, 1, 1, 1, 1, 1, 0}; |
349 | 11.0k | uint32_t c, d, t, s, t2; |
350 | 11.0k | const uint8_t *in; |
351 | 11.0k | int i; |
352 | | |
353 | 11.0k | in = key; |
354 | | |
355 | 11.0k | c2l(in, c); |
356 | 11.0k | c2l(in, d); |
357 | | |
358 | | // do PC1 in 47 simple operations :-) |
359 | | // Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) |
360 | | // for the inspiration. :-) |
361 | 11.0k | PERM_OP(d, c, t, 4, 0x0f0f0f0f); |
362 | 11.0k | HPERM_OP(c, t, -2, 0xcccc0000); |
363 | 11.0k | HPERM_OP(d, t, -2, 0xcccc0000); |
364 | 11.0k | PERM_OP(d, c, t, 1, 0x55555555); |
365 | 11.0k | PERM_OP(c, d, t, 8, 0x00ff00ff); |
366 | 11.0k | PERM_OP(d, c, t, 1, 0x55555555); |
367 | 11.0k | d = (((d & 0x000000ff) << 16) | (d & 0x0000ff00) | |
368 | 11.0k | ((d & 0x00ff0000) >> 16) | ((c & 0xf0000000) >> 4)); |
369 | 11.0k | c &= 0x0fffffff; |
370 | | |
371 | 187k | for (i = 0; i < ITERATIONS; i++) { |
372 | 176k | if (shifts2[i]) { |
373 | 132k | c = ((c >> 2) | (c << 26)); |
374 | 132k | d = ((d >> 2) | (d << 26)); |
375 | 132k | } else { |
376 | 44.2k | c = ((c >> 1) | (c << 27)); |
377 | 44.2k | d = ((d >> 1) | (d << 27)); |
378 | 44.2k | } |
379 | 176k | c &= 0x0fffffff; |
380 | 176k | d &= 0x0fffffff; |
381 | | // could be a few less shifts but I am to lazy at this |
382 | | // point in time to investigate |
383 | 176k | s = des_skb[0][(c) & 0x3f] | |
384 | 176k | des_skb[1][((c >> 6) & 0x03) | ((c >> 7) & 0x3c)] | |
385 | 176k | des_skb[2][((c >> 13) & 0x0f) | ((c >> 14) & 0x30)] | |
386 | 176k | des_skb[3][((c >> 20) & 0x01) | ((c >> 21) & 0x06) | |
387 | 176k | ((c >> 22) & 0x38)]; |
388 | 176k | t = des_skb[4][(d) & 0x3f] | |
389 | 176k | des_skb[5][((d >> 7) & 0x03) | ((d >> 8) & 0x3c)] | |
390 | 176k | des_skb[6][(d >> 15) & 0x3f] | |
391 | 176k | des_skb[7][((d >> 21) & 0x0f) | ((d >> 22) & 0x30)]; |
392 | | |
393 | | // table contained 0213 4657 |
394 | 176k | t2 = ((t << 16) | (s & 0x0000ffff)) & 0xffffffff; |
395 | 176k | schedule->subkeys[i][0] = CRYPTO_rotr_u32(t2, 30); |
396 | | |
397 | 176k | t2 = ((s >> 16) | (t & 0xffff0000)); |
398 | 176k | schedule->subkeys[i][1] = CRYPTO_rotr_u32(t2, 26); |
399 | 176k | } |
400 | 11.0k | } |
401 | | |
402 | | static const uint8_t kOddParity[256] = { |
403 | | 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, |
404 | | 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, |
405 | | 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, |
406 | | 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, |
407 | | 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, |
408 | | 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, |
409 | | 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, |
410 | | 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, |
411 | | 121, 121, 122, 122, 124, 124, 127, 127, 128, 128, 131, 131, 133, 133, 134, |
412 | | 134, 137, 137, 138, 138, 140, 140, 143, 143, 145, 145, 146, 146, 148, 148, |
413 | | 151, 151, 152, 152, 155, 155, 157, 157, 158, 158, 161, 161, 162, 162, 164, |
414 | | 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174, 176, 176, 179, 179, |
415 | | 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191, 193, 193, 194, |
416 | | 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206, 208, 208, |
417 | | 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223, 224, |
418 | | 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239, |
419 | | 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, |
420 | | 254 |
421 | | }; |
422 | | |
423 | 0 | void DES_set_odd_parity(DES_cblock *key) { |
424 | 0 | unsigned i; |
425 | |
|
426 | 0 | for (i = 0; i < DES_KEY_SZ; i++) { |
427 | 0 | key->bytes[i] = kOddParity[key->bytes[i]]; |
428 | 0 | } |
429 | 0 | } |
430 | | |
431 | | static void DES_encrypt1(uint32_t data[2], const DES_key_schedule *ks, |
432 | 0 | int enc) { |
433 | 0 | uint32_t l, r, t, u; |
434 | |
|
435 | 0 | r = data[0]; |
436 | 0 | l = data[1]; |
437 | |
|
438 | 0 | IP(r, l); |
439 | | // Things have been modified so that the initial rotate is done outside |
440 | | // the loop. This required the DES_SPtrans values in sp.h to be |
441 | | // rotated 1 bit to the right. One perl script later and things have a |
442 | | // 5% speed up on a sparc2. Thanks to Richard Outerbridge |
443 | | // <71755.204@CompuServe.COM> for pointing this out. |
444 | | // clear the top bits on machines with 8byte longs |
445 | | // shift left by 2 |
446 | 0 | r = CRYPTO_rotr_u32(r, 29); |
447 | 0 | l = CRYPTO_rotr_u32(l, 29); |
448 | | |
449 | | // I don't know if it is worth the effort of loop unrolling the |
450 | | // inner loop |
451 | 0 | if (enc) { |
452 | 0 | D_ENCRYPT(ks, l, r, 0); |
453 | 0 | D_ENCRYPT(ks, r, l, 1); |
454 | 0 | D_ENCRYPT(ks, l, r, 2); |
455 | 0 | D_ENCRYPT(ks, r, l, 3); |
456 | 0 | D_ENCRYPT(ks, l, r, 4); |
457 | 0 | D_ENCRYPT(ks, r, l, 5); |
458 | 0 | D_ENCRYPT(ks, l, r, 6); |
459 | 0 | D_ENCRYPT(ks, r, l, 7); |
460 | 0 | D_ENCRYPT(ks, l, r, 8); |
461 | 0 | D_ENCRYPT(ks, r, l, 9); |
462 | 0 | D_ENCRYPT(ks, l, r, 10); |
463 | 0 | D_ENCRYPT(ks, r, l, 11); |
464 | 0 | D_ENCRYPT(ks, l, r, 12); |
465 | 0 | D_ENCRYPT(ks, r, l, 13); |
466 | 0 | D_ENCRYPT(ks, l, r, 14); |
467 | 0 | D_ENCRYPT(ks, r, l, 15); |
468 | 0 | } else { |
469 | 0 | D_ENCRYPT(ks, l, r, 15); |
470 | 0 | D_ENCRYPT(ks, r, l, 14); |
471 | 0 | D_ENCRYPT(ks, l, r, 13); |
472 | 0 | D_ENCRYPT(ks, r, l, 12); |
473 | 0 | D_ENCRYPT(ks, l, r, 11); |
474 | 0 | D_ENCRYPT(ks, r, l, 10); |
475 | 0 | D_ENCRYPT(ks, l, r, 9); |
476 | 0 | D_ENCRYPT(ks, r, l, 8); |
477 | 0 | D_ENCRYPT(ks, l, r, 7); |
478 | 0 | D_ENCRYPT(ks, r, l, 6); |
479 | 0 | D_ENCRYPT(ks, l, r, 5); |
480 | 0 | D_ENCRYPT(ks, r, l, 4); |
481 | 0 | D_ENCRYPT(ks, l, r, 3); |
482 | 0 | D_ENCRYPT(ks, r, l, 2); |
483 | 0 | D_ENCRYPT(ks, l, r, 1); |
484 | 0 | D_ENCRYPT(ks, r, l, 0); |
485 | 0 | } |
486 | | |
487 | | // rotate and clear the top bits on machines with 8byte longs |
488 | 0 | l = CRYPTO_rotr_u32(l, 3); |
489 | 0 | r = CRYPTO_rotr_u32(r, 3); |
490 | |
|
491 | 0 | FP(r, l); |
492 | 0 | data[0] = l; |
493 | 0 | data[1] = r; |
494 | 0 | } |
495 | | |
496 | | static void DES_encrypt2(uint32_t data[2], const DES_key_schedule *ks, |
497 | 119k | int enc) { |
498 | 119k | uint32_t l, r, t, u; |
499 | | |
500 | 119k | r = data[0]; |
501 | 119k | l = data[1]; |
502 | | |
503 | | // Things have been modified so that the initial rotate is done outside the |
504 | | // loop. This required the DES_SPtrans values in sp.h to be rotated 1 bit to |
505 | | // the right. One perl script later and things have a 5% speed up on a |
506 | | // sparc2. Thanks to Richard Outerbridge <71755.204@CompuServe.COM> for |
507 | | // pointing this out. |
508 | | // clear the top bits on machines with 8byte longs |
509 | 119k | r = CRYPTO_rotr_u32(r, 29); |
510 | 119k | l = CRYPTO_rotr_u32(l, 29); |
511 | | |
512 | | // I don't know if it is worth the effort of loop unrolling the |
513 | | // inner loop |
514 | 119k | if (enc) { |
515 | 50.7k | D_ENCRYPT(ks, l, r, 0); |
516 | 50.7k | D_ENCRYPT(ks, r, l, 1); |
517 | 50.7k | D_ENCRYPT(ks, l, r, 2); |
518 | 50.7k | D_ENCRYPT(ks, r, l, 3); |
519 | 50.7k | D_ENCRYPT(ks, l, r, 4); |
520 | 50.7k | D_ENCRYPT(ks, r, l, 5); |
521 | 50.7k | D_ENCRYPT(ks, l, r, 6); |
522 | 50.7k | D_ENCRYPT(ks, r, l, 7); |
523 | 50.7k | D_ENCRYPT(ks, l, r, 8); |
524 | 50.7k | D_ENCRYPT(ks, r, l, 9); |
525 | 50.7k | D_ENCRYPT(ks, l, r, 10); |
526 | 50.7k | D_ENCRYPT(ks, r, l, 11); |
527 | 50.7k | D_ENCRYPT(ks, l, r, 12); |
528 | 50.7k | D_ENCRYPT(ks, r, l, 13); |
529 | 50.7k | D_ENCRYPT(ks, l, r, 14); |
530 | 50.7k | D_ENCRYPT(ks, r, l, 15); |
531 | 68.8k | } else { |
532 | 68.8k | D_ENCRYPT(ks, l, r, 15); |
533 | 68.8k | D_ENCRYPT(ks, r, l, 14); |
534 | 68.8k | D_ENCRYPT(ks, l, r, 13); |
535 | 68.8k | D_ENCRYPT(ks, r, l, 12); |
536 | 68.8k | D_ENCRYPT(ks, l, r, 11); |
537 | 68.8k | D_ENCRYPT(ks, r, l, 10); |
538 | 68.8k | D_ENCRYPT(ks, l, r, 9); |
539 | 68.8k | D_ENCRYPT(ks, r, l, 8); |
540 | 68.8k | D_ENCRYPT(ks, l, r, 7); |
541 | 68.8k | D_ENCRYPT(ks, r, l, 6); |
542 | 68.8k | D_ENCRYPT(ks, l, r, 5); |
543 | 68.8k | D_ENCRYPT(ks, r, l, 4); |
544 | 68.8k | D_ENCRYPT(ks, l, r, 3); |
545 | 68.8k | D_ENCRYPT(ks, r, l, 2); |
546 | 68.8k | D_ENCRYPT(ks, l, r, 1); |
547 | 68.8k | D_ENCRYPT(ks, r, l, 0); |
548 | 68.8k | } |
549 | | // rotate and clear the top bits on machines with 8byte longs |
550 | 119k | data[0] = CRYPTO_rotr_u32(l, 3); |
551 | 119k | data[1] = CRYPTO_rotr_u32(r, 3); |
552 | 119k | } |
553 | | |
554 | | void bssl::DES_encrypt3(uint32_t data[2], const DES_key_schedule *ks1, |
555 | | const DES_key_schedule *ks2, |
556 | 10.8k | const DES_key_schedule *ks3) { |
557 | 10.8k | uint32_t l, r; |
558 | | |
559 | 10.8k | l = data[0]; |
560 | 10.8k | r = data[1]; |
561 | 10.8k | IP(l, r); |
562 | 10.8k | data[0] = l; |
563 | 10.8k | data[1] = r; |
564 | 10.8k | DES_encrypt2(data, ks1, DES_ENCRYPT); |
565 | 10.8k | DES_encrypt2(data, ks2, DES_DECRYPT); |
566 | 10.8k | DES_encrypt2(data, ks3, DES_ENCRYPT); |
567 | 10.8k | l = data[0]; |
568 | 10.8k | r = data[1]; |
569 | 10.8k | FP(r, l); |
570 | 10.8k | data[0] = l; |
571 | 10.8k | data[1] = r; |
572 | 10.8k | } |
573 | | |
574 | | void bssl::DES_decrypt3(uint32_t data[2], const DES_key_schedule *ks1, |
575 | | const DES_key_schedule *ks2, |
576 | 29.0k | const DES_key_schedule *ks3) { |
577 | 29.0k | uint32_t l, r; |
578 | | |
579 | 29.0k | l = data[0]; |
580 | 29.0k | r = data[1]; |
581 | 29.0k | IP(l, r); |
582 | 29.0k | data[0] = l; |
583 | 29.0k | data[1] = r; |
584 | 29.0k | DES_encrypt2(data, ks3, DES_DECRYPT); |
585 | 29.0k | DES_encrypt2(data, ks2, DES_ENCRYPT); |
586 | 29.0k | DES_encrypt2(data, ks1, DES_DECRYPT); |
587 | 29.0k | l = data[0]; |
588 | 29.0k | r = data[1]; |
589 | 29.0k | FP(r, l); |
590 | 29.0k | data[0] = l; |
591 | 29.0k | data[1] = r; |
592 | 29.0k | } |
593 | | |
594 | | void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block, |
595 | 0 | const DES_key_schedule *schedule, int is_encrypt) { |
596 | 0 | DES_ecb_encrypt_ex(in_block->bytes, out_block->bytes, schedule, is_encrypt); |
597 | 0 | } |
598 | | |
599 | | void bssl::DES_ecb_encrypt_ex(const uint8_t in[8], uint8_t out[8], |
600 | | const DES_key_schedule *schedule, |
601 | 0 | int is_encrypt) { |
602 | 0 | uint32_t ll[2]; |
603 | 0 | ll[0] = CRYPTO_load_u32_le(in); |
604 | 0 | ll[1] = CRYPTO_load_u32_le(in + 4); |
605 | 0 | DES_encrypt1(ll, schedule, is_encrypt); |
606 | 0 | CRYPTO_store_u32_le(out, ll[0]); |
607 | 0 | CRYPTO_store_u32_le(out + 4, ll[1]); |
608 | 0 | } |
609 | | |
610 | | void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
611 | | const DES_key_schedule *schedule, DES_cblock *ivec, |
612 | 0 | int enc) { |
613 | 0 | DES_ncbc_encrypt_ex(in, out, len, schedule, ivec->bytes, enc); |
614 | 0 | } |
615 | | |
616 | | void bssl::DES_ncbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len, |
617 | | const DES_key_schedule *schedule, |
618 | 0 | uint8_t ivec[8], int enc) { |
619 | 0 | uint32_t tin0, tin1; |
620 | 0 | uint32_t tout0, tout1, xor0, xor1; |
621 | 0 | uint32_t tin[2]; |
622 | 0 | unsigned char *iv; |
623 | 0 | assert(len % 8 == 0); |
624 | | |
625 | 0 | iv = ivec; |
626 | |
|
627 | 0 | if (enc) { |
628 | 0 | c2l(iv, tout0); |
629 | 0 | c2l(iv, tout1); |
630 | 0 | for (; len >= 8; len -= 8) { |
631 | 0 | c2l(in, tin0); |
632 | 0 | c2l(in, tin1); |
633 | 0 | tin0 ^= tout0; |
634 | 0 | tin[0] = tin0; |
635 | 0 | tin1 ^= tout1; |
636 | 0 | tin[1] = tin1; |
637 | 0 | DES_encrypt1(tin, schedule, DES_ENCRYPT); |
638 | 0 | tout0 = tin[0]; |
639 | 0 | l2c(tout0, out); |
640 | 0 | tout1 = tin[1]; |
641 | 0 | l2c(tout1, out); |
642 | 0 | } |
643 | 0 | if (len != 0) { |
644 | 0 | c2ln(in, tin0, tin1, len); |
645 | 0 | tin0 ^= tout0; |
646 | 0 | tin[0] = tin0; |
647 | 0 | tin1 ^= tout1; |
648 | 0 | tin[1] = tin1; |
649 | 0 | DES_encrypt1(tin, schedule, DES_ENCRYPT); |
650 | 0 | tout0 = tin[0]; |
651 | 0 | l2c(tout0, out); |
652 | 0 | tout1 = tin[1]; |
653 | 0 | l2c(tout1, out); |
654 | 0 | } |
655 | 0 | iv = ivec; |
656 | 0 | l2c(tout0, iv); |
657 | 0 | l2c(tout1, iv); |
658 | 0 | } else { |
659 | 0 | c2l(iv, xor0); |
660 | 0 | c2l(iv, xor1); |
661 | 0 | for (; len >= 8; len -= 8) { |
662 | 0 | c2l(in, tin0); |
663 | 0 | tin[0] = tin0; |
664 | 0 | c2l(in, tin1); |
665 | 0 | tin[1] = tin1; |
666 | 0 | DES_encrypt1(tin, schedule, DES_DECRYPT); |
667 | 0 | tout0 = tin[0] ^ xor0; |
668 | 0 | tout1 = tin[1] ^ xor1; |
669 | 0 | l2c(tout0, out); |
670 | 0 | l2c(tout1, out); |
671 | 0 | xor0 = tin0; |
672 | 0 | xor1 = tin1; |
673 | 0 | } |
674 | 0 | if (len != 0) { |
675 | 0 | c2l(in, tin0); |
676 | 0 | tin[0] = tin0; |
677 | 0 | c2l(in, tin1); |
678 | 0 | tin[1] = tin1; |
679 | 0 | DES_encrypt1(tin, schedule, DES_DECRYPT); |
680 | 0 | tout0 = tin[0] ^ xor0; |
681 | 0 | tout1 = tin[1] ^ xor1; |
682 | 0 | l2cn(tout0, tout1, out, len); |
683 | 0 | xor0 = tin0; |
684 | 0 | xor1 = tin1; |
685 | 0 | } |
686 | 0 | iv = ivec; |
687 | 0 | l2c(xor0, iv); |
688 | 0 | l2c(xor1, iv); |
689 | 0 | } |
690 | 0 | tin[0] = tin[1] = 0; |
691 | 0 | } |
692 | | |
693 | | void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output, |
694 | | const DES_key_schedule *ks1, const DES_key_schedule *ks2, |
695 | 0 | const DES_key_schedule *ks3, int enc) { |
696 | 0 | DES_ecb3_encrypt_ex(input->bytes, output->bytes, ks1, ks2, ks3, enc); |
697 | 0 | } |
698 | | |
699 | | void bssl::DES_ecb3_encrypt_ex(const uint8_t in[8], uint8_t out[8], |
700 | | const DES_key_schedule *ks1, |
701 | | const DES_key_schedule *ks2, |
702 | 0 | const DES_key_schedule *ks3, int enc) { |
703 | 0 | uint32_t ll[2]; |
704 | 0 | ll[0] = CRYPTO_load_u32_le(in); |
705 | 0 | ll[1] = CRYPTO_load_u32_le(in + 4); |
706 | 0 | if (enc) { |
707 | 0 | DES_encrypt3(ll, ks1, ks2, ks3); |
708 | 0 | } else { |
709 | 0 | DES_decrypt3(ll, ks1, ks2, ks3); |
710 | 0 | } |
711 | 0 | CRYPTO_store_u32_le(out, ll[0]); |
712 | 0 | CRYPTO_store_u32_le(out + 4, ll[1]); |
713 | 0 | } |
714 | | |
715 | | void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
716 | | const DES_key_schedule *ks1, |
717 | | const DES_key_schedule *ks2, |
718 | | const DES_key_schedule *ks3, DES_cblock *ivec, |
719 | 0 | int enc) { |
720 | 0 | DES_ede3_cbc_encrypt_ex(in, out, len, ks1, ks2, ks3, ivec->bytes, enc); |
721 | 0 | } |
722 | | |
723 | | void bssl::DES_ede3_cbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len, |
724 | | const DES_key_schedule *ks1, |
725 | | const DES_key_schedule *ks2, |
726 | | const DES_key_schedule *ks3, uint8_t ivec[8], |
727 | 2.19k | int enc) { |
728 | 2.19k | uint32_t tin0, tin1; |
729 | 2.19k | uint32_t tout0, tout1, xor0, xor1; |
730 | 2.19k | uint32_t tin[2]; |
731 | 2.19k | uint8_t *iv; |
732 | 2.19k | assert(len % 8 == 0); |
733 | | |
734 | 2.19k | iv = ivec; |
735 | | |
736 | 2.19k | if (enc) { |
737 | 2.02k | c2l(iv, tout0); |
738 | 2.02k | c2l(iv, tout1); |
739 | 12.8k | for (; len >= 8; len -= 8) { |
740 | 10.8k | c2l(in, tin0); |
741 | 10.8k | c2l(in, tin1); |
742 | 10.8k | tin0 ^= tout0; |
743 | 10.8k | tin1 ^= tout1; |
744 | | |
745 | 10.8k | tin[0] = tin0; |
746 | 10.8k | tin[1] = tin1; |
747 | 10.8k | DES_encrypt3(tin, ks1, ks2, ks3); |
748 | 10.8k | tout0 = tin[0]; |
749 | 10.8k | tout1 = tin[1]; |
750 | | |
751 | 10.8k | l2c(tout0, out); |
752 | 10.8k | l2c(tout1, out); |
753 | 10.8k | } |
754 | 2.02k | if (len != 0) { |
755 | 0 | c2ln(in, tin0, tin1, len); |
756 | 0 | tin0 ^= tout0; |
757 | 0 | tin1 ^= tout1; |
758 | |
|
759 | 0 | tin[0] = tin0; |
760 | 0 | tin[1] = tin1; |
761 | 0 | DES_encrypt3(tin, ks1, ks2, ks3); |
762 | 0 | tout0 = tin[0]; |
763 | 0 | tout1 = tin[1]; |
764 | |
|
765 | 0 | l2c(tout0, out); |
766 | 0 | l2c(tout1, out); |
767 | 0 | } |
768 | 2.02k | iv = ivec; |
769 | 2.02k | l2c(tout0, iv); |
770 | 2.02k | l2c(tout1, iv); |
771 | 2.02k | } else { |
772 | 172 | uint32_t t0, t1; |
773 | | |
774 | 172 | c2l(iv, xor0); |
775 | 172 | c2l(iv, xor1); |
776 | 29.1k | for (; len >= 8; len -= 8) { |
777 | 29.0k | c2l(in, tin0); |
778 | 29.0k | c2l(in, tin1); |
779 | | |
780 | 29.0k | t0 = tin0; |
781 | 29.0k | t1 = tin1; |
782 | | |
783 | 29.0k | tin[0] = tin0; |
784 | 29.0k | tin[1] = tin1; |
785 | 29.0k | DES_decrypt3(tin, ks1, ks2, ks3); |
786 | 29.0k | tout0 = tin[0]; |
787 | 29.0k | tout1 = tin[1]; |
788 | | |
789 | 29.0k | tout0 ^= xor0; |
790 | 29.0k | tout1 ^= xor1; |
791 | 29.0k | l2c(tout0, out); |
792 | 29.0k | l2c(tout1, out); |
793 | 29.0k | xor0 = t0; |
794 | 29.0k | xor1 = t1; |
795 | 29.0k | } |
796 | 172 | if (len != 0) { |
797 | 0 | c2l(in, tin0); |
798 | 0 | c2l(in, tin1); |
799 | |
|
800 | 0 | t0 = tin0; |
801 | 0 | t1 = tin1; |
802 | |
|
803 | 0 | tin[0] = tin0; |
804 | 0 | tin[1] = tin1; |
805 | 0 | DES_decrypt3(tin, ks1, ks2, ks3); |
806 | 0 | tout0 = tin[0]; |
807 | 0 | tout1 = tin[1]; |
808 | |
|
809 | 0 | tout0 ^= xor0; |
810 | 0 | tout1 ^= xor1; |
811 | 0 | l2cn(tout0, tout1, out, len); |
812 | 0 | xor0 = t0; |
813 | 0 | xor1 = t1; |
814 | 0 | } |
815 | | |
816 | 172 | iv = ivec; |
817 | 172 | l2c(xor0, iv); |
818 | 172 | l2c(xor1, iv); |
819 | 172 | } |
820 | | |
821 | 2.19k | tin[0] = tin[1] = 0; |
822 | 2.19k | } |
823 | | |
824 | | void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, |
825 | | const DES_key_schedule *ks1, |
826 | | const DES_key_schedule *ks2, |
827 | | DES_cblock *ivec, |
828 | 0 | int enc) { |
829 | 0 | DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc); |
830 | 0 | } |
831 | | |
832 | | |
833 | | // Deprecated functions. |
834 | | |
835 | 0 | void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) { |
836 | 0 | DES_set_key(key, schedule); |
837 | 0 | } |